Hijacked Homepage

[Elizabeth]

Hi all ...

Somehow or other I navigated to a site which has hijacked my home page /
start page; it is now pointed to http://www.iwantsearch.com, which
immediatley redirects to http://ez-finder.com/cgi-bin/index.cgi?c=1 ... if I
reset the page to my usual start page, it will go there once but then
reverts to this annoying destination, presumably dumping some information
along the way there.

I have tried Spybot, TDS and attempted to use the PestPatrol free scan but
the ActiveX would not download ... none of these programs are picking up the
problem so far as I can tell ...

Does anyone have any advice to offer on this ... it's annoying and somewhat
concerning since I have no idea what this little trick is really doing ....

Thanks ....


PS: In the process of trying to hunt this down, I noticed the old
notepad.exe/note.com presence in my c:\windows directory; after a bit of
fussing with it I think I have successfully deleted notepad.exe (the
malware) and renamed note.com to notepad.exe; I'm not really sure if this
is related to the above problem but I do know that it has not fixed it ...

 

[Jan Il]

Hi Elizabeth

You may have a hijacker, malware, spyware or parasites on your system
causing this problem. In addition to running your updated anti-virus
program, you should do the following to be sure none of these are present on
your system. Some variants of malware can replicate themselves over and
over if not removed properly. Follow all instructions carefully to be sure
your system is thoroughly cleaned

Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
Be sure to run CWShredder, Ad-aware and Spybot.
Also be sure to use the HijackThis. Please do not post your log to this
newsgroup, but to the SpywareInfo or the Aumha HiJackThis forums
http://forum.aumha.org/viewforum.php?f=30, to allow the experts there to
evaluate your log and advise you of the necessary steps to clean your
system.

CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.

Also, get a copy of WINSOCKFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP http://www.spychecker.com/program/winsockxpfix.html
Also, with instructions, at http://www.iup.edu/house/resnet/winfix.shtm
also
From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip

and......

AdAware SE
http://www.lavasoftusa.com/support/download/
Update immediately after installing before using

Additional information on how to protect your PC:
The Parasite Fight http://www.aumha.org/a/quickfix.htm
More security tips at http://www.aumha.org/a/parasite.htm
Bugs, Glitches & Stuffups: http://www.mvps.org/inetexplorer/Darnit.htm

If these steps do not resolve your problem, please post back to this thread
with the details and any error messages.

Hope this helps

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Elizabeth]

Hi Elizabeth

You may have a hijacker, malware, spyware or parasites on your system
causing this problem. In addition to running your updated anti-virus
program, you should do the following to be sure none of these are present on
your system. Some variants of malware can replicate themselves over and
over if not removed properly. Follow all instructions carefully to be sure
your system is thoroughly cleaned

Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
Be sure to run CWShredder, Ad-aware and Spybot.
Also be sure to use the HijackThis.

Thanks for your reply, Jan ... I stayed up late last night and got it,
interestingly enough by using precisely those programs; Ad-Aware was the one
to get the job done and CWSShredder picked up some of it ...

What I cannot figure out is why my up-to-date McAfee AV did nothing to stop
it or remove it ...

 

[Jim Byrd]

Hi Jan and Elizabeth - I apologize for just jumping in, but I thought it
might be helpful if you knew about sysclean and some other defensive
programs in addition to AdAware and SpyBot S&D. Most Anti-Virus programs
(like your McAfee) just deal with viruses and trojans, seldom treating with
the other general class of malware except for a little overlap in the area
of trojans. Sysclean which is a free system scanner download from Trend
Micro seems to treat with many more of them than the other AV's.

You might want to consider all of the following to protect yourself in the
future in addition to regularly UPDATING and running AdAware and SpyBot S&D
(red items only) - I suggest at least weekly:

Download sysclean.com , from Trend Micro, here:
http://www.trendmicro.com/download/dcs.asp along with the latest pattern
file, here: http://www.trendmicro.com/download/pattern.asp Be sure to read
the "How-to" info here:
http://www.trendmicro.com/ftp/products/tsc/readme.txt (You might also want
to get Art's updater, SYS-UP.Zip, here for future updating of these:
http://home.epix.net/~artnpeg/). (If you download and use the updater from
the beginning, it will automatically handle downloading the other files.)
Place them in a dedicated folder after appropriate unzipping, and then run.
This scan may take a long time, as Sysclean is VERY extensive and thorough.


You might want to consider installing Eric Howes' IESpyAds, SpywareBlaster
and SpywareGuard here to help prevent this kind of thing from happening in
the future:

IESpyads - https://netfiles.uiuc.edu/ehowes/www/resource.htm "IE-SPYAD adds
a long list of sites and domains associated with known advertisers,
marketers, and crapware pushers to the Restricted sites zone of Internet
Explorer. Once you merge this list of sites and domains into the Registry,
the web sites for these companies will not be able to use cookies, ActiveX
controls, Java applets, or scripting to compromise your privacy or your PC
while you surf the Net. Nor will they be able to use your browser to push
unwanted pop-ups, cookies, or auto-installing programs on your PC." Read
carefully.

http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWareBlaster is not memory resident ... no CPU or memory
load - but keep it UPDATED) The latest version as of this writing will
prevent installation or prevent the malware from running if it is already
installed, and it provides information and fixit-links for a variety of
parasites.

http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
install malware) Keep it UPDATED. All three Very Highly Recommended


Next, install and keep updated a good HOSTS file. It can help you avoid
most adware/malware. See here: http://www.mvps.org/winhelp2002/hosts.htm
(Be sure it's named/renamed HOSTS - all caps, no extension) Additional
tutorials here:
http://www.bleepingcomputer.com/forums/index.php?s=14f3f9225081133297a8acdd11137c5b&showtutorial=51
(detailed) and here: http://www.spywarewarrior.com/viewtopic.php?t=410
(overview)


Finally, go to Windows Update and ensure that ALL Critical updates are
installed.


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

 

[Jan Il]

Hi Jim!

No problem, glad you jumped it! <g> Thank you very much for the additional
information on the sysclean. I had heard of it, but, was not sure it was
better than the standards. I've added it to my reference library list of
good stuff. ;-))

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Jan Il]

Hi Elizabeth

Thanks for your reply, Jan ... I stayed up late last night and got it,
interestingly enough by using precisely those programs; Ad-Aware was
the one to get the job done and CWSShredder picked up some of it ...

What I cannot figure out is why my up-to-date McAfee AV did nothing
to stop it or remove it ...

You're very welcome! Glad to hear that you were able to resolve your
problem. Good job!

Thank you for posting back to let us know what worked for you, and for the
benefit of other readers who may have a similar problem.


Jan
Smiles are meant to be shared,
that's why they're so contagious.

Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Elizabeth]

Hi Jan and Elizabeth - I apologize for just jumping in, but I thought it
might be helpful if you knew about sysclean and some other defensive
programs in addition to AdAware and SpyBot S&D. Most Anti-Virus programs
(like your McAfee) just deal with viruses and trojans, seldom treating with
the other general class of malware except for a little overlap in the area
of trojans. Sysclean which is a free system scanner download from Trend
Micro seems to treat with many more of them than the other AV's.
You might want to consider all of the following to protect yourself in the
future in addition to regularly UPDATING and running AdAware and SpyBot S&D
(red items only) - I suggest at least weekly:

Download sysclean.com , from Trend Micro, here:
http://www.trendmicro.com/download/dcs.asp along with the latest pattern

Jim,

Thanks for the additional info; I saved this post for future reference ...

 

[Jim Byrd]

YW, Elizabeth.