Guest Marge Posted October 25, 2008 Posted October 25, 2008 OK, it was dumb. I lent my laptop to my friend - Honest! In any case, all of a sudden I got virus alerts, I tried to clean with my AVG and Spybot - Not! Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed Panda - scanned - it helped. Installed KasperSky - helped even more. Eventually, I got the system to the point where all is well - except the following: 1) Any Microsoft site (Win Update - either typing in the url or the shortcut from the menu bar) redirects to some random site, 2) I can hit my home page of Google (ca, us or any) all is well. When I enter a search, it seems to be fine, then all of a sudden redirected. Usually these sites are of the ad variety, nut popups all over the place. Even with Firefox, it's nuts. IE is not the issue here - at least I don't think so because I get FF redirections as well. Lots more, but basically most sites are redirected. I checked the Hosts and LMhost files - they're clean. There are NO BHO loaded (everyone is disabled). I've ran virus scans and every tool I have at my disposal (at least that I own and paid for - no such thing as a "Try me - or Freebee on this system"), with the exception of these re-directions no other issues. Also, when I start is Safe Mode, there are no re-directions, so, I thought there is something in the registry with regards to this account. So - NUKE the account and create a new one. Same issue. Even the Local Administrator account suffers the same issues- albeit not quite so severe. I would really appreciate any help. Thanks all.
Guest Elmo Posted October 25, 2008 Posted October 25, 2008 Re: Browser Hijack Help. Marge wrote: > OK, it was dumb. I lent my laptop to my friend - Honest! > > In any case, all of a sudden I got virus alerts, I tried to clean with my > AVG and Spybot - Not! > > Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed Panda - > scanned - it helped. Installed KasperSky - helped even more. > > Eventually, I got the system to the point where all is well - except the > following: > > 1) Any Microsoft site (Win Update - either typing in the url or the shortcut > from the menu bar) redirects to some random site, > 2) I can hit my home page of Google (ca, us or any) all is well. When I > enter a search, it seems to be fine, then all of a sudden redirected. > > Usually these sites are of the ad variety, nut popups all over the place. > Even with Firefox, it's nuts. IE is not the issue here - at least I don't > think so because I get FF redirections as well. > > Lots more, but basically most sites are redirected. > > I checked the Hosts and LMhost files - they're clean. There are NO BHO > loaded (every one is disabled). > > I've run virus scans and every tool I have at my disposal (at least that I > own and paid for - no such thing as a "Try me - or Freebee on this system"), > with the exception of these re-directions no other issues. > > Also, when I start is Safe Mode, there are no re-directions, so, I thought > there is something in the registry with regards to this account. So - NUKE > the account and create a new one. > > Same issue. Even the Local Administrator account suffers the same issues- > albeit not quite so severe. > > I would really appreciate any help. > > Thanks all. Try both of these programs from Safe Mode: Malwarebytes from http://malwarebytes.org - and - Superantispyware from http://superantispyware.com -- Joe =o)
Guest The Real Truth MVP Posted October 25, 2008 Posted October 25, 2008 Re: Browser Hijack Help. Use my Remove-it software, it will remove that malware from your system. Choose yes for all options when prompted. Download it here http://pcbutts1.com/downloads/tools/tools.htm -- The Real Truth http://pcbutts1-therealtruth.blogspot.com/ "Marge" <mpeg@yahoo.ca> wrote in message news:epuZX1jNJHA.1960@TK2MSFTNGP04.phx.gbl... > OK, it was dumb. I lent my laptop to my friend - Honest! > > In any case, all of a sudden I got virus alerts, I tried to clean with my > AVG and Spybot - Not! > > Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed > Panda - scanned - it helped. Installed KasperSky - helped even more. > > Eventually, I got the system to the point where all is well - except the > following: > > 1) Any Microsoft site (Win Update - either typing in the url or the > shortcut from the menu bar) redirects to some random site, > 2) I can hit my home page of Google (ca, us or any) all is well. When I > enter a search, it seems to be fine, then all of a sudden redirected. > > Usually these sites are of the ad variety, nut popups all over the place. > Even with Firefox, it's nuts. IE is not the issue here - at least I don't > think so because I get FF redirections as well. > > Lots more, but basically most sites are redirected. > > I checked the Hosts and LMhost files - they're clean. There are NO BHO > loaded (everyone is disabled). > > I've ran virus scans and every tool I have at my disposal (at least that I > own and paid for - no such thing as a "Try me - or Freebee on this > system"), with the exception of these re-directions no other issues. > > Also, when I start is Safe Mode, there are no re-directions, so, I thought > there is something in the registry with regards to this account. So - NUKE > the account and create a new one. > > Same issue. Even the Local Administrator account suffers the same issues- > albeit not quite so severe. > > I would really appreciate any help. > > Thanks all. >
Guest Kayman Posted October 25, 2008 Posted October 25, 2008 Re: Browser Hijack Help. On Fri, 24 Oct 2008 19:02:23 -0600, Marge wrote: > OK, it was dumb. I lent my laptop to my friend - Honest! <snip for brevity> 1.Clear the (IE) temporary Internet files and the history cache. Click Start==>Run... then type (or copy/paste) "inetcpl.cpl" (w/out quotation marks) into the box, then click the 'OK' button. In Internet Properties panel 'General' tab, under 'Browsing history', click 'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete all...'button then place a checkmark into the box beside 'Also delete files and settings stored by add-ons', Click 'Yes' and exit the Internet Properties panel by clicking the 'OK' button. 2.Clean HDD 1.Click Start==>Run... then type (or copy/paste) "cleanmgr" (w/out quotation marks into the box, then click the 'OK' button. Select your drive (presumably WinXP (C:) and click OK. 2a. Delete files using Disk Cleanup (if on Vista) http://windowshelp.microsoft.com/Windows/en-US/help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx 3.Malwarebytes© Corporation - Anti-Malware http://www.malwarebytes.org/mbam/program/mbam-setup.exe 4.SuperAntispyware - Free http://www.superantispyware.com/superantispywarefreevspro.html After the software is updated, it is suggested scanning the system in Safe Mode. How do you boot to Safe Mode? By pressing/tabbing F8 (or F5 on some keyboards) during re-boot. A description of the Safe Mode Boot options in Windows XP http://support.microsoft.com/default.aspx?scid=315222 Start your computer in safe mode (Vista) http://windowshelp.microsoft.com/Windows/en-us/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx 5.Download and execute HiJack This! (HJT) http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis Please, do not post HJT logs to this newsgroup. Fora where you can get expert advice for HiJack This! (HJT) logs. http://www.thespykiller.co.uk/index.php?board=3.0 http://www.spywarewarrior.com/viewforum.php?f=5 http://forums.tomcoyote.org/index.php?showforum=27 http://www.bleepingcomputer.com/forums/forum22.html http://www.malwarebytes.org/forums/index.php?showforum=7 http://www.5starsupport.com/ipboard/index.php?showforum=18 http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29 NOTE: Registration is required in any of the above mentioned fora before posting a HJT log and read the 'stickies' (instructions/guidelines) for the respective HJT forum. 6.After your operating system is considered 'clean' flush your System Restore cache. Right click 'My Computer' icon and select Properties from the drop down list. On the system Properties click on System Restore Tab and [check] the box 'Turn off System Restore on all drives'. Click 'Apply' then click 'OK'. Reboot. Right click 'My Computer' icon and select Properties from the drop down list. On the system Properties click on System Restore Tab and [uncheck] the box 'Turn off System Restore on all drives'. Note: ensure that under 'Available drives' the Status of Drive does show 'Monitoring'. And then manually create a Restore point. Go to: http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx And scroll down to: Create a Restore Point. 7.Routinely practice Safe-Hex. http://www.claymania.com/safe-hex.html FYI: There aren't any 'good' on-line scanners out there! On-line scanners are the most unsafe and next to useless. Because by the time you've started your infected Windows and connected to the Internet via this infected code base, and start to look for scanning sites through infected DNS, you are almost certain to have the malware perfectly positioned to overrule your attempts to clean it. What happens if active malware is found? Don't expect that the on-line scanner will do anything about it. Most of them are just just marketing tools for selling you their products. Quite often, malware removal on the NT based OS (Win 2K and XP) is far from easy. Sometimes a (good) resident AV can deal with it in Safe Mode. Other reasons to stay away from on'line scanners are: 1. You have to use IE on very low security setting - ActiveX is required. 2. Many users will lower security in the Internet Zone to use the service and then forget to set the Internet Zone back to highest possible security - which is the only way that IE should be set. David H. Lipman's Multi-AV and some 'other' stand-alone AV tools are *impressively better and safer*, because you don't have to be on-line to use them (they have no dependencies on using a web browser to perform their function), and they can be used in Safe Mode. Download David's MULTI_AV.EXE directly: http://www.pctip.ch/ds/28400/28470/Multi_AV.exe or http://212.98.39.7/ds/28400/28470/Multi_AV.exe http://www.pctip.ch/downloads/dl/35905.asp or http://212.98.39.7/downloads/dl/35905.asp English: http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/ NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. Additional Instructions: http://pcdid.com/Multi_AV.htm NOTE: To use this utility, perform the following... Execute; Multi_AV.exe {Note: You must use the default folder C:\AV-CLS} Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT {or Double-click on 'Start Menu' in C:\AV-CLS} Other quality Standalone Malware Scanners are: Kaspersky® AVPTool http://avptool.virusinfo.info/en/ Direct: http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/ --and-- Dr.Web CureIt!® Utility - FREE http://www.freedrweb.com/cureit/ --and-- Malwarebytes© Corporation - Anti-Malware http://www.malwarebytes.org/mbam/program/mbam-setup.exe Kaspersky® AVPTool, Dr.Web CureIt!® have no update feature (so they don't turn into full blown scanners), thus they need to be re-downloaded every time there's an update. Re: K/AVPTool; Uninstall after use. To uninstall/move this program "enable self-defense' must be unchecked! It's safer still if you can avoid running any code from the infected system at all, and that can be done by working from Bart CDR boot. But that means having a clean system to build the Bart disk, and more to the point, a fair bit of effort and technical fiddling. Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD http://www.nu2.nu/pebuilder/ Good luck;)
Guest nass Posted October 25, 2008 Posted October 25, 2008 RE: Browser Hijack Help. "Marge" wrote: > OK, it was dumb. I lent my laptop to my friend - Honest! Bad idea! Run a thorough scan by doing the following steps: 1... First, try to clean up your caches, Internet files and delete cookies by doing this: Click Start >> Control Panel >> Double click Network and Internet Connections >> Double click Internet Options. On the IE properties windows you will see these Tabs: General | Security | Privacy | Content | Connections | Programs | Advanced Under General Tab clear your History, Internet Files and Cookies. Then click on Advanced tab and scroll down to under the Browsing Option: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box. Then click on Programs Tab and click Manage Add-Ons and Disable all non Verified Add-Ons (You should Renable them later one-by-one and see the culprit and update it or remove it. How to manage Add-Ons: http://support.microsoft.com/kb/883256 Scan for malware from here: SuperAntispyware - Free http://www.superantispyware.com/superantispywarefreevspro.html http://www.malwarebytes.org/rr-update/rr-free-setup.exe http://onecare.live.com/site/en-gb/default.htm?s_cid=sah Run a scan from here on-line: http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from here: http://www.avast.com/eng/avast-virus-cleaner.html Comodo BOClean : Anti-Malware Version 4.27 http://www.comodo.com/boclean/boclean.html If you wish to send me your Hijackthis log I will be happy to help you further or send to one of many forums on the internet! Download Hijackthis and send me the log. (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php) my address is : to_you_ross(at remove this and repalce with the obvious)yahoo.co.uk ( _ is underscore) Run disk clean up on your Drive. You can download this tool o run clean up: http://www.ccleaner.com/download/builds/downloading-slim Run Disk Clean Up on your Drive. HTH, nass --- http://www.nasstec.co.uk
Guest Marge Posted October 25, 2008 Posted October 25, 2008 Re: Browser Hijack Help. Thanks Elmo. These tools did the trick. I used Malwarebytes first and it helped alot, then Superantispyware finished the nasties off good. I bought Superantispyware PRO as it had some additional features that seemed to really knock things out. My Firefox is happy again and I tested IR and it seemed to be fine as well. Thanks again and cheers to all for the answers and support. "Elmo" <elmogeek@iglou.invalid> wrote in message news:%23nnE4ZkNJHA.2484@TK2MSFTNGP06.phx.gbl... > Marge wrote: >> OK, it was dumb. I lent my laptop to my friend - Honest! >> >> In any case, all of a sudden I got virus alerts, I tried to clean with my >> AVG and Spybot - Not! >> >> Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed >> Panda - >> scanned - it helped. Installed KasperSky - helped even more. >> >> Eventually, I got the system to the point where all is well - except the >> following: >> >> 1) Any Microsoft site (Win Update - either typing in the url or the >> shortcut >> from the menu bar) redirects to some random site, >> 2) I can hit my home page of Google (ca, us or any) all is well. When I >> enter a search, it seems to be fine, then all of a sudden redirected. >> >> Usually these sites are of the ad variety, nut popups all over the place. >> Even with Firefox, it's nuts. IE is not the issue here - at least I don't >> think so because I get FF redirections as well. >> >> Lots more, but basically most sites are redirected. >> >> I checked the Hosts and LMhost files - they're clean. There are NO BHO >> loaded (every one is disabled). >> >> I've run virus scans and every tool I have at my disposal (at least that >> I >> own and paid for - no such thing as a "Try me - or Freebee on this >> system"), >> with the exception of these re-directions no other issues. >> >> Also, when I start is Safe Mode, there are no re-directions, so, I >> thought >> there is something in the registry with regards to this account. So - >> NUKE >> the account and create a new one. >> >> Same issue. Even the Local Administrator account suffers the same issues- >> albeit not quite so severe. >> >> I would really appreciate any help. >> >> Thanks all. > > Try both of these programs from Safe Mode: > > Malwarebytes from http://malwarebytes.org > > - and - > > Superantispyware from http://superantispyware.com > > -- > Joe =o) >
Guest Kelly Posted October 25, 2008 Posted October 25, 2008 Re: Browser Hijack Help. Hi Marge, You may also want to add HijackThis to your collection. It is free and fast. See line 393 (right hand side) for the download: http://www.kellys-korner-xp.com/xp_tweaks.htm -- All the Best, Kelly (MS-MVP/DTS&XP) Taskbar Repair Tool Plus! http://www.kellys-korner-xp.com/taskbarplus!.htm SupportSpace http://www.supportspace.com/pages?aiu=kellyskorner "Marge" <mpeg@yahoo.ca> wrote in message news:epuZX1jNJHA.1960@TK2MSFTNGP04.phx.gbl... > OK, it was dumb. I lent my laptop to my friend - Honest! > > In any case, all of a sudden I got virus alerts, I tried to clean with my > AVG and Spybot - Not! > > Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed > Panda - scanned - it helped. Installed KasperSky - helped even more. > > Eventually, I got the system to the point where all is well - except the > following: > > 1) Any Microsoft site (Win Update - either typing in the url or the > shortcut from the menu bar) redirects to some random site, > 2) I can hit my home page of Google (ca, us or any) all is well. When I > enter a search, it seems to be fine, then all of a sudden redirected. > > Usually these sites are of the ad variety, nut popups all over the place. > Even with Firefox, it's nuts. IE is not the issue here - at least I don't > think so because I get FF redirections as well. > > Lots more, but basically most sites are redirected. > > I checked the Hosts and LMhost files - they're clean. There are NO BHO > loaded (everyone is disabled). > > I've ran virus scans and every tool I have at my disposal (at least that I > own and paid for - no such thing as a "Try me - or Freebee on this > system"), with the exception of these re-directions no other issues. > > Also, when I start is Safe Mode, there are no re-directions, so, I thought > there is something in the registry with regards to this account. So - NUKE > the account and create a new one. > > Same issue. Even the Local Administrator account suffers the same issues- > albeit not quite so severe. > > I would really appreciate any help. > > Thanks all. >
Guest Elmo Posted October 26, 2008 Posted October 26, 2008 Re: Browser Hijack Help. Marge wrote: > Thanks Elmo. These tools did the trick. > > I used Malwarebytes first and it helped alot, then Superantispyware finished > the nasties off good. > > I bought Superantispyware PRO as it had some additional features that seemed > to really knock things out. > > My Firefox is happy again and I tested IR and it seemed to be fine as well. > > Thanks again and cheers to all for the answers and support. That's great news! Thanks for reporting back. > "Elmo" <elmogeek@iglou.invalid> wrote in message > news:%23nnE4ZkNJHA.2484@TK2MSFTNGP06.phx.gbl... >> Marge wrote: >>> OK, it was dumb. I lent my laptop to my friend - Honest! >>> >>> In any case, all of a sudden I got virus alerts, I tried to clean with my >>> AVG and Spybot - Not! >>> >>> Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed >>> Panda - >>> scanned - it helped. Installed KasperSky - helped even more. >>> >>> Eventually, I got the system to the point where all is well - except the >>> following: >>> >>> 1) Any Microsoft site (Win Update - either typing in the url or the >>> shortcut >>> from the menu bar) redirects to some random site, >>> 2) I can hit my home page of Google (ca, us or any) all is well. When I >>> enter a search, it seems to be fine, then all of a sudden redirected. >>> >>> Usually these sites are of the ad variety, nut popups all over the place. >>> Even with Firefox, it's nuts. IE is not the issue here - at least I don't >>> think so because I get FF redirections as well. >>> >>> Lots more, but basically most sites are redirected. >>> >>> I checked the Hosts and LMhost files - they're clean. There are NO BHO >>> loaded (every one is disabled). >>> >>> I've run virus scans and every tool I have at my disposal (at least that >>> I >>> own and paid for - no such thing as a "Try me - or Freebee on this >>> system"), >>> with the exception of these re-directions no other issues. >>> >>> Also, when I start is Safe Mode, there are no re-directions, so, I >>> thought >>> there is something in the registry with regards to this account. So - >>> NUKE >>> the account and create a new one. >>> >>> Same issue. Even the Local Administrator account suffers the same issues- >>> albeit not quite so severe. >>> >>> I would really appreciate any help. >>> >>> Thanks all. >> Try both of these programs from Safe Mode: >> >> Malwarebytes from http://malwarebytes.org >> >> - and - >> >> Superantispyware from http://superantispyware.com -- Joe =o)
Recommended Posts