Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

iGoogle has hijacked my homepage! Please help me get it back

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: iGoogle has hijacked my homepage! Please help me get it back

Unread postby Katana » August 16th, 2008, 2:31 am

Your Java and Adobe is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java and Adobe components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u7 from http://java.sun.com/javase/downloads/index.jsp
  • Scroll down to where it says "The Java Runtime Environment (JRE) 6 update 7 allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Update Adobe Acrobat Reader
  • Please go to this link Adobe Acrobat Reader Download Link
  • Cllick Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

Now close all windows, including your browser.
Double click on the Java installation that you downloaded and follow the prompts.

Remove Programs
Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
  • Browser Address Error Redirector
  • Java(TM) SE Runtime Environment 6 Update 1
Now close the Control Panel.

Reboot your machine.






Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.




Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • Kaspersky Log
  • How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Re: iGoogle has hijacked my homepage! Please help me get it back

Unread postby talanad » August 16th, 2008, 10:29 am

The iGoogle has released my homepage Finally! and things seem to be running much smoother in general. I like Google but does this mean I should avoid them or was the HiJack unrelated to Google in general?
One other issue I've had since getting this new tablet PC with Vista (in April) is that I have no other users for this computer and operate as the Administerator and still get folders in my Windows Explorer that say I can't access them, is this a malware issue? I have to go in and take posession of them and some still can't access. What a Pain! Any clarification would be appreciated.

Looking forward to completing your suggestions. I feel like I've regained some control of my new laptop.
I won't be able to complete the recommended tasks until Monday 8/18/08 so will get back to you when I've performed those, will definitely be performing those.
Many Thanx,
Chat Monday,
T :D
talanad
Regular Member
 
Posts: 19
Joined: August 4th, 2008, 11:16 pm

Re: iGoogle has hijacked my homepage! Please help me get it back

Unread postby Katana » August 16th, 2008, 3:31 pm

talanad wrote:The iGoogle has released my homepage Finally! and things seem to be running much smoother in general. I like Google but does this mean I should avoid them or was the HiJack unrelated to Google in general?
One other issue I've had since getting this new tablet PC with Vista (in April) is that I have no other users for this computer and operate as the Administerator and still get folders in my Windows Explorer that say I can't access them, is this a malware issue? I have to go in and take posession of them and some still can't access. What a Pain! Any clarification would be appreciated.


iGoogle is a custom page that you choose to view http://www.google.com/ig.

Some Vista files/folders don't actually exist, they are just shortcuts that that the system uses.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: iGoogle has hijacked my homepage! Please help me get it back

Unread postby talanad » August 18th, 2008, 7:08 pm

Running a little late today so may not get all done till tomorrow and will get back with you then.
Thanx for the info on my questions, every little bit helps.
Tomorrow then,
T
talanad
Regular Member
 
Posts: 19
Joined: August 4th, 2008, 11:16 pm

Re: iGoogle has hijacked my homepage! Please help me get it back

Unread postby talanad » August 19th, 2008, 6:31 pm

Here's the Kaspersky Report:
All recommended actions performed successfully.

Look forward to hearing from you,
T 8)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 19, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 19, 2008 19:57:43
Records in database: 1111076
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 155430
Threat name: 7
Infected objects: 8
Suspicious objects: 30
Duration of the scan: 01:44:58


File name / Threat name / Threats count
C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 2 612 MB Exprts\568 MB FlDwnldApps\File Navigators\Gnutella Bearshare\BS225.exe Infected: not-a-virus:AdWare.Win32.OnFlow.d 1
C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 2 612 MB Exprts\568 MB FlDwnldApps\File Navigators\Gnutella Bearshare\BS225.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 2 612 MB Exprts\568 MB FlDwnldApps\File Navigators\Gnutella Bearshare\BS225.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bg 1
C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 2 612 MB Exprts\568 MB FlDwnldApps\File Navigators\Gnutella Bearshare\BS225.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au 1
C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 8 480 MB Windows Mail_Gallery Add to Local Folders\Gallery (1)\All Frequen a69\Buffy - Bra a66\Chuck\06EA3228-FA1D1F8B.eml Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 8 480 MB Windows Mail_Gallery Add to Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\31F2516A-0226ED80.eml Suspicious: Email-Worm.Win32.Bagle.mail 1
C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 8 480 MB Windows Mail_Gallery Add to Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\Virus Prote 6f\228079FA-70044F7A.eml Suspicious: Email-Worm.Win32.Bagle.mail 1
C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 8 480 MB Windows Mail_Gallery Add to Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\Citibank - 2634\Virtual Acc 791\16775CA8-370BC0AF.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 8 480 MB Windows Mail_Gallery Add to Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\CNXLD\Chase\C\391208D8-6FDBFF0B.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\teylanad\AppData\Local\Microsoft\Windows Mail\Local Folders\Gallery (1)\All Frequen a69\Buffy - Bra a66\Chuck\06EA3228-FA1D1F8B.eml Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Users\teylanad\AppData\Local\Microsoft\Windows Mail\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\31F2516A-0226ED80.eml Suspicious: Email-Worm.Win32.Bagle.mail 1
C:\Users\teylanad\AppData\Local\Microsoft\Windows Mail\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\Virus Prote 6f\228079FA-70044F7A.eml Suspicious: Email-Worm.Win32.Bagle.mail 1
C:\Users\teylanad\AppData\Local\Microsoft\Windows Mail\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\Citibank - 2634\Virtual Acc 791\16775CA8-370BC0AF.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\teylanad\AppData\Local\Microsoft\Windows Mail\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\CNXLD\Chase\C\391208D8-6FDBFF0B.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Chuck.dbx Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\MC.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Microsoft\Outlook Express\Chuck.dbx Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Microsoft\Outlook Express\MC.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Microsoft\Outlook Express\Security Updates.dbx Suspicious: Email-Worm.Win32.Bagle.mail 1
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Microsoft\Outlook Express\Virtual Acct # Info.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Microsoft\Outlook Express\Virus Protection.dbx Suspicious: Email-Worm.Win32.Bagle.mail 1
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Security Updates.dbx Suspicious: Email-Worm.Win32.Bagle.mail 1
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Virtual Acct # Info.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Virus Protection.dbx Suspicious: Email-Worm.Win32.Bagle.mail 1
C:\Users\teylanad\Documents\A Exports\Windows Mail\080706\Local Folders\Gallery (1)\All Frequen a69\Buffy - Bra a66\Chuck\06EA3228-FA1D1F8B.eml Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Users\teylanad\Documents\A Exports\Windows Mail\080706\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\31F2516A-0226ED80.eml Suspicious: Email-Worm.Win32.Bagle.mail 1
C:\Users\teylanad\Documents\A Exports\Windows Mail\080706\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\Virus Prote 6f\228079FA-70044F7A.eml Suspicious: Email-Worm.Win32.Bagle.mail 1
C:\Users\teylanad\Documents\A Exports\Windows Mail\080706\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\Citibank - 2634\Virtual Acc 791\16775CA8-370BC0AF.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\teylanad\Documents\A Exports\Windows Mail\080706\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\CNXLD\Chase\C\391208D8-6FDBFF0B.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\teylanad\Documents\A Exports\Windows Mail\080707\Local Folders\Gallery (1)\All Frequen a69\Buffy - Bra a66\Chuck\06EA3228-FA1D1F8B.eml Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Users\teylanad\Documents\A Exports\Windows Mail\080707\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\31F2516A-0226ED80.eml Suspicious: Email-Worm.Win32.Bagle.mail 1
C:\Users\teylanad\Documents\A Exports\Windows Mail\080707\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\Virus Prote 6f\228079FA-70044F7A.eml Suspicious: Email-Worm.Win32.Bagle.mail 1
C:\Users\teylanad\Documents\A Exports\Windows Mail\080707\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\Citibank - 2634\Virtual Acc 791\16775CA8-370BC0AF.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\teylanad\Documents\A Exports\Windows Mail\080707\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\CNXLD\Chase\C\391208D8-6FDBFF0B.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\teylanad\Documents\Apps\Files Downloaded\Applications\File Navigators\Gnutella Bearshare\BS225.exe Infected: not-a-virus:AdWare.Win32.OnFlow.d 1
C:\Users\teylanad\Documents\Apps\Files Downloaded\Applications\File Navigators\Gnutella Bearshare\BS225.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Users\teylanad\Documents\Apps\Files Downloaded\Applications\File Navigators\Gnutella Bearshare\BS225.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bg 1
C:\Users\teylanad\Documents\Apps\Files Downloaded\Applications\File Navigators\Gnutella Bearshare\BS225.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au 1

The selected area was scanned.
talanad
Regular Member
 
Posts: 19
Joined: August 4th, 2008, 11:16 pm

Re: iGoogle has hijacked my homepage! Please help me get it back

Unread postby talanad » August 21st, 2008, 2:44 pm

Booted up this morning and iGoogle has again replaced my preferred homepage.
T :?
talanad
Regular Member
 
Posts: 19
Joined: August 4th, 2008, 11:16 pm

Re: iGoogle has hijacked my homepage! Please help me get it back

Unread postby Katana » August 21st, 2008, 5:36 pm

I'm sorry for the delay, I've been very busy in real life.

The following are all signs of infected E-mails, you either need to delete the E-mail via the program or delete the backups directly and create a fresh backup

C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 8 480 MB Windows Mail_Gallery Add to Local Folders\Gallery (1)\All Frequen a69\Buffy - Bra a66\Chuck\06EA3228-FA1D1F8B.eml
C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 8 480 MB Windows Mail_Gallery Add to Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\31F2516A-0226ED80.eml
C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 8 480 MB Windows Mail_Gallery Add to Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\Virus Prote 6f\228079FA-70044F7A.eml
C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 8 480 MB Windows Mail_Gallery Add to Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\Citibank - 2634\Virtual Acc 791\16775CA8-370BC0AF.eml
C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 8 480 MB Windows Mail_Gallery Add to Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\CNXLD\Chase\C\391208D8-6FDBFF0B.eml
C:\Users\teylanad\AppData\Local\Microsoft\Windows Mail\Local Folders\Gallery (1)\All Frequen a69\Buffy - Bra a66\Chuck\06EA3228-FA1D1F8B.eml
C:\Users\teylanad\AppData\Local\Microsoft\Windows Mail\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\31F2516A-0226ED80.eml
C:\Users\teylanad\AppData\Local\Microsoft\Windows Mail\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\Virus Prote 6f\228079FA-70044F7A.eml
C:\Users\teylanad\AppData\Local\Microsoft\Windows Mail\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\Citibank - 2634\Virtual Acc 791\16775CA8-370BC0AF.eml
C:\Users\teylanad\AppData\Local\Microsoft\Windows Mail\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\CNXLD\Chase\C\391208D8-6FDBFF0B.eml
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Chuck.dbx
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\MC.dbx
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Microsoft\Outlook Express\Chuck.dbx
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Microsoft\Outlook Express\MC.dbx
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Microsoft\Outlook Express\Security Updates.dbx
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Microsoft\Outlook Express\Virtual Acct # Info.dbx
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Microsoft\Outlook Express\Virus Protection.dbx
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Security Updates.dbx
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Virtual Acct # Info.dbx
C:\Users\teylanad\AppData\Roaming\Identities\{A7A654AB-F2F4-4DD0-8BFE-8EA6EB89C59F}\Virus Protection.dbx
C:\Users\teylanad\Documents\A Exports\Windows Mail\080706\Local Folders\Gallery (1)\All Frequen a69\Buffy - Bra a66\Chuck\06EA3228-FA1D1F8B.eml
C:\Users\teylanad\Documents\A Exports\Windows Mail\080706\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\31F2516A-0226ED80.eml
C:\Users\teylanad\Documents\A Exports\Windows Mail\080706\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\Virus Prote 6f\228079FA-70044F7A.eml
C:\Users\teylanad\Documents\A Exports\Windows Mail\080706\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\Citibank - 2634\Virtual Acc 791\16775CA8-370BC0AF.eml
C:\Users\teylanad\Documents\A Exports\Windows Mail\080706\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\CNXLD\Chase\C\391208D8-6FDBFF0B.eml
C:\Users\teylanad\Documents\A Exports\Windows Mail\080707\Local Folders\Gallery (1)\All Frequen a69\Buffy - Bra a66\Chuck\06EA3228-FA1D1F8B.eml
C:\Users\teylanad\Documents\A Exports\Windows Mail\080707\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\31F2516A-0226ED80.eml
C:\Users\teylanad\Documents\A Exports\Windows Mail\080707\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Bus. Acct_\ATT Residen 901\Security Up 931\Virus Prote 6f\228079FA-70044F7A.eml
C:\Users\teylanad\Documents\A Exports\Windows Mail\080707\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\Citibank - 2634\Virtual Acc 791\16775CA8-370BC0AF.eml
C:\Users\teylanad\Documents\A Exports\Windows Mail\080707\Local Folders\Gallery (1)\Home\Desk Drawer\Accts\Credit Card 5b6\CNXLD\Chase\C\391208D8-6FDBFF0B.eml



Download and Run ComboFix
Please delete the copy of ComboFix that you have and download an updated copy from one of the links below

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    
    File::
    C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 2 612 MB Exprts\568 MB FlDwnldApps\File Navigators\Gnutella Bearshare\BS225.exe
    C:\Users\teylanad\Documents\Apps\Files Downloaded\Applications\File Navigators\Gnutella Bearshare\BS225.exe
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: iGoogle has hijacked my homepage! Please help me get it back

Unread postby talanad » August 21st, 2008, 7:27 pm

I'm just thrilled to hear from you at all, especially since you actually have a real life!!
Will perform tasks and get back to you.
May not get all done until Saturday 8/23 so will get back to you on Saturday.
Thank you so much,
T
talanad
Regular Member
 
Posts: 19
Joined: August 4th, 2008, 11:16 pm

Re: iGoogle has hijacked my homepage! Please help me get it back

Unread postby talanad » August 21st, 2008, 9:28 pm

Hello again,
Deleted the infected emails (nuts to my redundancy).
Pretty sure I got them all.
Also:
I deleted the old Combofix, downloaded the new and prepped the CFScript.txt file to the desktop.
In rereading the Combofix Tutorial I noticed it does refer to Booting up into the Vista Recovery Environment. Somehow missed that first time around since the statement is within the XP instructions.
Regardless... I did not access the Vista Recovery Environment the first time and all seemed to have run effectively so should I just repeat the way I did it before? Including of course the CFScript.txt file this time.

T
talanad
Regular Member
 
Posts: 19
Joined: August 4th, 2008, 11:16 pm

Re: iGoogle has hijacked my homepage! Please help me get it back

Unread postby Katana » August 22nd, 2008, 3:56 am

That is just telling you that you can use the Vista disc to get to recovery, you don't need to unless there is a serious problem.

Just run Combofix as you did before.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: iGoogle has hijacked my homepage! Please help me get it back

Unread postby talanad » August 23rd, 2008, 10:16 am

Procedures completed, logfile follows.
T :)


ComboFix 08-08-21.02 - teylanad 2008-08-23 6:59:00.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2176 [GMT -7:00]
Running from: C:\Users\teylanad\Desktop\ComboFix.exe
Command switches used :: C:\Users\teylanad\Desktop\CFScript.txt`.txt
* Created a new restore point

FILE ::
C:\BACKUP TRNSFR FLDR\Backup to Dics 080706\Disc 2 612 MB Exprts\568 MB FlDwnldApps\File Navigators\Gnutella Bearshare\BS225.exe
C:\Users\teylanad\Documents\Apps\Files Downloaded\Applications\File Navigators\Gnutella Bearshare\BS225.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\teylanad\Documents\Apps\Files Downloaded\Applications\File Navigators\Gnutella Bearshare\BS225.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.

2008-08-19 11:55 . 2008-08-19 11:55 <DIR> d-------- C:\Windows\Sun
2008-08-19 11:19 . 2008-08-19 11:19 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-19 11:11 . 2008-08-19 11:35 <DIR> d-------- C:\Users\All Users\NOS
2008-08-19 11:11 . 2008-08-19 11:35 <DIR> d-------- C:\ProgramData\NOS
2008-08-19 11:11 . 2008-08-19 11:35 <DIR> d-------- C:\Program Files\NOS
2008-08-14 11:27 . 2008-07-15 16:48 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-10 08:39 . 2008-08-10 08:39 <DIR> d-------- C:\Users\teylanad\AppData\Roaming\Malwarebytes
2008-08-10 08:39 . 2008-08-10 08:39 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-10 08:39 . 2008-08-10 08:39 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-10 08:39 . 2008-08-10 10:13 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 08:39 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-10 08:39 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-04 19:49 . 2008-08-04 19:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-03 08:29 . 2008-06-25 17:33 11,722,752 --a------ C:\Windows\System32\NlsLexicons0001.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 13:50 --------- d-----w C:\Users\teylanad\AppData\Roaming\Spare Backup
2008-08-19 18:23 --------- d-----w C:\Program Files\Java
2008-08-19 18:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-14 18:24 --------- d-----w C:\Program Files\Windows Mail
2008-08-04 23:04 --------- d-----w C:\Program Files\Google
2008-07-09 21:43 174 --sha-w C:\Program Files\desktop.ini
2008-07-09 04:55 --------- d-----w C:\Users\teylanad\AppData\Roaming\CyberLink
2008-07-09 04:55 --------- d-----w C:\ProgramData\CyberLink
2008-07-03 02:45 --------- d-----w C:\Program Files\Red Orb
2008-07-03 02:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 02:41 --------- d-----w C:\Program Files\MicroProse
2008-07-03 02:38 --------- d-----w C:\Program Files\Core Design
2008-07-02 23:41 --------- d-----w C:\Program Files\InterActual
2008-07-02 19:26 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-07-02 19:26 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys
2008-07-02 19:26 10,520 ----a-w C:\Windows\System32\avgrsstx.dll
2008-07-02 03:30 --------- d-----w C:\Program Files\Electronic Arts
2008-07-02 03:28 --------- d-----w C:\Program Files\Maxis
2008-07-02 00:57 --------- d-----w C:\Program Files\Creative
2008-07-02 00:46 --------- d-----w C:\Program Files\Eidos Interactive
2008-07-01 19:07 --------- d-----w C:\Users\teylanad\AppData\Roaming\Lavasoft
2008-07-01 19:07 --------- d-----w C:\Program Files\Lavasoft
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 02:45 --------- d-----w C:\Users\teylanad\AppData\Roaming\Roxio
2008-06-26 02:45 --------- d-----w C:\ProgramData\Napster
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-24 18:01 --------- d-----w C:\ProgramData\Apple Computer
2008-06-24 18:01 --------- d-----w C:\Program Files\QuickTime
2008-06-23 17:38 --------- d-----w C:\ProgramData\avg8
2008-06-23 17:38 --------- d-----w C:\Program Files\AVG
2008-06-23 16:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-23 16:39 --------- d-----w C:\ProgramData\Symantec
2008-06-19 03:25 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-06-19 03:25 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-04-30 07:20 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-30 07:20 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-30 07:20 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-15_15.39.55.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 22:06:42 295,606 ----a-r C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
+ 2008-08-23 13:49:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-23 13:49:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-15 22:33:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-23 13:50:56 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-08-15 22:33:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-23 13:55:33 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-08-15 16:28:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-23 04:48:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-15 16:28:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-23 04:48:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-15 16:28:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-23 04:48:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-15 22:29:40 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-23 13:58:56 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2007-03-14 08:31:24 135,168 ----a-w C:\Windows\System32\java.exe
+ 2008-06-10 08:21:01 135,168 ----a-w C:\Windows\System32\java.exe
- 2007-03-14 08:31:28 135,168 ----a-w C:\Windows\System32\javaw.exe
+ 2008-06-10 08:21:04 135,168 ----a-w C:\Windows\System32\javaw.exe
- 2007-03-14 10:04:46 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-06-10 09:32:34 139,264 ----a-w C:\Windows\System32\javaws.exe
- 2008-08-15 22:29:58 104,024 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-23 13:54:42 104,024 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-15 22:29:58 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-23 13:54:42 618,648 ----a-w C:\Windows\System32\perfh009.dat
- 2008-08-15 22:26:41 7,730 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1669751230-3628068341-3706583971-1000_UserData.bin
+ 2008-08-23 13:51:42 9,238 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1669751230-3628068341-3706583971-1000_UserData.bin
- 2008-08-15 22:26:41 70,340 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-23 13:51:42 70,610 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-15 22:26:38 35,868 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-23 13:51:41 36,524 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 20:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 20:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 14:37 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 02:18 827392]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-03-28 20:23 49168]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-09-06 13:12 323216]
"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [2007-09-13 17:22 5252936]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-06 11:05 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-02 12:26 1232152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" [2005-05-25 12:12 517632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

C:\Users\teylanad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2008-03-04 19:04:07 2342912]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 14:11:50 719664]
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 14:27:34 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 20:46 90112 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1669751230-3628068341-3706583971-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{90A40444-73DE-4E5A-AE81-8232BC6376BF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5ED803E3-D302-4CEC-B8D8-7535BA7E0B40}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9326A280-DDC0-4B13-B978-6F1AD8A943EF}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{02A8F421-A1D9-4EA6-AF65-061853A7D83C}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"TCP Query User{EFEE5914-F223-4E80-BBA7-C51B38553DCA}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8CA8B965-F614-48B9-A3DC-FA672B47E913}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-02 12:26]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-02 12:26]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-02 12:26]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-10 07:54]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-02 12:26]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 12:46]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-26 23:20]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-26 23:20]
R3 MSTabBtn;Quanta Computer Tablet PC Buttons HID Driver;C:\Windows\system32\DRIVERS\mstabbtn.sys [2007-03-08 19:40]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 00:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 07:01:09
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-08-23 7:03:19
ComboFix-quarantined-files.txt 2008-08-23 14:02:17
ComboFix2.txt 2008-08-15 22:41:43

Pre-Run: 166,039,674,880 bytes free
Post-Run: 166,073,511,936 bytes free

200 --- E O F --- 2008-08-14 18:28:08
talanad
Regular Member
 
Posts: 19
Joined: August 4th, 2008, 11:16 pm

Re: iGoogle has hijacked my homepage! Please help me get it back

Unread postby Katana » August 24th, 2008, 6:49 am

I suspect that the iGoogle setting is stored in a cookie, when you are on the iGoogle page you need to look for a button that says

"Classic Home"

Click that button and it should revert you back to the original Google search page and then remember that setting.

Let me know how you get on.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: iGoogle has hijacked my homepage! Please help me get it back

Unread postby talanad » August 24th, 2008, 12:26 pm

Thanx, you may already know iGoogle stays gone again when I deleted it as my homepage thank goodness and I've NOT intentionally visited the site since this started.
But, when I go to Google from the address bar and click on Classic Home, close page, and reopen it, it has not remembered the Classic Home setting. I went to preferences, and saved but still get the igoogle page when I open it.
I do have a favorite that takes me directly to the classic home page so in future will use that.
I also set Internet Options to prompt for third party cookies if you think that might be wise or even effective in this situation.

I may just be dim this morning but other than the above setting I can't find Cookie handling in the Vista / Internet Explorer 7 'Options' menus. I need cookies for my accounts but can you recommend any advanced cookie handling settings I should be using (and where are they?)

Also, is Kaspersky a program I should use periodically?

I will post a status report Friday 8/29/08 if that's ok with you, unless something drastic happens before then.
Thank You so much,
T
talanad
Regular Member
 
Posts: 19
Joined: August 4th, 2008, 11:16 pm

Re: iGoogle has hijacked my homepage! Please help me get it back

Unread postby Katana » August 25th, 2008, 7:25 am

I would use Kaspersky at least once a month :)

As for cookies, try this

Open Internet Options | Privacy, click on the Advanced button.

Place a check in "Override automatic cookie handling".

Set "First Party Cookies" to BPompt, and set "Third Party Cookies" to Block.

See if that helps.
It may be best if you removed all existing cookies first though.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: iGoogle has hijacked my homepage! Please help me get it back

Unread postby talanad » August 25th, 2008, 6:23 pm

Will Use Kaspersky!
I compared that log with your list of ones to delete and looks like:
I should delete anything that is labeled 'Suspicious: '
AND that I can leave anything that is labeled 'Infected: not-a-virus: '
Are there any other delete designations I should be aware of?... if those are in the Kaspersky website you can just direct me to that page if you would please, I'll look into more information on it myself.

Unrelated (to this issue) questions:
(Really hope you don't mind..., just don't answer if you do mind or don't have time.)
I still use my first old laptop for my mom.
Is Windows '98 to old to use Kaspersky on?
It has AVG as well.
Is there a good Anti-Mal/AdWare program for that old of a system?
The AdAware software I've always used on it has stopped being able to run/read new definitions files (error message is it can't read the downloaded update). I've reloaded the software twice to no avail.

Very Happy I was in the right place for cookie handling!
Made changes as you suggested. :cheers:

Will still be updating you on Friday (you lucky person) if that's ok.
Please let me know whenever you decide we've done all we can and I'll stop bugging you.

Bless you and, as usual, thanks so much,
T
talanad
Regular Member
 
Posts: 19
Joined: August 4th, 2008, 11:16 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 280 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware