Help ! adware SearchCounter fntldr.exe

Discussion in 'Trading Software' started by Kicking, Dec 31, 2003.

  1. I got this pest a couple days ago. It only hijacks your homepage and cause pop up windows but it is a nightmare, I just can't get rid of it. I followed the steps to remove all (or I think most files) on the Symantec website http://securityresponse.symantec.com/avcenter/venc/data/adware.searchcounter.html

    First I removed the executable (fntldr.exe) which causes an error message at start up. After resetting the registry entries for IE and restarting the PC I no longer get the 'Coolsearch" homepage , however the next day all the changes I made manually in the registry are reversed and my homepage is redirected to Coolsearch again. I cleaned the cache and history so I could not go to the infected website . I ran Pest Patrol but I could not see any file that appeared related.

    People who design such adware are the scum of the earth, if only I could find the company details I would send them some very nasty stuff :mad:
     
  2. newtoet

    newtoet

  3. Banjo

    Banjo

  4. Well this is obviously something very difficult to remove even for people a lot more knowledgeable than me. None of the anti spyware program can get rid of it and I don't undersatnd the more advanced instructions given on some other forums. So maybe I should just live with it (and change my homepage at startup) or reinstall IE.6 . Do I have to uninstall it or can I just update/download the newest version on top of the one I have (which I think is the latest)? I will try the fix suggested in the thread above though.
     
  5. newtoet

    newtoet

    Sorry spybot does not work for you - did you do a Google search and sift through the results? There is bound to be someone who knows how to fix the problem...
     
  6. There should be some sort of recourse that could be metered out to these folks. Try CWShredder. Go here:

    http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder

    This has been the answer for me in the past. Make sure you update (latest version) it too. Hope this helps. :)
     
  7. I followed the instructions given by this guy on dell.com I went back to the registry and did not find what he found but found a adware.searchcounter file that wouldn't show when running a search, and also another fntldr.exe file . I deleted those. Hopefully tomorrow no hijack of my homepage anymore, and I can say Adios searchcounter f*ckers!

    " had the same problem with this adware too. I have spybot installed –it’s a great program- but didn’t removed the adware so I did a little of registry editing by myself to remove the adware. CAUTION !!! If you are unfamiliar with regedit don’t do it unless you are very very sure. Always save your registry before you make any changes.

    Symantec helped with the registry until one point but I didn’t remove the adware.

    Go to http://www.symantec.com/avcenter/venc/data/adware.searchcounter.html

    and do excactly what they say.

    This is how Symantec says the adware will be removed but….. THE ADWARE STILL KEEPS COMING BACK ….

    So I did some investigation by myself and came up with this:

    I thought that this adware must have an .exe file somewhere and run every time I run my IE so I searched in the registry and my computer and found that it creates an .exe in the windows path like this: (maybe the value changes) 73A08744BE78_4C68_91E8_AE13955031AE.exe

    and it was run in the registry:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU

    a=

    b=tips.ini

    c=hh.htt

    d=hh.htt

    e=hosts

    f=fntr*.*

    g=*.exe

    h=73A08744BE78_4C68_91E8_AE13955031AE.exe

    MRUList=hgfaedcb

    Just delete the values.

    The same in HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU

    Write your .exe file which is shown in the registry find it your computer and delete it too.

    This worked for me and until now the adware did not come back."

    PLEASE BE VERY CAREFUL WITH WHAT YOU ARE DOING. I WILL BE NOT RESPONSIBLE IF YOU DO ANY DAMAGE IN YOUR COMPUTER.
     
  8. This sh*t is still hijacking my homepage. All the changes in the registry were reversed again except for the .exe file that I found yesterday. That one is gone along with the adware. searchcounter file.
     
  9. I found a new fntldr.exe and another fastsearch and coolsearch files in the registry HKEY\USERS\.... I thought I had deleted that , although I don't recall seeing them all at the same place.
     
    #10     Jan 1, 2004