Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

browser hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: browser hijacked

Unread postby plumfield » January 17th, 2009, 1:20 am

Okay, here's the kaspersky, finally. Does the name refer to the views out West?
:) Thanks again for all this help, and the HJT log is also included below. While the Kaspersky was running, I was browsing the internet and seemed to be getting normal results.




KASPERSKY ONLINE SCANNER 7 REPORT
Friday, January 16, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 17, 2009 00:48:09
Records in database: 1633474


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\

Scan statistics
Files scanned 94913
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 02:27:48

File name Threat name Threats count
C:\_OTMoveIt\MovedFiles\01162009_172551\WINDOWS\SYSTEM32\wdmaud.sys Infected: Rootkit.Win32.Agent.fwt 1

The selected area was scanned.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:34 PM, on 1/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8939979886
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visitor ... EFlash.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/w ... uncher.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remote.mercy.net/dana-cached/se ... tupSP1.cab
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\DOCUME~1\CAROLM~1\LOCALS~1\Temp\500064-PMLPatch\HPZipm12.exe (file missing)

--
End of file - 4623 bytes
plumfield
Active Member
 
Posts: 12
Joined: December 31st, 2008, 1:36 am
Advertisement
Register to Remove

Re: browser hijacked

Unread postby flashh4 » January 18th, 2009, 12:12 pm

Hi plumfield, Almost there. I see you do not have an Antivirus installed.
There are several reasons for it. Either you have disabled your antivirus or there's no antivirus installed.

If you have disabled it, please re-enable it. If you have no antivirus installed, please get ONE antivirus and install it. Restart the computer for changes to take effect.

avast! 4 Home Edition
AntiVir Free Edition



Empty this folder:


C:\_OTMoveIt\MovedFiles

Empty Recycle Bin.


Please now delete rsit.exe and any remaining logs from your Desktop (not OTmoveIt3.exe), also delete this folder:

Code: Select all
C:\rsit


Clean up with OTMoveIt3:

* Double-click OTMoveIt3.exe to start the program.
* Close all other programs apart from OTMoveIt2 as this step will require a reboot
* On the OTMoveIt main screen, press the CleanUp! button
* Say Yes to the prompt and then allow the program to reboot your computer.


Please post back a new HijackThis log after installing the antivirus.

Post New HJT log

Thanks
Chuck

Does the name refer to the views out West?

If you mean Flashh4, no it was a name gave to me by a friend who owned a bowling alley, he said i had flash feet, going to the line. AVG. 212
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: browser hijacked

Unread postby plumfield » January 18th, 2009, 9:49 pm

Thanks! I am downloading that first antivirus to which you linked. I had AVG and really loved it (until this infection! :) ), but my local guy had me remove it while he was working on stuff. He said it had been giving a lot of his customers trouble lately. Then you came galloping to the rescue just in time, so I left the antivirus question alone for the duration and have been waiting to see when you said it was time to put another one. Are those two you listed better than AVG?

Oh, the name I was asking about: it's kaspersky, the online scan. I was having trouble remembering the name at first because I read it as a Russian-sounding surname, like kuh-SPER-skee. Then I was looking at your jackalope picture and it flashed into my brain that maybe it was KASper Sky, like it was written by someone out in Wyoming and referred to Big Sky Country. After that I could remember the name.

Well, the download is done. Time to restart and to the other things on the list.

:)Carol (aka Plumfield because there's a wild one behind my house, and anyhow you can see my name in one of those previous scans so why did I pick a screen name???) :flower:
plumfield
Active Member
 
Posts: 12
Joined: December 31st, 2008, 1:36 am

Re: browser hijacked

Unread postby plumfield » January 19th, 2009, 12:08 am

Hi, Chuck. Here's my progress so far. I'm providing details because I could not follow your directions absolutely exactly and want you to have the chance to review what I actually did.

I downloaded Avast, let it reboot with a scan that it asked permission to perform, and waited a good long time for the scan. I thought it was done and sitting on a logfile waiting for me to press esc to go on with the booting. I think it actually aborted the scan however.

Found C:\_OTMoveIt\MovedFiles with Search, used a right click to delete all four things in there, then emptied the recycle bin.

Couldn't find rsit.exe on the desktop, or any logs. Did find ERUNT and NTREGOPT on the desktop, and left them. Is that okay?

Found rsit.exe with Search, deleted it, and took it upon myself to empty the recycle bin again.

Could not find OTMoveIt3.exe on the desktop; typed it into Start, Run, but that did not work. Browse did not work. Found it with Search, put it on desktop, started it.

Your directions said "close all other programs apart from OTMoveIt2...." Did you mean 3? Everything else was closed, did the Clean Up and reboot.

The log follows after I take a moment to pick your expert brain. So, this was only a browser hijacker, not a trojan that was going to steal my bank passwords? Was it the "Threat name 1, Infected objects 1 " that the last Kaspersky scan showed, and you can see that it's gone from looking in the HJT log?

And what about a firewall? What should I be running in that regard?

And while I'm at it, here's my homemade computer maintenance routine that I used to do religiously, and kind of neglected in December. I would like to get your opinion of these little chores: do they help or hurt? Waste time or make the system run better? I cobbed it together from stuff from CNet and About.com, if I remember correctly.
Daily chore: Scan for adware, spyware, malware (that was Spybot S&D, but it's been deleted in the course of these repairs);
Every 3 Days: Clean Temorary Internet Files (History and Cookies too), SSL slate, Java Files, and Empty Recycle Bin; [Java procedure: General Tab>Temporary Internet Files>Settings: Move (or confirm) Disk Space to 4 mb, Delete Files, Check "applications and applets" and "trace and log files", then Okay]
Every 4 Days: Complete shutdown (not just restart) to degauss monitor and help cpu [I think I was abbreviating some reason having to do with all the programs that want/need you to reboot to start themselves fresh];
And when I'm feeling brave, once or twice I tried this one: start>run>cmd>jpconfig /flushdns ["to flush junk in domain name server"].

(I have all that typed up and posted right here at eye level. As I recall I had a friend besieged by spam emails who was clueless, and I got those tips from a day's research and sent it to her. ) (I mean, more clueless than I am.)

Oh yes, another question: in reading around the links and things from this website and the TrendMicro website to which Hijack This's Analyze This button takes you, I learned to set the Internet Options to prompt me on ALL cookies. I gave it a try but that got a little cumbersome, and actually something we did a few days ago changed some settings and I'm not being prompted about cookies now. Is it really necessary to click "no" to a dozen or two cookies per web site, in order to avoid another browser hijacker? I might put up with it for privacy's sake, but if it's not really going to keep the bad guys out, maybe I won't bother. I can only fight so many battles. And someone was also saying to delete all the passwords that have been saved by Windows, and quit allowing them to be saved. That would be really inconvenient. Plus that would not remove the risk entirely, only move the risk onto the piece of paper listing them all, which I'd have to post within reach of the computer. How much does keeping a clean computer really depend on losing the convenience of saved passwords? (I don't save the bank ones, if that makes you cringe a little less, ha ha.)

Yes, I know, I have just enough knowledge to be dangerous. And let me know if I need to start a new thread with those questions. Not trying to break a rule here.

Thanks so much for all this help!
:) Carol

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:34 PM, on 1/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8939979886
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visitor ... EFlash.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/w ... uncher.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remote.mercy.net/dana-cached/se ... tupSP1.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\DOCUME~1\CAROLM~1\LOCALS~1\Temp\500064-PMLPatch\HPZipm12.exe (file missing)

--
End of file - 5383 bytes
plumfield
Active Member
 
Posts: 12
Joined: December 31st, 2008, 1:36 am

Re: browser hijacked

Unread postby flashh4 » January 19th, 2009, 11:33 am

Hi plumfield, Lets see if i can answer some of your questions.
1. I don't know where the name "Kaspersky" came from.
2. I cannot say whether it was a browser hijacker or a password staler.
It may have been removed by the Tech, because there was no trace of any. I wish i could of got hold of your computer before the Tech.
3. Your maintenance is good. Mabey a lilltle too much as compared to what i do.
........................

My maintenance:
1. keep everything up to date
2. run Malwarebytes' every week.
3. I am behind a wireless router
4. I Run this this program to clean cookies an other stuff, here is the instructions.
Please download ATF cleaner
Make sure that all browser windows are closed.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Thats my maintenance !!!

........................

At the beginning you said this computer was behind a wireless router, that is very good protection.
Now you have a good Antivirus, i use Avast with out any problems.
I would advise you to also install a good firewall.


Please get one of these FIREWALLS
Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound). Simply using a Firewall in its default configuration can lower your risk greatly.
It's preferable to install one of the suggested firewalls.
Vista users, must check compatibility with Vista before installation.

FREE FIREWALLS
  • Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)", "Install Comodo SafeSurf", "Make Comodo my default search provider" and "Make Comodo Search my homepage")
  • Outpost
  • Sunbelt Kerio

Tutorial about Firewalls can be found here

These are some things we recommend to help you stay clean.
Notice the Malwarebytes program below, this is a SUPER program, i run mine a couple times a month.


...................................

Congratulation you are clean !!! :cheers:

This is a good time to clear your existing system restore points and establish a new clean restore point:

* Go to Start > All Programs > Accessories > System Tools > System Restore
* Select Create a restore point then Next, type a name like All Clean, press the Create button. Once it's finished, press Close.
* Next, go to Start > Run and type in cleanmgr and press OK.
* Select the More options tab.
* Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.

  • Disable and Enable System Restore. - If you are using Windows XP or Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

    Re-enable system restore with instructions from tutorial above

    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.

    • Update your AntiVirus Software and keep your other programs up-to-date
      Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
      You can use one of these sites to check if any updates are needed for your pc.
      Secunia Software Inspector
      F-secure Health Check

    • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://update.microsoft.com/windowsupda ... ankspage=5 regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    • Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
      totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

      Malwarebytes' Anti-Malware Setup Guide

      Malwarebytes' Anti-Malware Scanning Guide

    • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

      A tutorial on installing & using this product can be found here:

      Using SpywareBlaster to protect your computer from Spyware and Malware

    • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    Follow this list and your potential for being infected again will reduce dramatically.

    Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

Let me know if you have read this and if no other problems we can archive this topic.


Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: browser hijacked

Unread postby plumfield » January 19th, 2009, 4:12 pm

Woo hoo! Leap for Joy! Praise the Lord!

This took a lot longer than just carting the cpu to the local guy's office, but I am so glad for all I've learned. I will tell everyone to come to this website if they need help! Thanks thanks thanks!!!!!!

Okay, [pause to breathe...] there now. I read your post, copied it into Word, and printed all five pages so I can implement all that you said. Hooray, already read the Tony Klein article and have Malawarebyte's Anti-Malware.

Thanks for the detailed answers to my questions. You're a hero!!! Now I can get the homeschool routine back on track and look up all my 11 year old's burning science questions. Like why do transformers hum? (He was not satisfied with my explanation of generators and alternating current.) Why do the tv and vcr hum, even when not in use? Oh and the 4 year old wants to know "what's inside" everything...people, dogs, cars, computers, houses, etc.

With great appreciation, from Carol Malone "plumfield"
plumfield
Active Member
 
Posts: 12
Joined: December 31st, 2008, 1:36 am

Re: browser hijacked

Unread postby Shaba » January 20th, 2009, 1:51 am

plumfield this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 19 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware