Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE hijacked by http://www.yifawatch.net/... how to get rid??

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IE hijacked by http://www.yifawatch.net/... how to get rid??

Unread postby mijmij » March 25th, 2010, 4:08 pm

Hi,

It seems the windows internet explorer has been hijacked, the website goes to the home psge hxxp://www.yifawatch.net/ of which nothing comes up. On my desktop there is also an extra IE icon which when deleted pops back up again. I have backed up all my stuff and deleted virtually everything and still no joy so can you please help? Here is a post of hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:51 PM, on 3/25/2010
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\msncfgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yifawatch.net
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSNConfig] C:\WINDOWS\System32\msncfgs.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe

--
End of file - 1584 bytes



Thanks
Last edited by NonSuch on March 25th, 2010, 4:31 pm, edited 5 times in total.
Reason: Edited to disable link.
mijmij
Active Member
 
Posts: 2
Joined: March 25th, 2010, 3:59 pm
Advertisement
Register to Remove

Re: IE hijacked by http://www.yifawatch.net/... how to get rid??

Unread postby NonSuch » March 25th, 2010, 4:29 pm

Can you tell us why you are using Windows XP with no Service Packs installed?
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Re: IE hijacked by http://www.yifawatch.net/... how to get rid??

Unread postby mijmij » March 25th, 2010, 5:32 pm

I didnt know no service packs are installed, as i dont use the desktop myself but my parents do.
help?
mijmij
Active Member
 
Posts: 2
Joined: March 25th, 2010, 3:59 pm

Re: IE hijacked by http://www.yifawatch.net/... how to get rid??

Unread postby NonSuch » March 26th, 2010, 2:19 am

I'm sorry, but no Service Packs installed means that the computer has been unable to receive security updates from Microsoft since October of 2006. Basically, that means that it has been a "sitting duck" for any and all malware. There is no point in attempting to clean up this computer. Without Service Packs installed, it can't be secured, and without it being secured, it will be reinfected as fast as it's cleaned up.

You will need to reformat the hard drive and reinstall the operating system, then make sure you immediately get the appropriate Service Packs installed as well as all additional security updates. You will also need to set the computer to receive automatic updates from Microsoft, which will include a later version of Internet Explorer. Internet Explorer 6 is not secure.

Prior to reformatting, you should make sure that you have an antivirus product ready to install. You can download a free one, such as avast!, AntiVir, or Microsoft Security Essentials. Just download it to a known clean computer and burn it to a CD so you have it available to install after you've reinstalled the operating system. You will also need your Windows XP installation disk, and the disk for installing the system's drivers. These disks should have come with the computer. Some computers, however, are sold with only a restore partition. If you cannot find the installation disks, and your computer does not have a restore partition, then you will need to contact the computer's manufacturer and purchase the needed disks from them. Usually, they can be obtained from the manufacturer for a reasonable price.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Re: IE hijacked by http://www.yifawatch.net/... how to get rid??

Unread postby NonSuch » March 29th, 2010, 7:09 pm

As the resolution of this issue requires a reformat, and there have been no questions posted regarding that process, this topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 224 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware