PC Support Guide:  Parasites > Hijacker >

Lookfor.cc

Previous pageReturn to chapter overviewNext page

Here's another example of the many variants of the Coolwebsearch homepage hijacker. It changes your homepage to res://mshp.dll/index.html#10213. Although using the normal steps to remove one of the many variants of coolwebsearch should remove it, it appears this variant is also part of a trojan virus called TROJ_IEFEATS.A . Because of this I have modified these directions to include instructions for removing the possible trojan as well as the homepage hijacker.

 

How to Remove Lookfor.cc homepage hijacker and IEFEATS.A trojan

1) Start Windows in Safe Mode by pressing F8 as the computer is booting and choosing Safe Mode

 

2) Remove the Registry entries

Click on Start, Run, Regedit
In the left panel go to

 

HKEY_CURRENT_USER>Software>Microsoft>Windows>Current Version>Runonce

 

In the right panel, right-click and delete the following entry (if it exists)

 

iefeats1Update = "rundll32 <path to virus>\iefeats1.dll,UpdateDlls"

 

Close the Registry Editor

 

3) Delete the infected files (for Windows ME and XP remember to turn off System Restore before searching for and deleting these files to remove infected backed up files as well)

Click Start, point to Find or Search, and then click Files or Folders.
Make sure that "Look in" is set to (C:\WINDOWS).
In the "Named" or "Search for..." box, type, or copy and paste, the file names:

 

IEFEATSL.DLL

MSIESH.DLL

SUBMITHOOK.DLL

UNINSTALL.EXE

UNINSTALL.INI

MSHP.DLL

 

Click Find Now or Search Now.
Delete the displayed files.

 

4) Reset Internet Explorer Homepage and Search Page

Close all Internet Explorer windows.
Open Control Panel. Click Start>Settings>Control Panel.
Double-click the Internet Options icon.
In the Internet Properties window, click the Programs tab.
Click the “Reset Web Settings…” button.
Select “Also reset my home page.” Click Yes.
Click OK.

 

4) Reboot the computer and download and run CWShredder.

 

5) Run a thorough virus scan

 

Previous page - Chapter overview - Next page

 

Page url: http://www.tje.net/PCSupport/index.html?lookfor_cc.htm
Page content was last updated: 10/6/2008



Website designed and created by TJ Elias - Houston, Texas
090424 * Copyright(c) 1996-2009 TJ Elias