1. Visiting from the US? Why not try DIYnot.US instead? Click here to continue to DIYnot.US.
    Dismiss Notice

Hijacked favourites

Discussion in 'Software' started by hermes, 2 Dec 2006.

  1. hermes

    hermes

    Joined:
    3 Jan 2006
    Messages:
    1,782
    Thanks Received:
    0
    Location:
    Derbyshire
    Country:
    United Kingdom
    There is a problem on my son's pc. It has win xp home, IE version 7. Some of his favourites work ok, others, including his google homepage, take a long time then come up with unwanted sites, mostly gaming sites.

    I ran anti-spyware, anti-virus, cleared caches.

    Anything else to try?
     
  2. Sponsored Links
  3. eggplant

    eggplant

    Joined:
    23 Feb 2006
    Messages:
    821
    Thanks Received:
    2
    Country:
    United Kingdom
    what did you use to do a spyware/adware scan?
    You could check your hosts file, it isnt unknown for software to change it, you can find it in windir\system32\drivers\etc open with notepad should look like this:

    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost


    if you have any other entries post the contents of your hosts, lmhosts could also cause probs but I've never come accross a hijacked one.
     
  4. hermes

    hermes

    Joined:
    3 Jan 2006
    Messages:
    1,782
    Thanks Received:
    0
    Location:
    Derbyshire
    Country:
    United Kingdom
    I used adaware and spybot, both recommended on here. How do I find the windir/system 32 thingy?

    The strange thing is, the address of the website he wants appears in the address bar but pages from other sites appear on th screen.
     
  5. pchelpman

    pchelpman

    Joined:
    25 Feb 2006
    Messages:
    47
    Thanks Received:
    0
    Location:
    London
    Country:
    United Kingdom
    Good tip from eggplant.

    However, you might like to try this to flush out your system of most nasty stuff.


    Download Ewido/AVG Anti Spyware from here ….

    http://www.ewido.net/en/

    It has a fully working 30 day trial period.

    Install it and update it to the latest definitions.

    Do NOT use it yet.


    Now boot to safe mode. Here’s a “how to” if you’re not sure ..

    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406


    When in safe mode run a full system scan with AVGAS and let it fix what it wants to.

    REMEMBER TO SAVE THE SCAN REPORT and also remember where you saved it in case we need to see it later.

    [FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time].

    ------------------------------------------------------------------------------------------------------


    If this doesn't succeed in fixing the problem download HijackThis from here ...

    http://www.majorgeeks.com/download3155.html

    unzip & install it ...
    open the program ...
    from the menu click on "Do a system scan and save a logfile".

    Copy and paste that logfile to this thread. Specific removal instructions will follow to fix whatever it is that's causing the problem.


    PCH
     
  6. empip

    empip

    Joined:
    24 Sep 2005
    Messages:
    6,314
    Thanks Received:
    171
    Country:
    United Kingdom
    Viewing the hosts file...

    Spybot S&D

    <Tools>

    <Hosts file> ( Hit the help button .. Useful )

    And / or

    Run HiJackThis.

    < None of these start the prog >

    < Config >

    < Misc Tools >

    < Open Hosts file manager >

    To edit the file other than line delete or comment toggle..
    < Open in Notepad >
    -
     
  7. Sponsored Links
  8. eggplant

    eggplant

    Joined:
    23 Feb 2006
    Messages:
    821
    Thanks Received:
    2
    Country:
    United Kingdom
    just open it in notepad like I said before, I fail to see the problem?
     
  9. empip

    empip

    Joined:
    24 Sep 2005
    Messages:
    6,314
    Thanks Received:
    171
    Country:
    United Kingdom
    I read where Hermes said ... "..How do I find the windir/system 32 thingy?..." Did you not see that? I think that may be a problem for H.
    -
     
  10. breezer

    breezer

    Joined:
    3 Jan 2003
    Messages:
    23,324
    Thanks Received:
    30
    Location:
    Sussex
    Country:
    United Kingdom
    system 2 is easy to find (i have had to do it to add a line from another pc to get this one to operat a prog) you

    start>find>sys 32
     
  11. hermes

    hermes

    Joined:
    3 Jan 2006
    Messages:
    1,782
    Thanks Received:
    0
    Location:
    Derbyshire
    Country:
    United Kingdom
    Sorted, using hijackthis. Thanks all for your help.
     
  12. pchelpman

    pchelpman

    Joined:
    25 Feb 2006
    Messages:
    47
    Thanks Received:
    0
    Location:
    London
    Country:
    United Kingdom
    hermes ... glad you nailed it but just "ticking & fixing" with HJT isn't usually the complete answer. Fixing with HJT won't remove the offending files/folders.

    You must make sure you manually delete any malware files/folders related to the items you fixed in HJT.

    Did you do that?

    If not please post your HJT log with details of what it was you fixed and we'll make more recommendations.

    Also remember that HJT doesn't reveal everything. In fact HJT itself is showing signs of age as more and more malware is hiding from it.



    R.
     
Loading...

Share This Page