Jesus CHRIST - Browser Hijack

[old.user4556]

All,

My f'king IE homepage has been hijacked and no matter what spyware removing program I run, it just keeps coming back. I've even tried Browser Hijack Blaster and that doesn't seem to do a god damn thing.

I've tried AdAware and Spybot and neither of those (fully up-to-date) can stop it either. Spybot doesn't even detect it, but AdAware can see it and remove it but it can't prevent it from being hijacked again - the hijack returns when I launch IE. Here is what AdAware shows

Does anyone know how to stop a continuous hijack, or a piece of software to remove whatever it is that reinstates the hijacked page?

Edit: This is driving me fucking berserk, when I open a window where there is HTML involved (such as the user accounts in control panel), the fucking hijacked page appears in there too.

Cheers

G

 

[wyrd_fish]

where you running windows in safe mode when you ran adaware? if not try that

 

[old.user4556]

Tried again in safe mode, no joy .

After i rebooted, i checked the homepage in internet options and it was microsoft.com (the default) and i thought it was fixed. However, when i loaded up a browser window and checked the homepage once i had opened IE, it was back to the hijacked page.

FFS!

Any other ideas?

G

 

[wyrd_fish]

short of a reinstall, nope...

 

[wyrd_fish]

another thought... why not google it to see how other people got rid of it?

 

[Xavier]

Ok, check startup in your start menu, Run, RunOnce and RunonceEX in the registry.

If you're removing the hijack then something must be either memory resident or triggered to rewrite the homepage settings, etc.

Check your task manager, use search to find the locations of any apps you don't recognise resident within memory. Something will be running, either a script or some nasty little TSR.

And get a decent browser, IE r 't3h suck' without SP2 for hijacks... Firefox 0.9 for the next 2-3 months at least

 

[tRoG]

I know this is the answer to most browser problems nowadays, but...

http://www.mozilla.org/

 

[TheJkWhoSaysNi]

This is the answer to all your problems..

 

[old.user4556]

This is the answer to all your problems..

Good suggestion that man, worked a treat for me and my browser hijack woes are gone. However, i'm going to try Mozilla .

 

[Wij]

This is the answer to all your problems..

Hey - you beat me to it again

 

[fatbusinessman]

I know this is the answer to most browser problems nowadays, but...

http://www.mozilla.org/

Seconded

 

[old.user4556]

Fuck.

Ok, that shredder program worked a treat, but i'm still getting hijacked and my homepage being reset to "about:blank" and then forwarded to an advertising website. CWshredder picks up searchX.

There are some other symptoms i'm very worried about. Firstly, i'm running a very bloated svchost.exe (NOT sCvhost.exe) which is soaking up to 90 Mb of system ram. This indicates a virus in conjuction with this hijack, but my XP machine is fully patched and my Norton AV is fully up-to-date. I've also noticed notepad.exe has disappeared and replaced by notepad.exe.bak and another notepad.exe. Norton AV picks up no virus.

I had a look in msconfig, and in the win.ini section, there was an indication to load this dodgy notepad.exe. I've removed the notepad.exe and the line from win.ini, but i'm STILL being hijacked.

Any other ideas?

Using Firefox at the moment, but I really want to sort out this fucking svchost.exe problem too.

G

 

[wyrd_fish]

i had somthig replace my "server not found" and about:blank pages a while ago, that went to some crappy search

i fixed that by deleteing them, windows sorted itself out after that, not sure about the rest though


i once had one that messed up google, it changed the first page of results on any search to links to other search engines, after that it was just normal results... cheeky bugger

 

[throdgrain]

I had this at work, been fighting it for 3 days . My boss got it while I was on holiday off one of his left-handed websites ...
Anyway, I found the shredder thing had worked (thanks babs) but although the trojan had gone, the leafet things remained, and some of them I couldnt get rid of. I installed XP pro this afternoon , straight over the top of the existing win98, and now all is fine. I meant to format first, but clicked the wrong button...
Anway, the pc is now fine again.

 

[TdC]

Fuck.

Ok, that shredder program worked a treat, but i'm still getting hijacked and my homepage being reset to "about:blank" and then forwarded to an advertising website. CWshredder picks up searchX.

There are some other symptoms i'm very worried about. Firstly, i'm running a very bloated svchost.exe (NOT sCvhost.exe) which is soaking up to 90 Mb of system ram. This indicates a virus in conjuction with this hijack, but my XP machine is fully patched and my Norton AV is fully up-to-date. I've also noticed notepad.exe has disappeared and replaced by notepad.exe.bak and another notepad.exe. Norton AV picks up no virus.

I had a look in msconfig, and in the win.ini section, there was an indication to load this dodgy notepad.exe. I've removed the notepad.exe and the line from win.ini, but i'm STILL being hijacked.

Any other ideas?

Using Firefox at the moment, but I really want to sort out this fucking svchost.exe problem too.

G

sorry mr G, imo your system has been severely compromised. if I were you, I'd format and reinstall windows tonight. do *not* think "oh, this file is important, I think I'll keep it", shove in a write-protected bootdisk and format now. it's a pain, but it's a pain to make the other pain go away.

 

[babs]

svchost could be anything, i think it's the program that runs anything called by rundll32 or something like that iirc.

 

[TheJkWhoSaysNi]

Try this: http://209.133.47.12/~merijn/files/HijackThis.exe

It will show you any plugin that's installed into IE. You might be able to find what's causing the problem.