My IE 6.0 home page file was hijacked

[Guest]

I have read Joe Keith's"hijacked" of sep/2004. I'm not technical enough to
know if my problem is the same.

My Prob: IE 6.0 running on Windows 98for a long time without problem until
now. My Ie home page was hijacked. It shows www.adarson.com and
drum.cash.com and other ads. I went to windows controller, internet option
to try to remove this file. The unwanted file name reads:
www.whatsfind.com, in gray, not black. The three buttons below it are also
gray, not black ( disabled). So I cannot change this file by using the
bottons to the default file I had on before. Not only I can't delete this
file, it is a pain to close all the intrusion files.After many closing of the
ad windows, I can eventually use the Internet. The next time, the same
problem recurred.
I have run adawre SE Personnal but it did not identify any problem. I have
Norton antivirus 2004 running but it didnot prevent this hijacker. Is it a
parasite or virus? I can use the computer for non-internet tasks unaffected.

My friend told me to download a new IE 6.0 from microsoft and save it on the
hard drive but dont install it.. Then use the windows controller to delete
the installed IE 6. Then install the new IE 6. Make sense? Is there an
easier way?.

Thank you.

H. wong

 

[Jan Il]

Hi h wong

You have a hijacker, and AdAware is for detecting and removing adware only,
and your Anti-Virus is only good for detecting and removing virus ware.
Thus, you will need to use other programs and removal tools to fully remove
the specific scumware that is causing your problem.

Even if you have already run some programs, run them again according to the
instructions in the information below to thoroughly clean you system. Some
variants of malware can replicate itself and return repeatedly if not
cleaned properly. It is best to read through all the information before you
start to know before hand what you need to do and how. Follow all
instructions to letter as much as possible.

WARNING>>>> Backup all documents and files before removing any spyware!!
Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx
Most importantly, be sure to run CWShredder here
http://www.majorgeeks.com/download3019.html
Also this program searches for hidden .dlls that recreate the malware.
About Buster:
http://www.majorgeeks.com/download4289.html
Then visit these two sites to test for parasites and help basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm
and
Quick-Fix Protocol.
http://aumha.org/a/quickfix.php
Basically, throw everything here at your "infection".

Also very important, be sure to use the HijackThis. Please DO NOT post your
log to this
newsgroup, but to the HiJackThis Support Forums below:
http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4
the Aumha HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30
or Bleeping Computer Forum
http://www.bleepingcomputer.com/forums/forum22.html
to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.
(Note: You will have to Register before posting on these Forums. Please
follow all posting instructions carefully to avoid having your log deleted
or ignored.

CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.

You should also get a copy of WINSOCKXPFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also... From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)
or Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip

also.........

Courtesy of Jim Byrd -

Download Sysclean.com, from Trend Micro, here:
http://www.trendmicro.com/download/dcs.asp along with the latest pattern
file, here:
http://www.trendmicro.com/download/pattern.asp
Be sure to read the "How-to" info here:
http://www.trendmicro.com/ftp/products/tsc/readme.txt
You might also want to get Art's updater, SYS-UP.Zip, here for future
updating of these: http://home.epix.net/~artnpeg/.
(If you download and use the updater from the beginning, it will
automatically handle downloading the other files. Place them in a dedicated
folder after appropriate unzipping, and then run. This scan may take a long
time, as Sysclean is VERY extensive and thorough

NOTE: If you can not download these programs from the Internet, if your PC
has CD read capabilities, go to another computer with CD-ROM burning
capabilities. Create a folder on the hard drive of the other computer called
HOLD, download the programs to that folder, then burn that folder to a CD.
Copy the HOLD folder to your HD and then install the programs from there
and run them. After you have IE access again, update all programs where
possible to get the latest definitions and run them again in Safe Mode to be
sure there are no lingering items on the system.

Hope this helps

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Guest]

The website has higjacked your homepage has most likely made a change to the
Windows registry. I had this happen to me, and ran Ad-Aware, Spyware
Blaster, and Spybot Search & Destroy before finally resolving the problem.
I believe that Spybot Search & Destroy is the one that fixed it. It's free,
you can download it from www.download.com

Good luck.

 

[Guest]

Thank you. I 'll try it next week and post my result.

H wong

 

[Guest]

Thank you very much.

I 'll try these next week when I'm back .
I'll post my results.

H wong

 

[Guest]

What is the damage of this about:blank hijacker? Can it obtain passwords
that you use online?

 

[Jan Il]

Hi hijacked and angry

Try the following and see if it helps:

About:Blank
http://www.adwarereport.com/mt/archives/000068.html

Cool Web Search" CWS chronicles.
http://www.spywareinfo.com/~merijn/cwschronicles.html
Mirrored elsewhere Merijn's site is the best
http://inetexplorer.mvps.org/Darnit.htm
http://www.webhelper4u.com/index.html

Clean it with:

CWShredder: Free
http://www.majorgeeks.com/download4086.html

then follow the steps here to fully clean the system:

Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm

WARNING>>>> Backup all documents and files before removing any spyware!!

Hope this helps

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

"> What is the damage of this about:blank hijacker? Can it obtain passwords

 

[Guest]

I just installed the latest version of CWShredder (release - Feb 2005) and it
appears to have "cleared" the about:blank problem. We'll see if it comes
back, but my system seemas to be working as it should for now.........

Thank you Jan Il for the help. Much appreciated. Now I can sleep at night.

 

[Jan Il]

Hi hijacked and angry

I just installed the latest version of CWShredder (release - Feb 2005) and
it
appears to have "cleared" the about:blank problem. We'll see if it comes
back, but my system seemas to be working as it should for now.........

Thank you Jan Il for the help. Much appreciated. Now I can sleep at
night.

You're very welcome! Glad to hear you were able to get your prblem
resolved.

Thank you for posting back and letting us know what worked for you, and for
the benefit of other readers who might have a similar problem.

Jan
Smiles are meant to be shared,
that's why they're so contagious.

 

[Guest]

Jan Il,
I'll tell you what though, CWShredder (Feb 2005) does appear to have
surpressed the problem, but Microsoft AnitSpyware (beta 1) still finds it via
the quick scan. I have a feeling it is just picking up on the the residual
files though.