| Search42 Removal | 
| by steamwiz | |
| January 15, 2006 | |
| Search42 is a variant of the Virtumonde (Vundo) web browser hijacker. This nasty trojan can be removed by following the steps below: Note: You should print out these directions before continuing, as you will need to reboot your computer. Remove Search42Step 1: HijackThisDownload and run HijackThis. Our HijackThis tutorial will get you through that part. Once you have run it and created a log file, return to these instructions. 
 Step 2: Examine HijackThis LogNext, look at the log file that HijackThis created and look for entries similar to this: 
 Step 3: VundoFixPlease download VundoFix.exe to your desktop: http://www.atribune.org/downloads/VundoFix.exe  Step 4: Reboot into safe modeIf you're not sure of how to get into safe mode, click here for instructions.  Step 5: KillVundo.batNow that you are in safe mode, open the VundoFix folder on your desktop and double-click on KillVundo.bat  
 Press Enter. Next it will ask you for the filename - enter in the exact filename you wrote down in Step 2, i.e. C:\WINDOWS\repair\srvdisk.dll (as shown in the O2 & O20 entries in YOUR HijackThis log file) 
 Press Enter. It will now ask you for a second filename.  Please type the following file path (make sure to enter it exactly as below)  REMEMBER...(This is the entry as shown in the O2 & O20 entries in YOUR hijackthis ... spelled backwards) Press Enter. The fix will run, then HijackThis will open. 
 Step 6: HijackThisIn Hijackthis, please place a check next to the following item(s) and click FIX CHECKED : (Again, replace srvdisk.dll with whatever you found in Step 2)  
 Step 7: CleanUp Download and install CleanUp: http://www.stevengould.org/downloads/cleanup/CleanUp40.exe  
 
 Step 8: Panda ActiveScanRun Panda ActiveScan virus scanner: http://www.pandasoftware.com/products/activescan.htm 
 Done! Your computer should now be clean of the Search42 trojan! If you want your results checked....start a new thread in the Spyware Forum. Copy the results of the ActiveScan and paste them in the new thread, along with a new Hijackthis log and the vundofix.txt file from the vundofix folder. Make sure you tell us you have run the vundofix... |