G
Guest
My homepage seems to have been hijacked by about:blank have run windows
defender spybot and adaware but still happening. don't know what else to do.
defender spybot and adaware but still happening. don't know what else to do.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
F
Frank Saunders, MS-MVP OE
loscann said:My homepage seems to have been hijacked by about:blank have run windows
defender spybot and adaware but still happening. don't know what else to
do.
So How Did I Get Infected Anyway?
http://www.wilderssecurity.com/showthread.php?t=27971
Help with Hijackware
All MS - MVP Sites.
http://aumha.org/a/parasite.htm
(http://aumha.org/a/quickfix.htm)
http://www.elephantboycomputers.com/page2.html#Removing_Malware
(http://mvps.org/winhelp2002/unwanted.htm)
(http://inetexplorer.mvps.org/darnit.html)
(http://www.mvps.org/sramesh2k/Malware_Defence.htm)
Unexplained computer behavior may be caused by deceptive software.
http://support.microsoft.com/kb/827315
G
Guest
Hello loscann,
This is a AndyManchesta (e-mail address removed)
or Ron Kinner (e-mail address removed) case beacuse I cannot find any good advice
within any forum without using HijackThis and to be carefully guided.
Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
http://computercops.biz/HijackThis.html
Save it to C:\hjt (new folder) then Open it and select Scan and Save Log.
Note where you saved the log then send it to him as an attachment. Put
Hijack in the subject so he'll know it's not spªm.
Alternatively you can post it on the Dell Forum ªt:
http://forums.us.dell.com/supportforums/board?board.id=si_hijack
Put Ron in the subject so he will see it. You do not need to have a Dell to
post but you will need to register.
Ron Kinner at rkinner(AT)att.net (Replace (AT) With @)
Microsoft MVP 2004 & 2005
AndyManchesta(AT)hotmail.co.uk (Replace (AT) With @)
AndyManchesta (AT) (e-mail address removed) (Replace (AT) With @)
AndyManchesta(AT)hotmail.com (Replace (AT) With @)
Feel free to mention that I sent you.
SpywareBlaster -http://www.javacoolsoftware.com/sbdownload.html
JavaCool's free SpywareBlaster automatically adds a lengthy list of
dangerous addresses to IE's Restricted sites. SpywareBlaster is compatible
with AOL's browser; it also works with current versions of the Netscape,
Firefox, and Mozilla browsers. Its most recent iteration is SpywareBlaster
3.5.1
Protect your browsers from hijacking.
http://www.bleepingcomputer.com/forums/tutorial49.html
The exact URL for Javacool software support at Wilders is below;
<http://www.wilderssecurity.com/forumdisplay.php?f=19>
For the benefit of the community reading this post, please rate the pºst.
I hope this post is helpful.
Let us know how it works ºut.
Еиçеl
This is a AndyManchesta (e-mail address removed)
or Ron Kinner (e-mail address removed) case beacuse I cannot find any good advice
within any forum without using HijackThis and to be carefully guided.
Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
http://computercops.biz/HijackThis.html
Save it to C:\hjt (new folder) then Open it and select Scan and Save Log.
Note where you saved the log then send it to him as an attachment. Put
Hijack in the subject so he'll know it's not spªm.
Alternatively you can post it on the Dell Forum ªt:
http://forums.us.dell.com/supportforums/board?board.id=si_hijack
Put Ron in the subject so he will see it. You do not need to have a Dell to
post but you will need to register.
Ron Kinner at rkinner(AT)att.net (Replace (AT) With @)
Microsoft MVP 2004 & 2005
AndyManchesta(AT)hotmail.co.uk (Replace (AT) With @)
AndyManchesta (AT) (e-mail address removed) (Replace (AT) With @)
AndyManchesta(AT)hotmail.com (Replace (AT) With @)
Feel free to mention that I sent you.
SpywareBlaster -http://www.javacoolsoftware.com/sbdownload.html
JavaCool's free SpywareBlaster automatically adds a lengthy list of
dangerous addresses to IE's Restricted sites. SpywareBlaster is compatible
with AOL's browser; it also works with current versions of the Netscape,
Firefox, and Mozilla browsers. Its most recent iteration is SpywareBlaster
3.5.1
Protect your browsers from hijacking.
http://www.bleepingcomputer.com/forums/tutorial49.html
The exact URL for Javacool software support at Wilders is below;
<http://www.wilderssecurity.com/forumdisplay.php?f=19>
For the benefit of the community reading this post, please rate the pºst.
I hope this post is helpful.
Let us know how it works ºut.
Еиçеl
R
Randy Knobloch
loscann said:My homepage seems to have been hijacked by about:blank have run windows
defender spybot and adaware but still happening. don't know what else to do.
Run Trend Micro's Cool Web Shredder - "CWShredder"
http://www.trendmicro.com/cwshredder/
Download, follow installation instructions prior to first use.
Note: This is /not/ a Spyware scanner, the tool is intended for this parasite
only and should /not/ be used for other purposes.
A relevant article on your infestation, a must-read.
http://www.merijn.org/cwschronicles.html
Good luck!
Randy
--
siljaline
MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP
Security Tools Updates
http://aumha.net/viewforum.php?f=31
Reply to group, as return address is invalid that we may all benefit.
L
Larry Gardner
What is the Default Home Page that shows up in Internet Options General tab
say.
say.
G
Guest
the default is http://www.dell4me.com/myway
I have read the previous replies but they are way more than I can handle
with my very limited knowledge.
I have read the previous replies but they are way more than I can handle
with my very limited knowledge.
G
Guest
I think one of the posts assumes you have been infected by Cool Web Search;
however, Spybot should have caught at least parts of it. Webroot Spysweeper
has an online scanner. You might try that. You might also look at Tools
(under Internet Explorer title line). Click it and then click Manage
Add-ons. Look at the add-ons currently under Internet Explorer. If you see
some strange ones, you might try disabling them to see if that corrects your
problem. Also, try downloading the free version of Xoftspy and do a scan.
The free version doesn't fix anything but is very good at identifying
potential malware. By the way, ignore the cookie stuff. If all else fails,
then the best approach would be to download Hijack this and submit the log
for analysis. You really don't have to be a computer whiz to do that. Good
luck.
however, Spybot should have caught at least parts of it. Webroot Spysweeper
has an online scanner. You might try that. You might also look at Tools
(under Internet Explorer title line). Click it and then click Manage
Add-ons. Look at the add-ons currently under Internet Explorer. If you see
some strange ones, you might try disabling them to see if that corrects your
problem. Also, try downloading the free version of Xoftspy and do a scan.
The free version doesn't fix anything but is very good at identifying
potential malware. By the way, ignore the cookie stuff. If all else fails,
then the best approach would be to download Hijack this and submit the log
for analysis. You really don't have to be a computer whiz to do that. Good
luck.
L
Larry Gardner
Have you tried manually changing it through Internet Options?
G
Guest
I tried what you suggested:
You might also look at Tools
but had no idea what I was looking at, but I did change the homepage to the
default, which is the dell page and that seemed to work I then changed it to
the Yahoo page and so far so good! (yes I had done this several times before
my origianl post but the homepage kept going back to about blank)
I just ran spybot again and it did find cool web search, or something
similar, and I think it deleated it...but so far so good thanks for your
help.
loscann
You might also look at Tools
(under Internet Explorer title line). Click it and then click Manage
Add-ons. Look at the add-ons currently under Internet Explorer.
but had no idea what I was looking at, but I did change the homepage to the
default, which is the dell page and that seemed to work I then changed it to
the Yahoo page and so far so good! (yes I had done this several times before
my origianl post but the homepage kept going back to about blank)
I just ran spybot again and it did find cool web search, or something
similar, and I think it deleated it...but so far so good thanks for your
help.
loscann
G
Guest
Your thanks may be premature. I am totally confused by your response. You
had tried Spybot and Ad-aware before, so I don't understand why Spybot is
now working (unless maybe the Spybot definition updates from Friday). Check
Spybot "Recovery" for the name of the malware. Manage add-ons shows the
names of software under Internet Explorer. The names usually relate to
toolbar software. The main thing is to look at the Publisher. The Publisher
is usually blank for Windows Messenger and Research. Glad I could help, but
I think a few more days are in order before the celebration.
had tried Spybot and Ad-aware before, so I don't understand why Spybot is
now working (unless maybe the Spybot definition updates from Friday). Check
Spybot "Recovery" for the name of the malware. Manage add-ons shows the
names of software under Internet Explorer. The names usually relate to
toolbar software. The main thing is to look at the Publisher. The Publisher
is usually blank for Windows Messenger and Research. Glad I could help, but
I think a few more days are in order before the celebration.
G
Guest
Actually you're not the only one confused as I had tried repeatedly to go to
TOOLS to change the homepage and each time it would return to about blank
when a new seesion of Explorer was opened. Previouly when I would run Spybot
I really didn't know what I was looking for but this time I did see something
like cool web Search (I should have written it down but did not). I will
continue to monitor and see what happens. I did update spybot just beofre I
ran it last night so Maybe?
As for what I found when I looked in MANAGE ADD ONS there are 12 things
listed several I have know idea what they are, where can I get more
information about these? the first 3 are a string of numbers, Publishers are
MyWay.com, safer networking and the thrid none shown. Of the 12 listed 6 are
"not verified", several I recognise - abobe, MSN. If I disable any of these
and then find I goofed are they still there to re-enable?
It sounds so simple - get a home computer, browse the Internet - HAH! I
spend more time trying to figure out what's on this darn thing...worse than
that magical creation in my garage called a "car" at least I have a mechanic
to figure that all out for me, this is well, something else! thanks for your
time though as I muddle through this.
TOOLS to change the homepage and each time it would return to about blank
when a new seesion of Explorer was opened. Previouly when I would run Spybot
I really didn't know what I was looking for but this time I did see something
like cool web Search (I should have written it down but did not). I will
continue to monitor and see what happens. I did update spybot just beofre I
ran it last night so Maybe?
As for what I found when I looked in MANAGE ADD ONS there are 12 things
listed several I have know idea what they are, where can I get more
information about these? the first 3 are a string of numbers, Publishers are
MyWay.com, safer networking and the thrid none shown. Of the 12 listed 6 are
"not verified", several I recognise - abobe, MSN. If I disable any of these
and then find I goofed are they still there to re-enable?
It sounds so simple - get a home computer, browse the Internet - HAH! I
spend more time trying to figure out what's on this darn thing...worse than
that magical creation in my garage called a "car" at least I have a mechanic
to figure that all out for me, this is well, something else! thanks for your
time though as I muddle through this.
G
Guest
You can safely disable and enable the add-ons. I would be wary of the
add-ons with only "numbers" and no publisher info. You can use Spybot to
possibly get additional info on these. Use Spybot Mode and switch to
advanced user. Under Spybot Tools look at BHO's and Active X. I usually
stay away from toolbars; however, MSN, AOL, Yahoo and Google are safe. The
myway.com entry is for the Myway Searchbar under Internet Explorer. I would
use Spybot Immunize. It doesn't conflict with real time protection. You
might want to run CWSchredder to ensure that all of Cool Web Search is gone.
Additionally, I would recommend full scans with Ewido, Xoftspy and a-squared
to catch anything not found by Windows Defender, Spybot and Ad-aware.
Without going into all the details, just ignore tracking cookies warnings
from the anti-malware software. If you are still encountering problems, then
do the Hijack this log submittal.
add-ons with only "numbers" and no publisher info. You can use Spybot to
possibly get additional info on these. Use Spybot Mode and switch to
advanced user. Under Spybot Tools look at BHO's and Active X. I usually
stay away from toolbars; however, MSN, AOL, Yahoo and Google are safe. The
myway.com entry is for the Myway Searchbar under Internet Explorer. I would
use Spybot Immunize. It doesn't conflict with real time protection. You
might want to run CWSchredder to ensure that all of Cool Web Search is gone.
Additionally, I would recommend full scans with Ewido, Xoftspy and a-squared
to catch anything not found by Windows Defender, Spybot and Ad-aware.
Without going into all the details, just ignore tracking cookies warnings
from the anti-malware software. If you are still encountering problems, then
do the Hijack this log submittal.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.