REPOST: browser hijack problem continues

E

EAustin

I downloaded Microsoft Windows AntiSpyware (Beta)
and scanned and removed what it dound. It worked but was not a permanent fix
....
as soon as I shut the browser down
and then start it up again .. all the hijacked settings return. Even when I
use the "Browser Restore" function .. everything is ok until I shut the
browser down. when I open it back up .. it is hijacked again.
The "Microsoft Windows AntiSpyware (Beta)" says it is removing the threat
but it is only temporary.
Any other ideas? I can't get to the "trendmicro.housecalls" website .. it
won't let me go there .. says there is a Windows Error and has to shut down

Also - why are all my old restore point dates gone? If I could resore back 2
weeks ago before this happened I would be ok but all restore ponit dtaes are
gone.

Help!
 
R

Ron Martell

EAustin said:
I downloaded Microsoft Windows AntiSpyware (Beta)
and scanned and removed what it dound. It worked but was not a permanent fix
...
as soon as I shut the browser down
and then start it up again .. all the hijacked settings return. Even when I
use the "Browser Restore" function .. everything is ok until I shut the
browser down. when I open it back up .. it is hijacked again.
The "Microsoft Windows AntiSpyware (Beta)" says it is removing the threat
but it is only temporary.
Any other ideas? I can't get to the "trendmicro.housecalls" website .. it
won't let me go there .. says there is a Windows Error and has to shut down

Also - why are all my old restore point dates gone? If I could resore back 2
weeks ago before this happened I would be ok but all restore ponit dtaes are
gone.
See MVP Jim Eshelman's Spyware QuickFix Procedure at
http://www.aumha.org/a/quickfix.htm


Good luck


Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm
 
E

EAustin

from: eaustin@REMOVE intergate.com

Did multiple safe mode scans using

Ad-Aware SE Personal
Spybot Search & Destroy
Microsoft AntiSpyware
CWShredder
SpySubtract

They found and removed many of the files and it returned my MSIE 6.0 to it's
original settings BUT as soon as I shut MSIE down and then open it again ..
the hijack reinstalls itself! I had it down to one Suspected Malware
Registry file and even though Ad-Aware SE and Microsoft AntiSpyware said
they had removed it - the file was still there. I used 'regedit" to go in
and delete the file myself manually and it will not allow me to delete it or
any of it's component subfiles. This must be the file that reinstalls the
whole spyware system into my MSIE. Here is the log data information on the
Malware, IE + SystemHijacker file that is in my registry. What can I do to
get rid of it ... your help is greatly appreciated!!

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object :
system\currentcontrolset\enum\root\legacy_*008f__6q*00d4*00f5*0013'*00aa*00b
4*00c6*00d08

Vendor:CoolWebSearch
Category:Malware
Object Type:Regkey
Size:0 Bytes
Location:...\legacy_*008f__6q*00d4*00f5*0013'*00aa*00b4*00c6*00d08\
Last Activity:3-19-2005
Risk Level:Low
TAC index:10
Comment:
Description:Malware, IE + SystemHijacker.Infects system by exploiting
InternetExplorer Vulnerabilities.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
E

EAustin

I tried to follow these webpage instructions .. the command prompt - when
opened says -
C:\Documents and Settings\User Name>
the instructions on the webpage said to type DEL <filename>
so I added what I thought was the path to the file .. it then read -
C:\Documents and Settings\User Name>DEL
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*008f__6q*00d4*
00f5*0013'*00aa*00b4*00c6*00d08

When I hit "enter" it came back with the prompt -
"The system cannot find the path specified"
What would be the correct exact path to type to delete this file?
 
M

Mark L. Ferguson

You must put commands with spaces in the folder names in quotes "command line"

" C:\Documents and Settings\User Name>DEL
"HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*008f__6q*00d4*00f5*0013'*00aa*00b4*00c6*00d08"

I also see no file extension.
legacy_*008f__6q*00d4*00f5*0013'*00aa*00b4*00c6*00d08.???




..
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

browser hijack 4
Browser hijack 1
can not remove Winfixer, taking over my browser???? 7
Browser Hijack 1
vx2 hijack 1
Possible Browser Hijack 4
Browser not connecting 1
Hijack browser 8

Top