Browser Hijack Help.

[Marge]

OK, it was dumb. I lent my laptop to my friend - Honest!

In any case, all of a sudden I got virus alerts, I tried to clean with my
AVG and Spybot - Not!

Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed Panda -
scanned - it helped. Installed KasperSky - helped even more.

Eventually, I got the system to the point where all is well - except the
following:

1) Any Microsoft site (Win Update - either typing in the url or the shortcut
from the menu bar) redirects to some random site,
2) I can hit my home page of Google (ca, us or any) all is well. When I
enter a search, it seems to be fine, then all of a sudden redirected.

Usually these sites are of the ad variety, nut popups all over the place.
Even with Firefox, it's nuts. IE is not the issue here - at least I don't
think so because I get FF redirections as well.

Lots more, but basically most sites are redirected.

I checked the Hosts and LMhost files - they're clean. There are NO BHO
loaded (everyone is disabled).

I've ran virus scans and every tool I have at my disposal (at least that I
own and paid for - no such thing as a "Try me - or Freebee on this system"),
with the exception of these re-directions no other issues.

Also, when I start is Safe Mode, there are no re-directions, so, I thought
there is something in the registry with regards to this account. So - NUKE
the account and create a new one.

Same issue. Even the Local Administrator account suffers the same issues-
albeit not quite so severe.

I would really appreciate any help.

Thanks all.

 

[Elmo]

Re: Browser Hijack Help.

Marge wrote:
> OK, it was dumb. I lent my laptop to my friend - Honest!
>
> In any case, all of a sudden I got virus alerts, I tried to clean with my
> AVG and Spybot - Not!
>
> Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed Panda -
> scanned - it helped. Installed KasperSky - helped even more.
>
> Eventually, I got the system to the point where all is well - except the
> following:
>
> 1) Any Microsoft site (Win Update - either typing in the url or the shortcut
> from the menu bar) redirects to some random site,
> 2) I can hit my home page of Google (ca, us or any) all is well. When I
> enter a search, it seems to be fine, then all of a sudden redirected.
>
> Usually these sites are of the ad variety, nut popups all over the place.
> Even with Firefox, it's nuts. IE is not the issue here - at least I don't
> think so because I get FF redirections as well.
>
> Lots more, but basically most sites are redirected.
>
> I checked the Hosts and LMhost files - they're clean. There are NO BHO
> loaded (every one is disabled).
>
> I've run virus scans and every tool I have at my disposal (at least that I
> own and paid for - no such thing as a "Try me - or Freebee on this system"),
> with the exception of these re-directions no other issues.
>
> Also, when I start is Safe Mode, there are no re-directions, so, I thought
> there is something in the registry with regards to this account. So - NUKE
> the account and create a new one.
>
> Same issue. Even the Local Administrator account suffers the same issues-
> albeit not quite so severe.
>
> I would really appreciate any help.
>
> Thanks all.

Try both of these programs from Safe Mode:

Malwarebytes from http://malwarebytes.org

- and -

Superantispyware from http://superantispyware.com

--
Joe =o)

 

[The Real Truth MVP]

Re: Browser Hijack Help.

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://pcbutts1.com/downloads/tools/tools.htm

--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/




"Marge" <mpeg@yahoo.ca> wrote in message
news:epuZX1jNJHA.1960@TK2MSFTNGP04.phx.gbl...
> OK, it was dumb. I lent my laptop to my friend - Honest!
>
> In any case, all of a sudden I got virus alerts, I tried to clean with my
> AVG and Spybot - Not!
>
> Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed
> Panda - scanned - it helped. Installed KasperSky - helped even more.
>
> Eventually, I got the system to the point where all is well - except the
> following:
>
> 1) Any Microsoft site (Win Update - either typing in the url or the
> shortcut from the menu bar) redirects to some random site,
> 2) I can hit my home page of Google (ca, us or any) all is well. When I
> enter a search, it seems to be fine, then all of a sudden redirected.
>
> Usually these sites are of the ad variety, nut popups all over the place.
> Even with Firefox, it's nuts. IE is not the issue here - at least I don't
> think so because I get FF redirections as well.
>
> Lots more, but basically most sites are redirected.
>
> I checked the Hosts and LMhost files - they're clean. There are NO BHO
> loaded (everyone is disabled).
>
> I've ran virus scans and every tool I have at my disposal (at least that I
> own and paid for - no such thing as a "Try me - or Freebee on this
> system"), with the exception of these re-directions no other issues.
>
> Also, when I start is Safe Mode, there are no re-directions, so, I thought
> there is something in the registry with regards to this account. So - NUKE
> the account and create a new one.
>
> Same issue. Even the Local Administrator account suffers the same issues-
> albeit not quite so severe.
>
> I would really appreciate any help.
>
> Thanks all.
>

 

[Kayman]

Re: Browser Hijack Help.

On Fri, 24 Oct 2008 19:02:23 -0600, Marge wrote:

> OK, it was dumb. I lent my laptop to my friend - Honest!

<snip for brevity>

1.Clear the (IE) temporary Internet files and the history cache.
Click Start==>Run... then type (or copy/paste) "inetcpl.cpl" (w/out
quotation marks) into the box, then click the 'OK' button.
In Internet Properties panel 'General' tab, under 'Browsing history', click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...'button then place a checkmark into the box beside 'Also delete files
and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.

2.Clean HDD
1.Click Start==>Run... then type (or copy/paste) "cleanmgr" (w/out
quotation marks into the box, then click the 'OK' button. Select your drive
(presumably WinXP (C and click OK.

2a. Delete files using Disk Cleanup (if on Vista)
http://windowshelp.microsoft.com/Windows/en-US/help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx

3.Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

4.SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, it is suggested scanning the system in Safe
Mode.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222
Start your computer in safe mode (Vista)
http://windowshelp.microsoft.com/Windows/en-us/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx

5.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29

NOTE: Registration is required in any of the above mentioned fora
before posting a HJT log and read the 'stickies'
(instructions/guidelines) for the respective HJT forum.

6.After your operating system is considered 'clean' flush your System
Restore cache.
Right click 'My Computer' icon and select Properties from the drop down
list.
On the system Properties click on System Restore Tab and [check] the box
'Turn off System Restore on all drives'.
Click 'Apply' then click 'OK'.

Reboot.

Right click 'My Computer' icon and select Properties from the drop down
list.
On the system Properties click on System Restore Tab and [uncheck] the box
'Turn off System Restore on all drives'.

Note: ensure that under 'Available drives' the Status of Drive does show
'Monitoring'.
And then manually create a Restore point.
Go to:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx
And scroll down to: Create a Restore Point.

7.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html

FYI:
There aren't any 'good' on-line scanners out there! On-line scanners are
the most unsafe and next to useless. Because by the time you've started
your infected Windows and connected to the Internet via this infected code
base, and start to look for scanning sites through infected DNS, you are
almost certain to have the malware perfectly positioned to overrule your
attempts to clean it.
What happens if active malware is found? Don't expect that the on-line
scanner will do anything about it. Most of them are just just marketing
tools for selling you their products. Quite often, malware removal on the
NT based OS (Win 2K and XP) is far from easy. Sometimes a (good) resident
AV can deal with it in Safe Mode.

Other reasons to stay away from on'line scanners are:
1. You have to use IE on very low security setting - ActiveX is required.
2. Many users will lower security in the Internet Zone to use the service
and then forget to set the Internet Zone back to highest possible security
- which is the only way that IE should be set.

David H. Lipman's Multi-AV and some 'other' stand-alone AV tools are
*impressively better and safer*, because you don't have to be on-line to
use them (they have no dependencies on using a web browser to perform their
function), and they can be used in Safe Mode.

Download David's MULTI_AV.EXE directly:
http://www.pctip.ch/ds/28400/28470/Multi_AV.exe
or
http://212.98.39.7/ds/28400/28470/Multi_AV.exe

http://www.pctip.ch/downloads/dl/35905.asp
or
http://212.98.39.7/downloads/dl/35905.asp

English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/

NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your FireWall to allow it to download the needed AV vendor
related files.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm

NOTE: To use this utility, perform the following...
Execute; Multi_AV.exe {Note: You must use the default folder C:\AV-CLS}
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{or Double-click on 'Start Menu' in C:\AV-CLS}

Other quality Standalone Malware Scanners are:
Kaspersky® AVPTool
http://avptool.virusinfo.info/en/
Direct:
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
--and--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
--and--
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Kaspersky® AVPTool, Dr.Web CureIt!® have no update feature (so they don't
turn into full blown scanners), thus they need to be re-downloaded every
time there's an update.
Re: K/AVPTool; Uninstall after use. To uninstall/move this program "enable
self-defense' must be unchecked!

It's safer still if you can avoid running any code from the infected system
at all, and that can be done by working from Bart CDR boot.
But that means having a clean system to build the Bart disk, and more to
the point, a fair bit of effort and technical fiddling.

Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD
http://www.nu2.nu/pebuilder/

Good luck

 

[nass]

RE: Browser Hijack Help.



"Marge" wrote:

> OK, it was dumb. I lent my laptop to my friend - Honest!

Bad idea!

Run a thorough scan by doing the following steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
http://www.malwarebytes.org/rr-update/rr-free-setup.exe
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Comodo BOClean : Anti-Malware Version 4.27
http://www.comodo.com/boclean/boclean.html

If you wish to send me your Hijackthis log I will be happy to help you
further or send to one of many forums on the internet!
Download Hijackthis and send me the log.
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
my address is : to_you_ross(at remove this and repalce with the
obvious)yahoo.co.uk ( _ is underscore)

Run disk clean up on your Drive.
You can download this tool o run clean up:
http://www.ccleaner.com/download/builds/downloading-slim
Run Disk Clean Up on your Drive.
HTH,
nass
---
http://www.nasstec.co.uk

 

[Marge]

Re: Browser Hijack Help.

Thanks Elmo. These tools did the trick.

I used Malwarebytes first and it helped alot, then Superantispyware finished
the nasties off good.

I bought Superantispyware PRO as it had some additional features that seemed
to really knock things out.

My Firefox is happy again and I tested IR and it seemed to be fine as well.

Thanks again and cheers to all for the answers and support.

"Elmo" <elmogeek@iglou.invalid> wrote in message
news:%23nnE4ZkNJHA.2484@TK2MSFTNGP06.phx.gbl...
> Marge wrote:
>> OK, it was dumb. I lent my laptop to my friend - Honest!
>>
>> In any case, all of a sudden I got virus alerts, I tried to clean with my
>> AVG and Spybot - Not!
>>
>> Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed
>> Panda -
>> scanned - it helped. Installed KasperSky - helped even more.
>>
>> Eventually, I got the system to the point where all is well - except the
>> following:
>>
>> 1) Any Microsoft site (Win Update - either typing in the url or the
>> shortcut
>> from the menu bar) redirects to some random site,
>> 2) I can hit my home page of Google (ca, us or any) all is well. When I
>> enter a search, it seems to be fine, then all of a sudden redirected.
>>
>> Usually these sites are of the ad variety, nut popups all over the place.
>> Even with Firefox, it's nuts. IE is not the issue here - at least I don't
>> think so because I get FF redirections as well.
>>
>> Lots more, but basically most sites are redirected.
>>
>> I checked the Hosts and LMhost files - they're clean. There are NO BHO
>> loaded (every one is disabled).
>>
>> I've run virus scans and every tool I have at my disposal (at least that
>> I
>> own and paid for - no such thing as a "Try me - or Freebee on this
>> system"),
>> with the exception of these re-directions no other issues.
>>
>> Also, when I start is Safe Mode, there are no re-directions, so, I
>> thought
>> there is something in the registry with regards to this account. So -
>> NUKE
>> the account and create a new one.
>>
>> Same issue. Even the Local Administrator account suffers the same issues-
>> albeit not quite so severe.
>>
>> I would really appreciate any help.
>>
>> Thanks all.
>
> Try both of these programs from Safe Mode:
>
> Malwarebytes from http://malwarebytes.org
>
> - and -
>
> Superantispyware from http://superantispyware.com
>
> --
> Joe =o)
>

 

[Kelly]

Re: Browser Hijack Help.

Hi Marge,

You may also want to add HijackThis to your collection. It is free and
fast.

See line 393 (right hand side) for the download:
http://www.kellys-korner-xp.com/xp_tweaks.htm

--

All the Best,
Kelly (MS-MVP/DTS&XP)

Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm

SupportSpace
www.supportspace.com/pages?aiu=kellyskorner

"Marge" <mpeg@yahoo.ca> wrote in message
news:epuZX1jNJHA.1960@TK2MSFTNGP04.phx.gbl...
> OK, it was dumb. I lent my laptop to my friend - Honest!
>
> In any case, all of a sudden I got virus alerts, I tried to clean with my
> AVG and Spybot - Not!
>
> Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed
> Panda - scanned - it helped. Installed KasperSky - helped even more.
>
> Eventually, I got the system to the point where all is well - except the
> following:
>
> 1) Any Microsoft site (Win Update - either typing in the url or the
> shortcut from the menu bar) redirects to some random site,
> 2) I can hit my home page of Google (ca, us or any) all is well. When I
> enter a search, it seems to be fine, then all of a sudden redirected.
>
> Usually these sites are of the ad variety, nut popups all over the place.
> Even with Firefox, it's nuts. IE is not the issue here - at least I don't
> think so because I get FF redirections as well.
>
> Lots more, but basically most sites are redirected.
>
> I checked the Hosts and LMhost files - they're clean. There are NO BHO
> loaded (everyone is disabled).
>
> I've ran virus scans and every tool I have at my disposal (at least that I
> own and paid for - no such thing as a "Try me - or Freebee on this
> system"), with the exception of these re-directions no other issues.
>
> Also, when I start is Safe Mode, there are no re-directions, so, I thought
> there is something in the registry with regards to this account. So - NUKE
> the account and create a new one.
>
> Same issue. Even the Local Administrator account suffers the same issues-
> albeit not quite so severe.
>
> I would really appreciate any help.
>
> Thanks all.
>

 

[Elmo]

Re: Browser Hijack Help.

Marge wrote:
> Thanks Elmo. These tools did the trick.
>
> I used Malwarebytes first and it helped alot, then Superantispyware finished
> the nasties off good.
>
> I bought Superantispyware PRO as it had some additional features that seemed
> to really knock things out.
>
> My Firefox is happy again and I tested IR and it seemed to be fine as well.
>
> Thanks again and cheers to all for the answers and support.

That's great news! Thanks for reporting back.

> "Elmo" <elmogeek@iglou.invalid> wrote in message
> news:%23nnE4ZkNJHA.2484@TK2MSFTNGP06.phx.gbl...
>> Marge wrote:
>>> OK, it was dumb. I lent my laptop to my friend - Honest!
>>>
>>> In any case, all of a sudden I got virus alerts, I tried to clean with my
>>> AVG and Spybot - Not!
>>>
>>> Tried a SYS-Restore - Nope. Couldn't even launch Taskman. Installed
>>> Panda -
>>> scanned - it helped. Installed KasperSky - helped even more.
>>>
>>> Eventually, I got the system to the point where all is well - except the
>>> following:
>>>
>>> 1) Any Microsoft site (Win Update - either typing in the url or the
>>> shortcut
>>> from the menu bar) redirects to some random site,
>>> 2) I can hit my home page of Google (ca, us or any) all is well. When I
>>> enter a search, it seems to be fine, then all of a sudden redirected.
>>>
>>> Usually these sites are of the ad variety, nut popups all over the place.
>>> Even with Firefox, it's nuts. IE is not the issue here - at least I don't
>>> think so because I get FF redirections as well.
>>>
>>> Lots more, but basically most sites are redirected.
>>>
>>> I checked the Hosts and LMhost files - they're clean. There are NO BHO
>>> loaded (every one is disabled).
>>>
>>> I've run virus scans and every tool I have at my disposal (at least that
>>> I
>>> own and paid for - no such thing as a "Try me - or Freebee on this
>>> system"),
>>> with the exception of these re-directions no other issues.
>>>
>>> Also, when I start is Safe Mode, there are no re-directions, so, I
>>> thought
>>> there is something in the registry with regards to this account. So -
>>> NUKE
>>> the account and create a new one.
>>>
>>> Same issue. Even the Local Administrator account suffers the same issues-
>>> albeit not quite so severe.
>>>
>>> I would really appreciate any help.
>>>
>>> Thanks all.
>> Try both of these programs from Safe Mode:
>>
>> Malwarebytes from http://malwarebytes.org
>>
>> - and -
>>
>> Superantispyware from http://superantispyware.com

--
Joe =o)