Browser highjack

M

Mike Siddall

My browser (IE6)has been highjacked by a dodgy antivirus site called
safetyhomepage.com. (can they be sued ;)?)A pop up on thepage informs me
about a virus called w32.Myzor.FK?yf that infects all my .exe files. I have
two AV progs installed, neither of which picks this up, neither do my
spy/malware progs, all have the latest definitions loaded.
How can I regain control of my browser?

TIA
Mike Siddall
 
T

Tony Luxton

Hi Mike,

If your'e sure you're ok, your spyware programs should have the facility to
protect your homepage. I know Spybot S&D and Spywareblaster both do.

Incidently, if you use this setting, and you also use Adaware, it comes up
as a positive, which you can just put in the ignore list.

HTH Tony.
 
M

Malke

Mike said:
My browser (IE6)has been highjacked by a dodgy antivirus site called
safetyhomepage.com. (can they be sued ;)?)A pop up on thepage informs me
about a virus called w32.Myzor.FK?yf that infects all my .exe files. I
have two AV progs installed, neither of which picks this up, neither do my
spy/malware progs, all have the latest definitions loaded.
How can I regain control of my browser?
Click to expand...

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Make sure you do all the preparatory work and finishing work. When all else
fails, run HijackThis and post your log to one of the specialty forums
listed at the site above (not here, please).

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a professional computer repair
shop (not your local version of BigStoreUSA).

Malke
 
K

Ken Blake, MVP

Mike said:
My browser (IE6)has been highjacked by a dodgy antivirus site called
safetyhomepage.com. (can they be sued ;)?)A pop up on thepage informs
me about a virus called w32.Myzor.FK?yf that infects all my .exe
files. I have two AV progs installed, neither of which picks this up,
neither do my spy/malware progs, all have the latest definitions
loaded. How can I regain control of my browser?
Click to expand...


Read here: http://precisesecurity.com/blogs/2006/07/29/w32myzorfkyf-removal/
 
S

sandy58

Mike said:
My browser (IE6)has been highjacked by a dodgy antivirus site called
safetyhomepage.com. (can they be sued ;)?)A pop up on thepage informs me
about a virus called w32.Myzor.FK?yf that infects all my .exe files. I have
two AV progs installed, neither of which picks this up, neither do my
spy/malware progs, all have the latest definitions loaded.
How can I regain control of my browser?

TIA
Mike Siddall
Click to expand...
http://www.technibble.com/how-to-remove-syssecuritysitecom-w32myzorfk/
Try here for help, Mike.
 
C

Chuck Davis

Mike Siddall said:
My browser (IE6)has been highjacked by a dodgy antivirus site called
safetyhomepage.com. (can they be sued ;)?)A pop up on thepage informs me
about a virus called w32.Myzor.FK?yf that infects all my .exe files. I
have two AV progs installed, neither of which picks this up, neither do my
spy/malware progs, all have the latest definitions loaded.
How can I regain control of my browser?

TIA
Mike Siddall
Click to expand...

Mike,
Follow these steps:
1. Download hijackthis from http://www.tomcoyote.org/hjt/
2. Install hijackthis on your C: drive.
3. Open the program and click on Do a system scan and save a logfile.
4. Save the logfile.
5. Visit http://www.hijackthis.de/
6. Either copy and paste your logfile contents into the space provided, or
7. Click on the Browse button and locate your logfile.
8. Click on Analyze
9. Wait a few minutes and the results will be displayed.
10. Follow the instructions for the "Nasty" entries.

Good luck.
 
M

Mike Siddall

PROBLEM FIXED
Thanks to everyone who replied.

I followed the advice of 'sandy58' and downloaded removal instructions from
http://www.technibble.com/how-to-remove-syssecuritysitecom-w32myzorfk/

Couldn't follow the instructions exactly as I couldn't start Windows in
'Safe Mode' - I kept getting a blue screen with the following message:

"A problem has been detected and windows has been shut down to prevent
damage to your computer"
"IRQL_NOT_LESS_OR_EQUAL"

I eventually restarted the computer using the start-up option 'Last Known
Good Configuration' and then followed the rest of the instructions.

After SmitFraudFix had run it gave an error report which I printed off -
......
Scan done
Fix ran in normal mode

C:\DOCUME-1\ALLUSE-1\Desktop\Online Security Guide.url -Deleted
C:\DOCUME-1\ALLUSE-1\Desktop\Security Troubleshooting.url -Deleted
C:\Program
-Deleted

Registry cleaning done

Attention: following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's.dll

End.
.......

I now have my Home Page back and no fake popup messages.

However, I still cannot start Windows in 'Safe Mode' - I still get the same
error message. Any ideas?
 
M

Mike Siddall

AMENDMENT to error report below

'C:\Program - Deleted' should read:
C:\Program Files\IntCodec\ - Deleted

Sorry
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Browser hijacking/ trojan? Help! 3
norton antivirus vs. system performance manager and security cente 2
Inability to download with IE6 3
I Have a weird Virus? 8
"Upgrade Pack 98" and the "1 minute freeze". 3
Windows Defender Chat Transcript 6
SOS Uploads 11/26/2004 17
FWT Newsletter - Weekly - October 18, 2004 0

Top