How to remove Whazit.com from home page

[arcserve2000]

Does anyone have a solution on how to remove whazit.com from Internet Explorer home page. Any site you goto this thing pops up on any screen. If anyone has had this problem, and has solved please let me know ASAP..

Thanks in Advance

 

[Lou0686]

Hi,

I found the following, hope it helps.

The whazit hijack is installed using ActiveX driveby methods from affiliate web sites. Each affiliate is paid $0.14 (USD) for each unique install. Whazit.com is registered to and operated by Windows Media Solutions Inc (no affiliation with Microsoft).

Infected machines may have their start page, search bar, search page, search assistant, customized search, and search URL reset to

http://www.whazit.com/

or home.whazit.com/. A Browser Helper Object and a toolbar are also installed. A new version also bundles and installs nCase spyware.

Prevention

The latest update of SpywareBlaster can prevent the installation of the Whazit Hijack as well as hundreds of other advertising parasites.

Removal

There is an uninstaller located at whazit.com, but testing shows that it leaves the hijack intact. As of May 30, 2003, only Lavasoft's Ad-aware targets this browser hijacker, although I'm not positive if it gets the latest variant. Try Ad-aware first, then clean up anything left behind using our method for removal.

Download HijackThis and scan.

Tick the boxes next to the following entries. Don't worry if you don't see them both. There are several versions of this hijacker.

O4 - HKLM\..\Run: [WANOBSI] C:\WINDOWS\WANOBSI.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\MSBB.EXE

In your results, look for a particular O2 BHO and tick it for "fixing". The HijackThis listing will be similar to one of these examples (the CLSID numbers will be the same):
O2 - BHO: (no name) - {D5B72AED-E54A-11D6-B1B2-444553540000} - C:\WINDOWS\QOGJUOSK.dll
O2 - BHO: (no name) - {D5B72AED-E54A-11D6-B1B2-444553540000} - C:\WINDOWS\bho.dll

There may also be a toolbar listed in HijackThis similar to the following example. Tick the entry for this as well.
O3 - Toolbar: Whazit Toolbar - {C9176930-9C9F-4cba-9723-0F58C3E7CED6} - C:\WINDOWS\RGJWOYFH.dll

You may also have any of the following entries listed in HijackThis. Tick the box next to any entry that includes "whazit.com".

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.whazit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=

http://www.whazit.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=

http://www.whazit.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=

http://www.whazit.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=

http://www.whazit.com

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL=http://www.whazit.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=

http://www.whazit.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=

http://www.whazit.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=

http://www.whazit.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=

http://www.whazit.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=

http://www.whazit.com

Once all of the above has been selected by "ticking" the box to their left, click the "Fix Checked" button.

Open the registry editor (click 'Start', choose 'Run' and enter 'regedit') and delete these registry keys (Note: If you are not comfortable editing your registry, you can safely skip this step)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\nCASE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\msbb
HKEY_CURRENT_USER\Software\180solutions
HKEY_LOCAL_MACHINE\SOFTWARE\wms

Restart the computer and delete the following files:

c:\WINDOWS\fiz1
c:\WINDOWS\kyf.dat
c:\WINDOWS\msbb.exe
c:\WINDOWS\ncmyb.dll
c:\WINDOWS\WANOBSI.exe
c:\WINDOWS\cards.ico
Desktop\Riviera Gold Casino!.url
Also delete the entire 'c:\WINDOWS\FLEOK' folder and all files within.

Most of these files are hidden, so you will need to have Windows set to show hidden files. Follow the directions at windows-help.net if you need instructions on how to do that. These instructions work for all versions of Windows from 98 upwards.

 

[arcserve2000]

Tried this it doesn't work..some of the registry entries don't even exist...Overall this doesn't work, maybe it would if files they mentioned existed in windows or the registry...anyone have any other ideas....????

 

[djn12313]

Arcserve2000

The part about using the newest version (PLUS the update) for Ad-Aware worked on my machine.

That d*mn Whazit was driving me nuts. I ended up downloading the newest version of Ad-Aware from their site @

http://www.lavasoft.nu

and then performing a "check for updates" within the program.

The raw 6.0 version didn't find the Whazit embedded registry entries, etc., but the updated version did. No problems in the past hour or so.

Good luck.

djn12313

 

[arcserve2000]

DJN12313,
Is there a trial version i can use or do you have to purchase that software? If not, can you tell where to go on the link you gave...thanks

 

[p057]

http://whazit.com/manualremove.html

follow the instructions and it WILL work, at least it did for me