My PC has been taken over by one particularly annoying
popup/adware/spyware program called hotsearchbox.com.  Hotsearch
somehow embeds itself in the window where my Favorites folders
normally reside.  If you click on the close window box, the rogue
"search engine" takes over your entire screen.  The only way to get
rid of it is to start Task Manager and End Program.  That,
unfortunately, ends Internet Explorer as well and you must sign back
onto the internet.

I have installed Ad-Aware and run it numerous times to remove
popup/adware/spyware programs from my PC.  Ad-Aware has successfully
removed all other popups except hotsearchbox.  I have downloaded
Google Tool Bar to block further popups.  Again, very successful
except with regard to hotsearchbox.

Whenever I startup my PC, if I run regedit and go to HKEY_CURRENT USER
> Softwar > MICROSOFT > INTERNET EXPLORER I see that hotsearchbox.com
is running.  I delete it from the registry and it stays deleted until
the next time I start windows and go onto the net (at which time
hotsearchbox reappears in my registry).

What can I do to get rid of this extraordinarily annoying pest?

---

Request for Question Clarification by pinkfreud-ga on 26 Feb 2004 12:53 PST

I suggest that you download and run a program called CWShredder, which
was created by
Merijn of Spywareinfo.com. This program is effective against some of
the most tenacious hijackers. It helped me with a piece of scumware
that Ad-Aware and SpyBot wouldn't touch.

You can download CWShredder here:

http://www.merijn.org/files/CWShredder.exe 

Please try this and let me know how it works out. If this solves your
problem, I'll be pleased to post an official answer to your question.
If the problem persists, we'll keep trying.

---

Clarification of Question by nealetr-ga on 26 Feb 2004 19:35 PST

CWShredder appears to have worked.  I'm going to give it another day
before I declare victory... but so far so good.

---

Request for Question Clarification by pinkfreud-ga on 26 Feb 2004 20:17 PST

I'm glad to hear that CWShredder seems to have done the trick! Please
report back once you're certain that your unwanted guest is gone, so
that I can post my suggestion as the offical answer to your question.
Death to browser hijackers!

---

Clarification of Question by nealetr-ga on 04 Mar 2004 19:16 PST

Hotsearchbox.com is gone.  Thank you.

One linguering problem (which may or may not be associated with the
hotsearchbox issues) is as follows:

When I had the Hotsearchbox.com problem, each time I started windows
XP I would have to run Regedit and delete Hotsearchbox.com
from the HKEY_CURRENT_USER > Software > Microsoft > Internet Explorer
folder.  Otherwise it would just keep popping up during a session. 
However, it would not "stay" deleted.  Each time I would startup the PC,
Hotsearchbox.com returned.  

Now after running CWShredder,Hotsearchbox.com does not appear in my
Regedit IE folder.  However, when I run Regedit, the Regedit window
stays open for only a few seconds and autmatically closes.  I can't
keep it open no matter what I do.  Any idea if this is related to my
other problem?

---

Request for Question Clarification by pinkfreud-ga on 04 Mar 2004 19:37 PST

Hmmm.

The "Swen" worm is notorious for causing this symptom. Here's what Symantec says...

Modifies the value:

"DisableRegistryTools" = "1"

in the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System 

to prevent you from running Regedit on the computer.

http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html

I suggest that you download and run the McAfee AVERT Stinger:

http://vil.nai.com/vil/stinger/

Sometimes disinfecting one's computer is a multi-step procedure,
unfortunately. I hope we can get things cleared up for you. I've had
more than my share of resident nasties, so I can understand how
frustrated you must feel.

---

Clarification of Question by nealetr-ga on 05 Mar 2004 04:20 PST

I ran Stinger.  It found and deleted two infected files.   But when I
ran Regedit or MSconfig, the shut down after a few seconds.  Next
step?

---

Request for Question Clarification by pinkfreud-ga on 05 Mar 2004 12:03 PST

Here's a newsgroup file that describes a similar worm-related symptom.
You might want to read through these posts and see whether any of the
info therein is helpful:

http://groups.google.com/groups?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&newwindow=1&safe=off&th=70039a4057738dde&rnum=4

---

Clarification of Question by nealetr-ga on 05 Mar 2004 14:38 PST

Thank you.  You have been very helpful.  I'll keep plugging away and
let you know what if anything works.

http://www.computercops.biz/postlite20295-hotsearchbox.html this should help.

Hotsearchbox.com is the targeted hijack page for several different
hijackers. From the symptoms described, I suspect that this is the
required solution:

http://de.trendmicro-europe.com/consumer/security_info/ve_detail.php?Vname=JAVA_STARTPAGE.F

Regards,

aht-ga
Google Answers Researcher

Hotsearchbox.com is gone.  Thank you.

One linguering problem (which may or may not be associated with the
hotsearchbox issues) is as follows:

When I had the Hotsearchbox.com problem, each time I started windows
XP I would have to run Regedit and I would delete Hotsearchbox.com
from the HKEY_CURRENT_USER > Software > Microsoft > INternet Explorer
folder.  Otherwise it would just keep popping up during a session. 
However, it would not stay deleted.  Each time I would startup the PC,
Hotsearchbox.com returned.  Now after running CWShredder,
Hotsearchbox.com does not appear in my Regedit IE folder.  However,
when I run Regedit, the wondow stays open for only a few seconds and
autmatically closes.  Any idea if this is related to my other problem?