IE Home page keeps defaulting to some search engine....

G

Guest

Seems my IE homepage has been hijacked by some search engine site. Here's
what's happening:

Run Adaware, and Spybot. Both tools find errors. Delete/fix the errors.
Set Hopeapge default to Yahoo.com.
Open IE, surf web (runs just OK, but tonnes of pop-ups now).
Close IE.
Open IE, however, NOW the homepage Default has changed to some search engine
site, tons of pop-ups.

Run Adaware, and Spybot. Both tools find errors. Delete/fix the errors.
Process repeats over and over.....

Cannot stop the home page from defaulting back to the search engine site.

VERY FRUSTRATING!! What can I do?
 
J

Jan Il

Hi James :)

Try the following and see if it helps. Even if you have already run some
programs, run them again according to the instructions in the information
below to thoroughly clean you system. Some variants of malware can
replicate itself and return repeatedly if not cleaned properly. It is best
to read through all the information before you start to know before hand
what you need to do and how. Follow all instructions to letter as much as
possible.

WARNING>>>> Backup all documents and files before removing any spyware!!

Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm

What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx
Most importantly, be sure to run CWShredder here
http://www.majorgeeks.com/download3019.html

Also this program searches for hidden .dlls that recreate the malware.
About Buster:
http://www.majorgeeks.com/download4289.html
Then visit these two sites to test for parasites and help basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm
and
Quick-Fix Protocol.
http://aumha.org/a/quickfix.php
Basically, throw everything here at your "infection".

Also very important, be sure to use the HijackThis. Please DO NOT post your
log to this
newsgroup, but to the HiJackThis Support Forums below:
http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4
the Aumha HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30
or Bleeping Computer Forum
http://www.bleepingcomputer.com/forums/forum22.html

to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.

(Note: You will have to Register before posting on these Forums. Please
follow all posting instructions carefully to avoid having your log deleted
or ignored.

CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.

You should also get a copy of WINSOCKXPFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
Also
From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)
or
Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip

also.........

Courtesy of Jim Byrd -

Download Sysclean.com, from Trend Micro, here:
http://www.trendmicro.com/download/dcs.asp along with the latest pattern
file, here:
http://www.trendmicro.com/download/pattern.asp
Be sure to read the "How-to" info here:
http://www.trendmicro.com/ftp/products/tsc/readme.txt
You might also want to get Art's updater, SYS-UP.Zip, here for future
updating of these: http://home.epix.net/~artnpeg/.
(If you download and use the updater from the beginning, it will
automatically handle downloading the other files. Place them in a dedicated
folder after appropriate unzipping, and then run. This scan may take a long
time, as Sysclean is VERY extensive and thorough

NOTE: If you can not download these programs from the Internet, if your PC
has CD read capabilities, go to another computer with CD-ROM burning
capabilities. Create a folder on the hard drive of the other computer called
HOLD, download the programs to that folder, then burn that folder to a CD.
Copy the HOLD folder to your HD and then install the programs from there
and run them. After you have IE access again, update all programs where
possible to get the latest definitions and run them again in Safe Mode to be
sure there are no lingering items on the system.

Hope this helps

Jan :)
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
 
P

PA Bear

Dealing with Trojans & Hijackware

A. Removing Trojans and Trojanware with Sysclean

Create a new folder named Sysclean (e.g., C:\Program files\Sysclean or just
a desktop folder). Download 'Sysclean.com' from
http://www.trendmicro.com/download/dcs.asp to this folder. Download the
latest 'Controlled Pattern Release' (not 'Official Pattern Release') zip
file (e.g., lpt123.zip) from http://www.trendmicro.com/download/pattern.asp
and extract its contents to the same folder. See the Readme text file for
instructions.

Delete Temporary Internet Files (IE Tools>Internet Options>General)
accepting the option to delete all offline content. Reboot and delete
contents of TEMP folders and Recycle Bin.

Close all running programs including your anti-virus application, go
offline, and run Sysclean. For best results, do nothing with the machine
until the scan completes.

WinXP only: If the scan shows any infections in System Restore files:

(1) create a new Restore Point (Start>Programs>Accessories>System
Tools>System Restore), then

(2) delete all but the most recent Restore Point
(Start>Programs>Accessories>System Tools>Disk Cleanup>More options [tab]).

Afterwards, update your own anti-virus application and perform another full
system scan.

B. Hijackware

Help with Hijackware (all are MS MVP sites)
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm

Run the following tools in this order with nothing else running in
background:

1. CWShredder v2.0 (no updates available currently; choose Fix, not Scan)

2. Ad-Aware SE (Reconfigure per http://aumha.org/forum/viewtopic.php?t=5877;
Fix all found)

3. Spybot (RTFM; Immunize first and then scan; Generally, fix everything in
red)

Important: You must seek updates for Ad-Aware, Spybot, etc., before each and
every use, even "right out of the box". But even they can't catch
everything, 24/7.

When all else fails, HijackThis
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to
use. It will help you to both identify and remove any hijackware/spyware.
**Post your files to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or
http://aumha.net/viewforum.php?f=30 for expert analysis, not here.**

[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]

So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Tkrouble with Search Engine 2
Unable to Change Default Search Engine 2
WinXP/IE6 - Search Page Default 1
IE 6 default home page problem 3
IE search engine problem 2
Home page hi-jacked 4
Search Engine / cwsshredder fix 3
Home Page Anomaly 3

Top