Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Wednesday, August 10, 2011

Remove 100ksearches.com (Uninstall Guide)

Tell your friends:
100ksearches.com is a search engine that returns very limited and usually paid search results or redirects users to online pharmacies, adult websites and other completely unrelated web pages. Recently, there has been an increasing number of requests regarding this search engine/redirect problem. Internet Explorer, Mozilla Firefox and some other web browsers are very often but not always redirected to www.100ksearches.com whenever you click on any of the search results. So, if your Google, Bing and other search results are hijacked to 100ksearches, your computer is infected with a Trojan horse or rootkit, probably a variant of Rootkit.Win32.ZAccess. This rootkit can slow your computer down and block legitimate programs including antivirus software and malware scanners. Users usually get the following error message:
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.
Hopefully, you scan use TDSSKiller from Kaspersky Lab to remove the rootkit from your computer and then fix the 100ksearches.com redirect problem properly. To remove the 100ksearches.com hijacker from your computer, please follow the steps in the removal guide below. If you have any questions or need help removing this annoying browser hijackers, leave a comment below. Good luck and be safe online!



Other helpful resources: Remove Google redirect virus


100ksearches.com removal instructions

1. Download TDSSKiller and run it. Click Start scan.



2. Click Continue to remove found infections.



3. Reboot your computer to completely remove found malware.



4. Download free anti-malware software from the list below and run a full system scan.
NOTE: With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.


Associated 100ksearches.com files and registry values:

Files:
  • C:\Windows\system32\consrv.dll
  • C:\Windows\system32\DRIVERS\mrxsmb.sys
Registry values:
  • SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
Share this information with your friends:

8 comments:

Anonymous said...

What about these two files:

C:\Windows\system32\DRIVERS\mrxsmb10.sys
C:\Windows\system32\DRIVERS\mrxsmb20.sys

Also, when I try to delete C:\Windows\system32\consrv.dll manually it says I need permission from Trusted Installer to make changes to this file

Admin said...

Well, I'm afraid you can't delete it manually. Use TDSSKiller. Not sure about those two files, you should upload them to virustotal.com.

Anonymous said...

actually tdsskiller is always autoclosed..

Anonymous said...

^yeah it does. TDSSKiller auto-closes before the scan is actually complete.

Admin said...

Then there's definitely a rootkit on your computer. You can use rootkit removal tool from Norton. It works slightly different but removes rootkits as good as TDSSKiller. Download link:

http://www.symantec.com/security_response/writeup.jsp?docid=2010-090608-3309-99

Anonymous said...

I followed the instrudctions, but I still get re-directed to 100Ksearches. I'm able to run TDSSKiller, but I'm NOT able to run Malwarebytes afterwards...it auto-closes.

MMA said...

I too have tried just about everything. All antivirus programs auto close and no log file programs work. It gives me the permissions error once the program closes for the first time. Anyone have any luck? I will give you my email if so.

Anonymous said...

Yes. Go to bleeping computer and download the combofix program here: http://www.bleepingcomputer.com/download/anti-virus/combofix
Follow all the directions. This is the only thing that worked for me after trying everything else.