Browser Hijacked - Any Help Appreciated!!

A

AG

Hello. I've picked up a nasty piece of spyware which redirects Google
searches to premium search sites. Also, when I initially run Internet
Explorer 6, it will somtimes pop up with an error message that says
that lexplore has caused an error in <unknown>, which is clearly the
spyware masking it's name/file extension. I have tired spybot, adaware,
spysubtract, AVG virus scan, Panda Virus Scan, and a few others, and
nothing has cleaned it. Hijack This came up with one item that looked
suspicious, I deleted it, but the problem came back. It appears that
this <unknown> program continues to boot upon start up - I caught it
doing so by doing a ctl-alt-del every few seconds to see what was
loading. HOWEVER, it appears to be masking it's identity in msgconfig.
I've run a program which lists all start up programs, but I'm not sure
I've found anything there either.

I've seen other users post about similar problems. Has ANYONE recorded
the specific file locations/start up names of the spyware I've got on
my system? It's a pretty nasty one, it seems.

ANY help would be appreciated.

Thanks again!
 
J

Jan Il

Hi AG :)

First, Go to Start> Run and type CMD
In the command window type
netsh winsock reset

Then download and install BHODemon from
http://www.definitivesolutions.com/bhodemon.htm
Your problem may be caused by a bad BHO.

Be aware, your Anti-Virus won't detect all types of warez, Trojans, malware,
worms, etc and neither can other adware or spyware related programs such as
AdAware and SpyBot. They don't have the proper definitions. So even if you
run it and nothing shows up, it does not mean your system is clean. It
takes a series of programs to fully clean your machine. Some very aggressive
and damaging variants of malware can replicate themselves repeatedly, or
mutate, if not removed properly. Follow the steps here:

Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm

Then visit these two sites to test for parasites and help basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm
and
Quick-Fix Protocol.
http://aumha.org/a/quickfix.php

Also download and install HiJackThis -
This will show i f you have any other nasties on your system, , what kind
and where.

How to download and install HiJackThis:
http://www.majorgeeks.com/HijackThis_d3155.html

Please DO NOT post your log to this newsgroup. It is important that you go
to one of the HiJackThis Support Forums below and allow the experts there
to analyze it for you.:
AumHa HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30
or HJT - CastleCops
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.
(Note: You will have to Register before posting on these Forums. Please
follow all posting instructions carefully to avoid having your log deleted
or ignored. All responders are volunteers and they are very busy, so please
be patient.)

Please post a link back here to your log at the fourm where you posted it so
that we can follow your progress.

Hope this helps.

Jan :)
MS MVP - Windows IE [DTS/AumHa]
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm


\> Hello. I've picked up a nasty piece of spyware which redirects Google
 
P

PA Bear

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Browser hijacked 2
Spyware hijacked my browser 2
Really slow 2017 iMac 21.5" after fresh install 3
Yes, Another Hijacked browser- VERY nasty 3
help with hijacked browser, please. 4
Hijacked Homepage 7
PowerPoint Super Stuck and Desperately Need Help 0
Hijacked - about blank!!!!!!! HELP NEEDED URGENTLY!!!! 14

Top