Browser Hijack Help.

[Guest Marge]

OK, it was dumb. I lent my laptop to my friend - Honest!

 

In any case, all of a sudden I got virus alerts, I tried to clean with my

AVG and Spybot - Not!

 

Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed Panda -

scanned - it helped. Installed KasperSky - helped even more.

 

Eventually, I got the system to the point where all is well - except the

following:

 

1) Any Microsoft site (Win Update - either typing in the url or the shortcut

from the menu bar) redirects to some random site,

2) I can hit my home page of Google (ca, us or any) all is well. When I

enter a search, it seems to be fine, then all of a sudden redirected.

 

Usually these sites are of the ad variety, nut popups all over the place.

Even with Firefox, it's nuts. IE is not the issue here - at least I don't

think so because I get FF redirections as well.

 

Lots more, but basically most sites are redirected.

 

I checked the Hosts and LMhost files - they're clean. There are NO BHO

loaded (everyone is disabled).

 

I've ran virus scans and every tool I have at my disposal (at least that I

own and paid for - no such thing as a "Try me - or Freebee on this system"),

with the exception of these re-directions no other issues.

 

Also, when I start is Safe Mode, there are no re-directions, so, I thought

there is something in the registry with regards to this account. So - NUKE

the account and create a new one.

 

Same issue. Even the Local Administrator account suffers the same issues-

albeit not quite so severe.

 

I would really appreciate any help.

 

Thanks all.

[Guest Elmo]

Re: Browser Hijack Help.

 

Marge wrote:

> OK, it was dumb. I lent my laptop to my friend - Honest!

>

> In any case, all of a sudden I got virus alerts, I tried to clean with my

> AVG and Spybot - Not!

>

> Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed Panda -

> scanned - it helped. Installed KasperSky - helped even more.

>

> Eventually, I got the system to the point where all is well - except the

> following:

>

> 1) Any Microsoft site (Win Update - either typing in the url or the shortcut

> from the menu bar) redirects to some random site,

> 2) I can hit my home page of Google (ca, us or any) all is well. When I

> enter a search, it seems to be fine, then all of a sudden redirected.

>

> Usually these sites are of the ad variety, nut popups all over the place.

> Even with Firefox, it's nuts. IE is not the issue here - at least I don't

> think so because I get FF redirections as well.

>

> Lots more, but basically most sites are redirected.

>

> I checked the Hosts and LMhost files - they're clean. There are NO BHO

> loaded (every one is disabled).

>

> I've run virus scans and every tool I have at my disposal (at least that I

> own and paid for - no such thing as a "Try me - or Freebee on this system"),

> with the exception of these re-directions no other issues.

>

> Also, when I start is Safe Mode, there are no re-directions, so, I thought

> there is something in the registry with regards to this account. So - NUKE

> the account and create a new one.

>

> Same issue. Even the Local Administrator account suffers the same issues-

> albeit not quite so severe.

>

> I would really appreciate any help.

>

> Thanks all.

 

Try both of these programs from Safe Mode:

 

Malwarebytes from http://malwarebytes.org

 

- and -

 

Superantispyware from http://superantispyware.com

 

--

Joe =o)

[Guest The Real Truth MVP]

Re: Browser Hijack Help.

 

Use my Remove-it software, it will remove that malware from your system.

Choose yes for all options when prompted. Download it here

http://pcbutts1.com/downloads/tools/tools.htm

 

--

The Real Truth http://pcbutts1-therealtruth.blogspot.com/

 

 

 

 

"Marge" <mpeg@yahoo.ca> wrote in message

news:epuZX1jNJHA.1960@TK2MSFTNGP04.phx.gbl...

> OK, it was dumb. I lent my laptop to my friend - Honest!

>

> In any case, all of a sudden I got virus alerts, I tried to clean with my

> AVG and Spybot - Not!

>

> Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed

> Panda - scanned - it helped. Installed KasperSky - helped even more.

>

> Eventually, I got the system to the point where all is well - except the

> following:

>

> 1) Any Microsoft site (Win Update - either typing in the url or the

> shortcut from the menu bar) redirects to some random site,

> 2) I can hit my home page of Google (ca, us or any) all is well. When I

> enter a search, it seems to be fine, then all of a sudden redirected.

>

> Usually these sites are of the ad variety, nut popups all over the place.

> Even with Firefox, it's nuts. IE is not the issue here - at least I don't

> think so because I get FF redirections as well.

>

> Lots more, but basically most sites are redirected.

>

> I checked the Hosts and LMhost files - they're clean. There are NO BHO

> loaded (everyone is disabled).

>

> I've ran virus scans and every tool I have at my disposal (at least that I

> own and paid for - no such thing as a "Try me - or Freebee on this

> system"), with the exception of these re-directions no other issues.

>

> Also, when I start is Safe Mode, there are no re-directions, so, I thought

> there is something in the registry with regards to this account. So - NUKE

> the account and create a new one.

>

> Same issue. Even the Local Administrator account suffers the same issues-

> albeit not quite so severe.

>

> I would really appreciate any help.

>

> Thanks all.

>

[Guest Kayman]

Re: Browser Hijack Help.

 

On Fri, 24 Oct 2008 19:02:23 -0600, Marge wrote:

> OK, it was dumb. I lent my laptop to my friend - Honest!

 

<snip for brevity>

 

1.Clear the (IE) temporary Internet files and the history cache.

Click Start==>Run... then type (or copy/paste) "inetcpl.cpl" (w/out

quotation marks) into the box, then click the 'OK' button.

In Internet Properties panel 'General' tab, under 'Browsing history', click

'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete

all...'button then place a checkmark into the box beside 'Also delete files

and settings stored by add-ons', Click 'Yes' and exit the Internet

Properties panel by clicking the 'OK' button.

 

2.Clean HDD

1.Click Start==>Run... then type (or copy/paste) "cleanmgr" (w/out

quotation marks into the box, then click the 'OK' button. Select your drive

(presumably WinXP (C:) and click OK.

 

2a. Delete files using Disk Cleanup (if on Vista)

http://windowshelp.microsoft.com/Windows/en-US/help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx

 

3.Malwarebytes© Corporation - Anti-Malware

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

4.SuperAntispyware - Free

http://www.superantispyware.com/superantispywarefreevspro.html

 

After the software is updated, it is suggested scanning the system in Safe

Mode.

How do you boot to Safe Mode?

By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.

A description of the Safe Mode Boot options in Windows XP

http://support.microsoft.com/default.aspx?scid=315222

Start your computer in safe mode (Vista)

http://windowshelp.microsoft.com/Windows/en-us/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx

 

5.Download and execute HiJack This! (HJT)

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

 

Please, do not post HJT logs to this newsgroup.

Fora where you can get expert advice for HiJack This! (HJT) logs.

 

http://www.thespykiller.co.uk/index.php?board=3.0

http://www.spywarewarrior.com/viewforum.php?f=5

http://forums.tomcoyote.org/index.php?showforum=27

http://www.bleepingcomputer.com/forums/forum22.html

http://www.malwarebytes.org/forums/index.php?showforum=7

http://www.5starsupport.com/ipboard/index.php?showforum=18

http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29

 

NOTE: Registration is required in any of the above mentioned fora

before posting a HJT log and read the 'stickies'

(instructions/guidelines) for the respective HJT forum.

 

6.After your operating system is considered 'clean' flush your System

Restore cache.

Right click 'My Computer' icon and select Properties from the drop down

list.

On the system Properties click on System Restore Tab and [check] the box

'Turn off System Restore on all drives'.

Click 'Apply' then click 'OK'.

 

Reboot.

 

Right click 'My Computer' icon and select Properties from the drop down

list.

On the system Properties click on System Restore Tab and [uncheck] the box

'Turn off System Restore on all drives'.

 

Note: ensure that under 'Available drives' the Status of Drive does show

'Monitoring'.

And then manually create a Restore point.

Go to:

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx

And scroll down to: Create a Restore Point.

 

7.Routinely practice Safe-Hex.

http://www.claymania.com/safe-hex.html

 

FYI:

There aren't any 'good' on-line scanners out there! On-line scanners are

the most unsafe and next to useless. Because by the time you've started

your infected Windows and connected to the Internet via this infected code

base, and start to look for scanning sites through infected DNS, you are

almost certain to have the malware perfectly positioned to overrule your

attempts to clean it.

What happens if active malware is found? Don't expect that the on-line

scanner will do anything about it. Most of them are just just marketing

tools for selling you their products. Quite often, malware removal on the

NT based OS (Win 2K and XP) is far from easy. Sometimes a (good) resident

AV can deal with it in Safe Mode.

 

Other reasons to stay away from on'line scanners are:

1. You have to use IE on very low security setting - ActiveX is required.

2. Many users will lower security in the Internet Zone to use the service

and then forget to set the Internet Zone back to highest possible security

- which is the only way that IE should be set.

 

David H. Lipman's Multi-AV and some 'other' stand-alone AV tools are

*impressively better and safer*, because you don't have to be on-line to

use them (they have no dependencies on using a web browser to perform their

function), and they can be used in Safe Mode.

 

Download David's MULTI_AV.EXE directly:

http://www.pctip.ch/ds/28400/28470/Multi_AV.exe

or

http://212.98.39.7/ds/28400/28470/Multi_AV.exe

 

http://www.pctip.ch/downloads/dl/35905.asp

or

http://212.98.39.7/downloads/dl/35905.asp

 

English:

http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/

 

NOTE: You may have to disable your software FireWall or allow WGET.EXE to

go through your FireWall to allow it to download the needed AV vendor

related files.

 

When the menu is displayed hitting 'H' or 'h' will bring up a more

comprehensive PDF help file.

 

Additional Instructions:

http://pcdid.com/Multi_AV.htm

 

NOTE: To use this utility, perform the following...

Execute; Multi_AV.exe {Note: You must use the default folder C:\AV-CLS}

Choose; Unzip

Choose; Close

 

Execute; C:\AV-CLS\StartMenu.BAT

{or Double-click on 'Start Menu' in C:\AV-CLS}

 

Other quality Standalone Malware Scanners are:

Kaspersky® AVPTool

http://avptool.virusinfo.info/en/

Direct:

http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/

--and--

Dr.Web CureIt!® Utility - FREE

http://www.freedrweb.com/cureit/

--and--

Malwarebytes© Corporation - Anti-Malware

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

Kaspersky® AVPTool, Dr.Web CureIt!® have no update feature (so they don't

turn into full blown scanners), thus they need to be re-downloaded every

time there's an update.

Re: K/AVPTool; Uninstall after use. To uninstall/move this program "enable

self-defense' must be unchecked!

 

It's safer still if you can avoid running any code from the infected system

at all, and that can be done by working from Bart CDR boot.

But that means having a clean system to build the Bart disk, and more to

the point, a fair bit of effort and technical fiddling.

 

Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD

http://www.nu2.nu/pebuilder/

 

Good luck;)

[Guest nass]

RE: Browser Hijack Help.

 

 

 

"Marge" wrote:

> OK, it was dumb. I lent my laptop to my friend - Honest!

 

Bad idea!

 

Run a thorough scan by doing the following steps:

1... First, try to clean up your caches, Internet files and delete cookies

by doing this:

Click Start >> Control Panel >> Double click Network and Internet

Connections >> Double click Internet Options.

On the IE properties windows you will see these Tabs:

General | Security | Privacy | Content | Connections | Programs |

Advanced

Under General Tab clear your History, Internet Files and Cookies.

Then click on Advanced tab and scroll down to under the Browsing Option:

[&] Browsing

[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.

Then click on Programs Tab and click Manage Add-Ons and Disable all non

Verified Add-Ons (You should Renable them later one-by-one and see the

culprit and update it or remove it.

How to manage Add-Ons:

http://support.microsoft.com/kb/883256

Scan for malware from here:

SuperAntispyware - Free

http://www.superantispyware.com/superantispywarefreevspro.html

http://www.malwarebytes.org/rr-update/rr-free-setup.exe

http://onecare.live.com/site/en-gb/default.htm?s_cid=sah

 

Run a scan from here on-line:

http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Download Avast Cleaner (offline scanner) from here:

http://www.avast.com/eng/avast-virus-cleaner.html

Comodo BOClean : Anti-Malware Version 4.27

http://www.comodo.com/boclean/boclean.html

 

If you wish to send me your Hijackthis log I will be happy to help you

further or send to one of many forums on the internet!

Download Hijackthis and send me the log.

(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)

my address is : to_you_ross(at remove this and repalce with the

obvious)yahoo.co.uk ( _ is underscore)

 

Run disk clean up on your Drive.

You can download this tool o run clean up:

http://www.ccleaner.com/download/builds/downloading-slim

Run Disk Clean Up on your Drive.

HTH,

nass

---

http://www.nasstec.co.uk

[Guest Marge]

Re: Browser Hijack Help.

 

Thanks Elmo. These tools did the trick.

 

I used Malwarebytes first and it helped alot, then Superantispyware finished

the nasties off good.

 

I bought Superantispyware PRO as it had some additional features that seemed

to really knock things out.

 

My Firefox is happy again and I tested IR and it seemed to be fine as well.

 

Thanks again and cheers to all for the answers and support.

 

"Elmo" <elmogeek@iglou.invalid> wrote in message

news:%23nnE4ZkNJHA.2484@TK2MSFTNGP06.phx.gbl...

> Marge wrote:

>> OK, it was dumb. I lent my laptop to my friend - Honest!

>>

>> In any case, all of a sudden I got virus alerts, I tried to clean with my

>> AVG and Spybot - Not!

>>

>> Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed

>> Panda -

>> scanned - it helped. Installed KasperSky - helped even more.

>>

>> Eventually, I got the system to the point where all is well - except the

>> following:

>>

>> 1) Any Microsoft site (Win Update - either typing in the url or the

>> shortcut

>> from the menu bar) redirects to some random site,

>> 2) I can hit my home page of Google (ca, us or any) all is well. When I

>> enter a search, it seems to be fine, then all of a sudden redirected.

>>

>> Usually these sites are of the ad variety, nut popups all over the place.

>> Even with Firefox, it's nuts. IE is not the issue here - at least I don't

>> think so because I get FF redirections as well.

>>

>> Lots more, but basically most sites are redirected.

>>

>> I checked the Hosts and LMhost files - they're clean. There are NO BHO

>> loaded (every one is disabled).

>>

>> I've run virus scans and every tool I have at my disposal (at least that

>> I

>> own and paid for - no such thing as a "Try me - or Freebee on this

>> system"),

>> with the exception of these re-directions no other issues.

>>

>> Also, when I start is Safe Mode, there are no re-directions, so, I

>> thought

>> there is something in the registry with regards to this account. So -

>> NUKE

>> the account and create a new one.

>>

>> Same issue. Even the Local Administrator account suffers the same issues-

>> albeit not quite so severe.

>>

>> I would really appreciate any help.

>>

>> Thanks all.

>

> Try both of these programs from Safe Mode:

>

> Malwarebytes from http://malwarebytes.org

>

> - and -

>

> Superantispyware from http://superantispyware.com

>

> --

> Joe =o)

>

[Guest Kelly]

Re: Browser Hijack Help.

 

Hi Marge,

 

You may also want to add HijackThis to your collection. It is free and

fast.

 

See line 393 (right hand side) for the download:

http://www.kellys-korner-xp.com/xp_tweaks.htm

 

--

 

All the Best,

Kelly (MS-MVP/DTS&XP)

 

Taskbar Repair Tool Plus!

http://www.kellys-korner-xp.com/taskbarplus!.htm

 

SupportSpace

http://www.supportspace.com/pages?aiu=kellyskorner

 

"Marge" <mpeg@yahoo.ca> wrote in message

news:epuZX1jNJHA.1960@TK2MSFTNGP04.phx.gbl...

> OK, it was dumb. I lent my laptop to my friend - Honest!

>

> In any case, all of a sudden I got virus alerts, I tried to clean with my

> AVG and Spybot - Not!

>

> Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed

> Panda - scanned - it helped. Installed KasperSky - helped even more.

>

> Eventually, I got the system to the point where all is well - except the

> following:

>

> 1) Any Microsoft site (Win Update - either typing in the url or the

> shortcut from the menu bar) redirects to some random site,

> 2) I can hit my home page of Google (ca, us or any) all is well. When I

> enter a search, it seems to be fine, then all of a sudden redirected.

>

> Usually these sites are of the ad variety, nut popups all over the place.

> Even with Firefox, it's nuts. IE is not the issue here - at least I don't

> think so because I get FF redirections as well.

>

> Lots more, but basically most sites are redirected.

>

> I checked the Hosts and LMhost files - they're clean. There are NO BHO

> loaded (everyone is disabled).

>

> I've ran virus scans and every tool I have at my disposal (at least that I

> own and paid for - no such thing as a "Try me - or Freebee on this

> system"), with the exception of these re-directions no other issues.

>

> Also, when I start is Safe Mode, there are no re-directions, so, I thought

> there is something in the registry with regards to this account. So - NUKE

> the account and create a new one.

>

> Same issue. Even the Local Administrator account suffers the same issues-

> albeit not quite so severe.

>

> I would really appreciate any help.

>

> Thanks all.

>

[Guest Elmo]

Re: Browser Hijack Help.

 

Marge wrote:

> Thanks Elmo. These tools did the trick.

>

> I used Malwarebytes first and it helped alot, then Superantispyware finished

> the nasties off good.

>

> I bought Superantispyware PRO as it had some additional features that seemed

> to really knock things out.

>

> My Firefox is happy again and I tested IR and it seemed to be fine as well.

>

> Thanks again and cheers to all for the answers and support.

 

That's great news! Thanks for reporting back.

> "Elmo" <elmogeek@iglou.invalid> wrote in message

> news:%23nnE4ZkNJHA.2484@TK2MSFTNGP06.phx.gbl...

>> Marge wrote:

>>> OK, it was dumb. I lent my laptop to my friend - Honest!

>>>

>>> In any case, all of a sudden I got virus alerts, I tried to clean with my

>>> AVG and Spybot - Not!

>>>

>>> Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed

>>> Panda -

>>> scanned - it helped. Installed KasperSky - helped even more.

>>>

>>> Eventually, I got the system to the point where all is well - except the

>>> following:

>>>

>>> 1) Any Microsoft site (Win Update - either typing in the url or the

>>> shortcut

>>> from the menu bar) redirects to some random site,

>>> 2) I can hit my home page of Google (ca, us or any) all is well. When I

>>> enter a search, it seems to be fine, then all of a sudden redirected.

>>>

>>> Usually these sites are of the ad variety, nut popups all over the place.

>>> Even with Firefox, it's nuts. IE is not the issue here - at least I don't

>>> think so because I get FF redirections as well.

>>>

>>> Lots more, but basically most sites are redirected.

>>>

>>> I checked the Hosts and LMhost files - they're clean. There are NO BHO

>>> loaded (every one is disabled).

>>>

>>> I've run virus scans and every tool I have at my disposal (at least that

>>> I

>>> own and paid for - no such thing as a "Try me - or Freebee on this

>>> system"),

>>> with the exception of these re-directions no other issues.

>>>

>>> Also, when I start is Safe Mode, there are no re-directions, so, I

>>> thought

>>> there is something in the registry with regards to this account. So -

>>> NUKE

>>> the account and create a new one.

>>>

>>> Same issue. Even the Local Administrator account suffers the same issues-

>>> albeit not quite so severe.

>>>

>>> I would really appreciate any help.

>>>

>>> Thanks all.

>> Try both of these programs from Safe Mode:

>>

>> Malwarebytes from http://malwarebytes.org

>>

>> - and -

>>

>> Superantispyware from http://superantispyware.com

 

--

Joe =o)