Hijacked favourites

H

hermes

Joined
3 Jan 2006
Messages
1,782
Reaction score
0
Location
Derbyshire
Country
United Kingdom
There is a problem on my son's pc. It has win xp home, IE version 7. Some of his favourites work ok, others, including his google homepage, take a long time then come up with unwanted sites, mostly gaming sites.

I ran anti-spyware, anti-virus, cleared caches.

Anything else to try?
 
Sponsored Links
what did you use to do a spyware/adware scan?
You could check your hosts file, it isnt unknown for software to change it, you can find it in windir\system32\drivers\etc open with notepad should look like this:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost


if you have any other entries post the contents of your hosts, lmhosts could also cause probs but I've never come accross a hijacked one.
 
I used adaware and spybot, both recommended on here. How do I find the windir/system 32 thingy?

The strange thing is, the address of the website he wants appears in the address bar but pages from other sites appear on th screen.
 
Good tip from eggplant.

However, you might like to try this to flush out your system of most nasty stuff.


Download Ewido/AVG Anti Spyware from here ….

http://www.ewido.net/en/

It has a fully working 30 day trial period.

Install it and update it to the latest definitions.

Do NOT use it yet.


Now boot to safe mode. Here’s a “how to” if you’re not sure ..

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406


When in safe mode run a full system scan with AVGAS and let it fix what it wants to.

REMEMBER TO SAVE THE SCAN REPORT and also remember where you saved it in case we need to see it later.

[FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time].

------------------------------------------------------------------------------------------------------


If this doesn't succeed in fixing the problem download HijackThis from here ...

http://www.majorgeeks.com/download3155.html

unzip & install it ...
open the program ...
from the menu click on "Do a system scan and save a logfile".

Copy and paste that logfile to this thread. Specific removal instructions will follow to fix whatever it is that's causing the problem.


PCH
 
Sponsored Links
Viewing the hosts file...

Spybot S&D

<Tools>

<Hosts file> ( Hit the help button .. Useful )

And / or

Run HiJackThis.

< None of these start the prog >

< Config >

< Misc Tools >

< Open Hosts file manager >

To edit the file other than line delete or comment toggle..
< Open in Notepad >
-
 
eggplant said:
Viewing the hosts file...
Click to expand...
just open it in notepad like I said before, I fail to see the problem?
Click to expand...

I read where Hermes said ... "..How do I find the windir/system 32 thingy?..." Did you not see that? I think that may be a problem for H.
-
 
system 2 is easy to find (i have had to do it to add a line from another pc to get this one to operat a prog) you

start>find>sys 32
 
hermes ... glad you nailed it but just "ticking & fixing" with HJT isn't usually the complete answer. Fixing with HJT won't remove the offending files/folders.

You must make sure you manually delete any malware files/folders related to the items you fixed in HJT.

Did you do that?

If not please post your HJT log with details of what it was you fixed and we'll make more recommendations.

Also remember that HJT doesn't reveal everything. In fact HJT itself is showing signs of age as more and more malware is hiding from it.



R.
 
You must log in or register to reply here.
Sponsored Links

Similar threads

H
Slow laptop
Replies
1
Views
568
gcol
G
D
Homepage Probs
Replies
12
Views
2K
pipme
P
solo
Aaaarrrgghhh, darn virus.
Replies
8
Views
1K
solo
solo
G
Google virus
Replies
2
Views
874
Igorian
I
D
problems after yourprotection infection
Replies
3
Views
1K
drewroof
D
Back
Top