ehttp.cc/?URL added to address

R

Rich

I have an XP machine that has a unique problem with some
web addresses. If I type http://www.google.com it works
fine. However, if I type www.google.com it changes it to
http://ehttp.cc/?www.google.com. This machine had
several trojans and viruses but they have been cleaned
and deleted. This only happens with some sites (google
and yahoo primarily. Already reset the Explorer options
to default. Any suggestions as to where the problem
might be?
 
F

Frank Saunders, MS-MVP

Rich said:
I have an XP machine that has a unique problem with some
web addresses. If I type http://www.google.com it works
fine. However, if I type www.google.com it changes it to
http://ehttp.cc/?www.google.com. This machine had
several trojans and viruses but they have been cleaned
and deleted. This only happens with some sites (google
and yahoo primarily. Already reset the Explorer options
to default. Any suggestions as to where the problem
might be?
Click to expand...

First eliminate any scumware.
See
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Note that AdAware and SpyBot S & D will each catch some things the other
won't. Also, each needs to be updated before every use, even when just
downloaded. There's also a lot more to do than just those two programs.
CWShredder is also available here:
http://www.kellys-korner-xp.com/regs_edits/cwshredder.zip
**Post your HijackThis log to
http://forums.spywareinfo.com/ or the Spyware forum at
http://forum.aumha.org/ for expert analysis, not here.**
Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder
may be found on this page:
http://aumha.org/a/parasite.htm.
If trying everything at that site does not fix the problem please post back
in the same thread.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/
 
M

Mike Burgess

Rich,
ehttp.cc = Coolwebsearch trojan

How to remove Coolwebsearch and affiliates
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch

Note: this type hijack indicates an unpatched machine, that is lacking
in "Defense". Please visit Windows Update to avoid these exploits.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-09-04]
Please post replies to this Newsgroup, email address is invalid
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

http:// has changed to http://ehttp.cc/? 1
http://ehttp.cc/? 1
bastard website put a script in my browser help 6
Need http:// in address bar 1
internetnet explorer URl problem 1
Address Bar Problem - Typing URL? 5
Address bar not working 10
problems with google redirecting in IE 8

Top