Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijacked host file

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Hijacked host file

Unread postby Dakeyras » September 4th, 2009, 2:18 pm

Hi :)

There are some infected emails in the deleted box of Outlook Express, so please empty the box.

One email is infected in the Harry Lee box, unfortunately I have no way of knowing which particular email this may be. Any emails you do not recognise delete, do not open them fully as the malware may phone home so to speak.

Any other issues remaining? Plus I would still like a answer to a former query of mine, thank you.
Are you using OmniPage software at all? It relates to this HJT entry:-

F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe

I have not noticed this actually installed and it may be part of another software installation such as your printer software and or you have removed it.
Also have you deliberately reset the IE home page etc again? If so this is fine and your prerogative.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Re: Hijacked host file

Unread postby BeWeCo » September 8th, 2009, 11:14 am

OK. 'Deleted' and 'Harry Lee' mailboxes have been emptied and recycle bin permanently emptied.

There do not seem to be any remaining issues. I do not find any evidence of OmniPage software nor do I remember using optical character recognition of any sort. I have no idea where this came from nor do I know how to remove it as it does not appear in the 'add/remove' list. There is HP scanner software installed which might explain this I suppose.

Yes, I always use a 'blank' home page. If the browser automatically goes to any URL unbidden it prompts my suspicion.

Thank you for your time and effort. I'll gladly look up that donation link when we're done.
BeWeCo
Active Member
 
Posts: 13
Joined: August 26th, 2009, 3:24 pm

Re: Hijacked host file

Unread postby Dakeyras » September 8th, 2009, 1:56 pm

Hi :)

RE: the OmniPage application/software apparently this may be bundled with the HP Printer Software you have. There may be a uninstaller for it within the associated Program Files folder of say the HP Memories Disc or the HP Photo and Imaging 2.0 for example. It actually does not pose any threat so that is good news.
Another way to be rid would be to uninstall all the printer related software and then re-install and check if any options for this and de-select during the new installation.

Thank you for your time and effort.
You're welcome!

New Adobe Reader Installation:

  • Go here and click on AdbeRdr910_en_US.exe to download the latest version of Adobe Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.

Next:

Congratulations your computer now appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well. Plus bare in mind my prior advice about upgrading the presently installed RAM(Random Access Memory).

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Clean up with OTM:

  • Double-click OTM to start the program.
  • Close all other programs apart from OTM as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed combination security application, McAfee SecurityCenter automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


Be careful when opening attachments and downloading files:

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Make your Internet Explorer safer:

Note: Internet Explorer v8 has been recently released from its beta program, my advice hold off upgrading for the time being as no doubt flaws will be identified and fixes released over the coming months.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


Only use one of the above!

Finally a educational source:

To learn more about how to protect yourself while on the internet read this article by Tony Klein:

url=http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=4959]So how did I get infected in the first place?[/url]

Some consider this article outdated, personally I still think it bares relevance and the author is well respected in the Anti-Malware community and by myself also!

Any questions? Feel free to ask, if not stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Hijacked host file

Unread postby BeWeCo » September 10th, 2009, 1:20 pm

:D

Dakeyras,

Thanks again for all your effort.

Re: your last post; Adobe updated to 9.1, OTM cleanup complete, MB Anti-Malware and Erunt installed. MS auto update active and AnalogX watching for nasty scripts. There has not been, nor will there be, any P2P software installed and the MVPS hosts file has been (re)installed.

I've read your recommended posts and feel much better able to defend my digital self, thanks to you and your site. What a great service to the blissfully ignorant serfing public.

Donation made via Harry Lee paypal account.
BeWeCo
Active Member
 
Posts: 13
Joined: August 26th, 2009, 3:24 pm

Re: Hijacked host file

Unread postby Dakeyras » September 10th, 2009, 1:49 pm

You're welcome! On behalf of Malware Removal thank you for the donation. :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Hijacked host file

Unread postby markkhunt » September 10th, 2009, 11:00 pm

Since this issue appears resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
markkhunt
Admin/Teacher Emeritus
 
Posts: 7913
Joined: April 15th, 2005, 8:58 pm
Location: Newburgh, IN
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 484 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware