browser hijacked

[PR]

Somthing took over my IE 6. The start page is hijacked. I tried Adware se,
ms Antispyware, hijack.exe, cwshreder, mcaffee virus scan, regedit to reset
the registry and start page. But a minute later it is hijacked again. Any
other free ware out there to try? There must be some dll or executable run
every minute to hijack and redirect the start page, but I dont know what it
is. I use window 2000 server. Thanx.

 

[Michael T]

http://inetexplorer.mvps.org/answers.htm#home_page

 

[PR]

Thanx. I already ran the anti virus software in window safe mode but the
start page still got redirected.

http://inetexplorer.mvps.org/data/tshoot.htm

There must be some dll or .exe that kick off every minute to reset the start
page. As soon as hijack.exe removed the bad url a minute later it was back
again.

 

[Frank Saunders, MS-MVP IE/OE]

Thanx. I already ran the anti virus software in window safe mode but the
start page still got redirected.

http://inetexplorer.mvps.org/data/tshoot.htm

There must be some dll or .exe that kick off every minute to reset the
start
page. As soon as hijack.exe removed the bad url a minute later it was
back
again.

First, if you don't have WinXP SP2, get LSP-Fix - a free program to repair
damaged Winsock 2 stacks
http://www.cexx.org/lspfix.htm
save it because you might need to repair the Winsock 2 stacks after removing
the culprit.
For WinXP SP2 this command will restore the Winsock stacks if you can't
connect after clearing the malware.
Go to Start | Run and type
CMD
In the command window type
netsh winsock reset

Then get CWShredder
http://www.intermute.com/products/cwshredder.html

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/security/protect/default.aspx
http://defendingyourmachine.blogspot.com/

 

[Michael T]

Have to tried these?

Spybot
http://www.safer-networking.org/?page=download

Spy Sweeper
http://www.webroot.com/land/spysweeperb.php?rc=325

You might also checkout
http://www.agh3.com//modules.php?op=modload&name=News&file=article&sid=27

 

[PR]

I already tried many times:
Adware se, ms Antispyware, hijack.exe, cwshreder, mcaffee virus scan,
regedit , spybot search+destroy, hbo demon and also ran in safe mode two
times. After reboot, open IE, the start page hijacked again. Delete bad
url, a minute later its put back by some unknown software

 

[Don Varnau]

Hi,
Malware is constantly changing. The best programs can't remove *all*
varieties of adware, spyware, etc.

Start at http://forum.aumha.org/viewtopic.php?t=4075 Then go to
http://www.aumha.org/a/quickfix.htm Work through the preliminary cleaning
steps then post a HijackThis log to the forum at
http://forum.aumha.org/viewforum.php?f=30

Don
[MS MVP- IE/OE]


"PR" wrote in message news:M%I9e.38213$hB6.22675@trnddc06...

I already tried many times:
Adware se, ms Antispyware, hijack.exe, cwshreder, mcaffee virus scan,
regedit , spybot search+destroy, hbo demon and also ran in safe mode two
times. After reboot, open IE, the start page hijacked again. Delete bad
url, a minute later its put back by some unknown software

[snip]

 

[Jan Il]

Hi PR

Some variants of malware can replicate itself repeatedly if not fully
removed. The the following and see if it helps:

CWShredder: Free
http://www.majorgeeks.com/download4086.html

About:Buster
http://www.majorgeeks.com/download4289.html
http://www.atribune.org/downloads/AboutBuster.zip

For really stubborn pests...

Pocket Killbox
http://www.downloads.subratam.org/KillBox.zip
More information here:
http://www.bleepingcomputer.com/files/killbox.php

Be sure to scan with the HiJackThis as Don suggested and post your log to
the forum he listed.

Post back and let us know your progress, some variants are hard to remove.

Hope this helps

Jan
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Jon Kennedy]

If your spyware scanning has failed, then the problem could be something new
that the
spyware cleaners above don't have in their databases yet. In that case....
HijackThis direct download:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Tutorial on how to use HijackThis:
http://www.spywareinfo.com/~merijn/htlogtutorial.html
Then post it's output log to the forum here for analysis and feedback by the
parasite experts:
http://www.spywareinfo.com/forums/
Or the other HijackThis Logs forums listed here:
http://www.spywareinfo.com/~merijn/forums.html

Or try this program to get some of the most nasty malware:
CWShredder direct download:
http://aumha.org/downloads/cwshredder.zip

An alternate resource for all of this and more:
http://www.aumha.org/secure.htm


You may also want to check out StartPage Guard -
http://pjwalczak.com/spguard/index.php
StartPage Guard protects your PC from cyberscam, by monitoring status of
your internet browser StartPage and preventing it from any unauthorized
changes.

And to keep from having to manually edit the registry to unlock your
homepage settings, try this little script by Doug Knox, MS MVP:
http://www.dougknox.com/security/scripts_desc/nosethomepage.htm

More information here: http://www.cexx.org/hphijack.htm

 

[PR]

Thanx everyone. I tried everything below without luck. Finally I tried spy
sweeper trial version. It also failed to reset home page. I then did one
extra step inside spy sweeper: click Shields, IE tab, Reset to default.
From here it was a success. Now whenever the virus redirect the url spy
sweeper will block it. So my computer is safe for next 30 days.

Two problems: There must be some dll or exe somewhere that none of the
detection software know about. When the virus redirect the start page every
minute, it must do it in a new different way and most of the software
cannot detect the change. This IE is a real headache. But Netscape is slow
to load and I don't like the bulky menu bar on top. I want the menu smaller
for more real estate.

 

[PR]

Thanx. I will try StartPage Guard when spy sweeper expired in 30 days.

 

[PR]

Thanx. I will try Pocket Killbox if Spy Sweeper and Start Page Guard
failed.

 

[chris]

Try Deepnet Explorer from www.deepnetexplorer.com. Similar to IE but
IMHO better.