Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Homepage hijacked and pc running slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Homepage hijacked and pc running slow

Unread postby RosieAndPaul » November 25th, 2009, 5:37 pm

MikeSwim07 wrote:Update Adobe Reader

You should download and install the newest version of the free Adobe Reader for reading pdf files, due to vulnerabilities in earlier versions of reader and acrobat.
All versions numbered lower than 9.2 are vulnerable.
  • Click here to download the latest version of Adobe Acrobat Reader (version 9.2).
  • Select your Windows version and click on Download. Save this file to your desktop and run it to install the latest version of Adobe Reader.

If you prefer a simple reader, without plug-ins, that is smaller and faster, take a look at the free Foxit Reader here : http://www.foxitsoftware.com/pdf/rd_intro.php

You can keep your full version of Adobe Acrobat 7, but you should use it for editing and creation of pdf's only, NOT for opening pdf's on the net.
You can still call Adobe Acrobat 7 from Start, All Programs

Malwarebytes' Anti-Malware

[list][*]Open Malwarebytes' Anti-Malware and click on the Update Tab
[*]Click Check for Updates
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select Perform Quick scan, then click Scan.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Be sure that everything is checked Except for the objects located in C:\System Volume Information, and click Remove Selected.
[*]When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

Note:
[*]The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
[*]Or via the Logs tab when Malwarebytes' Anti-Malware is started.

[*]



The scan completed and then a log opened automatically - I couldn't see anywhere to 'show results'
However there are two items in quarantine. A trojan.proxy at c:\program files\tinyproxy and hijack.homepage at HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage [Data:1]


This is the log:

Malwarebytes' Anti-Malware 1.41
Database version: 3234
Windows 6.0.6002 Service Pack 2

25/11/2009 21:28:19
mbam-log-2009-11-25 (21-28-19).txt

Scan type: Quick Scan
Objects scanned: 97464
Time elapsed: 22 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
RosieAndPaul
Regular Member
 
Posts: 16
Joined: October 26th, 2009, 6:17 pm
Advertisement
Register to Remove

Re: Homepage hijacked and pc running slow

Unread postby MikeSwim07 » November 25th, 2009, 11:45 pm

Hi,

Do you have the ESET log?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Homepage hijacked and pc running slow

Unread postby RosieAndPaul » November 26th, 2009, 5:17 am

I think something went wrong with the ESET log, this is all I got.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK


Shall I try again?
RosieAndPaul
Regular Member
 
Posts: 16
Joined: October 26th, 2009, 6:17 pm

Re: Homepage hijacked and pc running slow

Unread postby RosieAndPaul » November 26th, 2009, 2:07 pm

Update:
I ran it again and got this log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
RosieAndPaul
Regular Member
 
Posts: 16
Joined: October 26th, 2009, 6:17 pm

Re: Homepage hijacked and pc running slow

Unread postby MikeSwim07 » November 28th, 2009, 5:32 pm

Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Homepage hijacked and pc running slow

Unread postby RosieAndPaul » November 30th, 2009, 7:30 am

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, November 30, 2009
Operating system: Microsoft Windows Vista Business Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, November 29, 2009 22:44:55
Records in database: 3310126
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 190925
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 04:37:58


File name / Threat / Threats count
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E240000.VBN Infected: Exploit.JS.Agent.aio 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E240000.VBN Infected: Exploit.JS.Agent.aio 1

Selected area has been scanned.
RosieAndPaul
Regular Member
 
Posts: 16
Joined: October 26th, 2009, 6:17 pm

Re: Homepage hijacked and pc running slow

Unread postby MikeSwim07 » December 1st, 2009, 7:11 pm

Hi,

  • In Symantec AntiVirus, in the left pane, click View.
  • In the right pane, click Quarantine.
  • Select 0E240000.VBN in the list of quarantined items.
  • Right-click the file, and then click Delete Permanently.
  • In the Take Action dialog box, click Start Delete.
  • Click Close.

Please re-scan with Kaspersky Online Scan and post that log.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Homepage hijacked and pc running slow

Unread postby RosieAndPaul » December 1st, 2009, 7:41 pm

I don't see that item in my quarentine, I have:
Trojan Horse tinyproxy.exe C:\Program Files\tinyproxy\
Trojan Horse DWHCD7F.tmp C:\Users\PECL-31-01-08\AppData\Local\Temp\
Trojan Horse keygen.exe C:\Users\PECL-31-01-08\Documents\Personal\Dreamweaver CS3\Adobe Dreamweaver CS3 (1cd)\CRACK\
RosieAndPaul
Regular Member
 
Posts: 16
Joined: October 26th, 2009, 6:17 pm

Re: Homepage hijacked and pc running slow

Unread postby MikeSwim07 » December 2nd, 2009, 7:46 pm

Illegal Software Detected
While going through your log it has come to my attention that your version of Dreamweaver CS3 is cracked. Although it seems like you may not have this software anymore.
This forum's policy says we will not help people who use cracked or pirated software.

More information:
Illegal Copies of Software

If you still want me to help you I suggest you purchase a legal copy of the software or remove the cracked software from your computer.
NOTE: If you give me advice that the software has been removed & I find it has not (the tools we use can & will detect it) then I will have no choice but to have this thread closed.
Please decide what you are going to do & let me know.

I recommend that you follow the instructions below:

Uninstall programs

  • First, Click on Start > Control Panel
  • Next, Click on Add or Remove Programs
  • Wait for the list of programs to load
  • Locate the following programs and click Remove
    Dreamweaver CS3 (If present)
  • Follow the prompts of the uninstaller to uninstall/remove the program
  • Once all of the above have been uninstalled, please close Add/Remove Programs

  • In Symantec AntiVirus, in the left pane, click View.
  • In the right pane, click Quarantine.
  • Select tinyproxy.exe, DWHCD7F.tmp, and keygen.exe in the list of quarantined items.
  • Right-click the files, and then click Delete Permanently.
  • In the Take Action dialog box, click Start Delete.
  • Click Close.

Run OTM
  • Double-click on OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: Select all
    :files
    C:\Users\PECL-31-01-08\Documents\Personal\Dreamweaver CS3
    C:\Program Files\tinyproxy
    :commands
    [emptytemp]
    
  • Return to OTM, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • If you are not asked to reboot close OTM.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Please re-run Kaspersky Online Scan.

Please post the Kaspersky Online Scan log and the OTM log.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Homepage hijacked and pc running slow

Unread postby MikeSwim07 » December 4th, 2009, 8:01 pm

Do you still need help?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Homepage hijacked and pc running slow

Unread postby NonSuch » December 8th, 2009, 9:15 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 496 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware