Ah! Positive ID: this site lists the BHO with the class ID you’ve got (the long string after it says “(no name)”) as being a parasite called ClientMan. This page has some suggestions for removal (although removing the related BHO in HijackThis is a good start). It sounds like you’ve got either the Tagger or 2in1 version, judging by your description of its behaviour.
Nothing is working.
-
Spybot Advanced Mode has a way to toggle off any BHO. I toggled off the mshkof.dll BHO. It didn’t help. It’s probably from ClientMan anyway, which has ceased showing up in Spybot/Adaware searches, which means it’s off, but it left its BHO behind.
-
I have uninstalled the Google Toolbar. It didn’t help. And now I am getting a popup for the Free 2020 Search Bar***** every time I do a Google search, in addition to having to look at a page of Google’s Evil Twin search results.
-
I have sent two e-mails to Google, one to the webmaster and one to Toolbar support, with no response yet.
-
Spybot and Adaware are both giving me consistent cheerful messages to the effect that there’s no spyware on my system.
I’m open to suggestions. Meanwhile I’m just using Google Canada.
[makes mental note to go learn at least the first verse to “Oh Canada” in gratitude]
Yeah, right. :rolleyes: Like I’m gonna download any of that…
Please do not suggest that I simply switch to a different browser.–Given the amount of trouble you’re having with this, are you really sure you don’t want to try another browser? It’s your decision, but there’s got to be a point where the effort to keep IE clean is greater than the effort to install and learn a new browser.
I keep seeing threads of people whose computers have been hijacked like this but nobody says what they did to get it hijacked and I am very curious because in years of unprotected browsing it has never happened to me. I have no anti-virus or any other anti-hijack program. I just configure my browser tight and use common sense. I have never got a virus or any other crap.
Can someone explain to me exactly what steps you did to get this crap?
I am just curious to know if I am walking in a mine field unprotected and have just been lucky so far.
You been very, very lucky.
I had never had a problem until one day about two months ago. I was searching on Google, I clicked on one of the sites. WHAM! I was hit with popups, pages were opening continuously, my homepage had been hijacked… my browser had become useless. I had to run Ad-aware and Spybot both to clear my machine. They found 75 dialers, spy-ware and other junk that had been installed from clicking on that one site! I had been running Spybot and Ad-aware about once a month before and they never found anything.
BTW… besides Ad-aware and Spybot I run AVG anti virus, Mailwasher and Zonealarm (and I’m behind my router). In this day and time it is only using common sense to have protection… especially since it’s all FREE!
I still don’t get it. I have had more problems with anti-virus software than anything else . My browser has ActiveX and Java disabled (except for trusted sites). Can you explain to me how a website can hijack my computer? I am truly curious and would welcome a link to such a web page (with appropriate warning, obviously).
BTW, I borwse plenty of porn sites which seem to be the worst offenders. I never got any diseases from them.
As I’m sure you’re aware, you answered your own question 
YOU can’t. However, that puts you in a very small minority of IE users. I wouldn’t be surprised to learn that 90% of IE users have ActiveX, Java, Jscript, vbscript, etc, enabled on their systems, which leave them open to hijacking
DDG:
Here is Spyware Guide’s info on 2020Search, and how to manually remove it. Don’t know if you’ve tried the steps listed on the page I linked or not, but it’s worth a shot.
critter42
I know, you don’t want to hear it. For those who are willing to listen, just a little, though: Mozilla Firefox (or Firebird, or Firefly, or FireHiOpal) is a great browser that has all the functionality of MSIE, comes with a built-in pop-up blocker, a Google search bar, and can be customized to include
- mouse gestures
- tabbed browsing
- ad-blocking functionality that works
- an IRC client
- Tetris
- Minesweeper
- Solitaire
and way more. I was skeptical, but MSIE was ruining my browsing experience. If you’re security-conscious, but don’t like the idea of cookies flooding onto your machine or pop-ups flying all over the place, try Mozilla for a week with its tabbed browsing extensions. No other software is necessary, but Spybot and Ad-Aware are still good ideas. If you’re not convinced it’s the better browser, switch back – but please don’t dismiss it out of hand because you “don’t want the hassle”. It took me maybe an hour to install and customize it with all the extensions I wanted, and has given me trouble-free operation for three months now.
Dude, I wish I knew.
All that happened was, I was doing Internet in the wee hours Sunday morning. No porn sites, no downloading weird stuff. The Unaboard, mostly. The Dope. Fathom. CNN.com. The Beeb online. Sites like that, sites I have always visited with no problems. And looking stuff up on Google (“lyrics old man river”), and Google worked fine, no malware hijack (that post where I needed the lyrics to “Old Man River” is dated 4-18-04 1:03 a.m., and I’d have noticed a Google hijack. So it was working fine then.) And I suppose I visited some miscellaneous sites, too, what with browsing and Googling and whatnot, but I certainly never, ever click on “Download this”. And I know all about the tricksy gray official-looking message windows that Gator and Bonzi Buddy give you, tryin’ to getcha to click on “Okay”. I never do that, I never go there. I learned the hard way years ago.
And we do not have Kazaa or any of the other notorious “bundlers” installed on our system.
And the Better Half looked at his handheld forums before church Sunday, as usual.
And then after lunch Sunday my daughter sat down to do computer, and wanted the lyrics to “Numb” for some vitally important AIM conversation she was having, and suddenly it was, “Mommmm!! The computer’s being stupid again!”
And it was this totally weird, new, strange, malware Google hijack that neither Spybot nor Adaware would get rid of. I spent most of Sunday afternoon screwing around with it.
It came by itself, like The Blob. Nobody downloaded anything, or visited anything, or clicked on anything. It just appeared, shirttailed off some Internet website. Or maybe it just picked us off a list somewhere, I dunno.
If I had to guess, I’d say that she must have accidentally clicked “Yes” on something while she was sitting there looking for the lyrics to “Numb”, except that she’s practically-14 and has also learned the hard way to be very, very careful what she clicks on. But she does tend to be very impatient, so I could see her clicking impatiently on some odd popup to get it to “go away”.
Anyway, I got a response from Google Toolbar Support.
Fine. :rolleyes: I’ll download Spybot and Adaware now, shall I?
I’d suggest you run another hijackthis log and post it at http://www.spywareinfo.com along with a description of the problem. You should get an answer from there.