Fixing Your Browser When It Gets Hijacked to getsearch0330 or searchinworldx

I just thought I'd share how in the world you fix your computer after this particular browser hijacking happens to you. Here are the symptoms:

• You were invited to use a Facebook application for sending smileys, perchance
• Whenever you search for something, you either get redirected to searchinworldx.com or getsearch0330.com, or maybe something else
• You have a smooth spot on your scalp where you have pulled out all of your hair

First, don't bother with AdAware -- at least as of this writing, 4/14/09, they didn't seem to find the bug I had.

Second, don't bother with Windows Defender, or ComboFix, either. Same reason.

Third, ignore all those people who tell you that you are insane to not run anti-virus software of some kind. I know it SOUNDS like they want you to strangle them with your bare hands, but really, they mean well. Just ignore them.

Here's where to go and what to do, and the special secret that was killing me.

1. Go to http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE and download SuperAntiSpyware. Sounds awful, I know. Seriously, I half-wondered if it was going to ask me if I wanted the Ask.com toolbar installed. But it didn't -- it's a very nice program.
2. Install it, and run it. But don't run the quick scan -- do the big-boy, COMPLETE scan. I tried the quick scan and it found some stuff, but much to my chagrin it was still there when I restarted (as it will ask you to do when it's all done). So do a complete scan, and restart.
   
   
   
3. When you restart, you'll find that your browser is no longer being hijacked... BECAUSE YOU CAN'T BROWSE THE INTERNET. This was the painful part for me. I thought it had something to do with my newly-secured wireless network, but it was not -- it was because the hijacking malware changes your proxy settings for all the browsers it finds on your machine, and removing the malware doesn't set the settings back. You have to change those settings back manually.

In Firefox:

1. Go to Tools>Options, then the Advanced tab (don't be scared), the Network tab (stay with me), and click on Settings.
   
   
   
2. See that ugly proxy server it's trying to send you to on port 7170? Yeah. Set your stuff back to NO Proxy. (Unless you were supposed to have a proxy, like for internet filter software, perhaps?)
   
   
   
3. Hit OK a buncha times. Voilá! You're back in business.

In Internet Explorer (sorry, I only have 6.0 installed... no, don't ask):

1. Go to Tools>Internet Options, then the Connections tab, then click the LAN Settings button.
   
   
   
2. Unclick that Proxy Server checkbox, and hit OK a lot. (Again, if you're supposed to have a proxy server, you're on your own figuring out what it's supposed to be. But you know what it's NOT supposed to be? Localhost on port 7170.
   
3. IE will now be happy.

In Safari:

1. Go to Edit>Preferences, then the Advanced tab. Click on Change Settings right there next to Proxies.
   
   
   
2. This will, oddly enough, pop up your Internet Explorer's internet options, if you're running Windows. If you didn't already fix it in IE, you can do so now.
3. Ask yourself why you're using Safari on Windows.

In Chrome or Opera:

1. Hell if I know. Who ARE you people, anyway?

For those of you who are curious, NO, it was not me that got our computer infected, thankyouverymuch. I won't name names, but it was my wife. Rebecca.