Hello,
You have a spyware not a virus.
Regards
Main Topics
Browse All Topics
Loading Advertisement...
Question
Delete browsing history in Explorer 8
I am trying to fix a friends PC. The browsing history (IE8) contains porn sites, I have used the tool in IE8 to delete browsing history and CCleaner as well. I can not remove the sites in the history. I have opened the history and manually deleted each one. They disappear but when I reopen IE8 they are back. I have scanned this PC for Viruses with AVG but none were found.
How can I get rid of the history?
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Subscribe now for full access to Experts Exchange and get
Instant Access to this Solution
- Plus...
- 30 Day FREE access, no risk, no obligation
- Collaborate with the world's top tech experts
- Unlimited access to our exclusive solution database
- Never be left without tech help again
Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.
- "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
- "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
- "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.
See what Experts Exchange can do for you.
Got a question?
We've got the answer.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
Need individual assistance?
Our experts are ready to help.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Want to learn from the best?
Read articles from industry experts.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Working on a long term project?
Store your work and research.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
What Makes Experts Exchange Unique?
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Trusted by the world's most respected brands.
Faithfully serving IT professionals since 1996.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Free Tech Articles
-
WARNING: 5 Reasons why you should NEVER fix a computer for free.
It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
-
SCCM OSD Basic troubleshooting
SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
-
Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
-
Create a Win7 Gadget
This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
-
Outlook continually prompting for username and password
There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
-
Backup Exchange 2010 Information Store using Windows Backup
There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...
Cloud Class Webinars
- Avoiding Bugs in Microsoft Access
Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
- Top 10 Best New Features in Visio 2010
Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
- IT Consultant Business Secrets Revealed
Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
- Disaster Recovery and Business Continuity
Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
- Organize Your Visio Diagrams with Containers and Lists
Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
- How to Us Objects, Properties, Events and Methods in Microsoft Access
Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...
Join the Community
Give a Little. Get a Lot.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Answers
Have you tried in safe mode? I recommend starting computer in safe mode and trying. Both CCcleaner and avg are free so they might just take care of some. I recommend buying an antivirus for around 40-80 bucks and update its definitions. Only then you might be protected. It sound like a strand of persistent trojans or viruses.
Other alternative, http://www.malwarebytes.or
Cheers.
yeller--You could try Security System Suite. Check the Temporary boxes in both columns
http://www.geocities.com/i
But malware removal is probably the right solution. Run a scan with your existing (I hope) antivirus program and SuperAntiSpyware as well
http://www.superantispywar
Then run HiJackThis.
http://www.download.com/Tr
If you need help in analysis, post here or analyze online at
Ok, so I tried the following:
Boot Safe Mode
Ran Malwarebytes: it found something like "hijack.displayProperties
Ran SAS: 0 found
Ran Spybot: 0 found
Ran: Ccleaner
I thought Malwarebytes had found and removed the problem but as soon as I rebooted, the problem returned.
I always get the same 4 or 5 pron web sites listed in the History.
Help
yeller--Put IE8 into InPrivate mode for the future. See left panel here
http://www.microsoft.com/w
Run Malwarebytes in Normal mode. Then run HiJackThis.
yeller--You might be better off by posting your MalwareBytes and HiJackThis logs here. Statements such as "it found something like "hijack.displayProperties"
I have a strong feeling you have not eliminated all malware.
Once that is done, you can then do the following.
Did you try putting IE8 into InPrivate mode?. See left panel here
http://www.microsoft.com/w
Delete History items by using http://www.nirsoft.net/uti
Once you run it, click Edit|Clear All.
Hi jcimarron,
Thanks for the replies. I am sure you are right. The Malware is definitely still there. I don't see how to put IE8 in "inprivate" mode.
Here is the hijackthis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:21 PM, on 04/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\PROGRA~2\AVG\AVG8\avgwd
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.e
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUP
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Hewlett-Packard\Medi
C:\Program Files (x86)\Hewlett-Packard\Medi
C:\PROGRA~2\AVG\AVG8\avgem
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG8\avgcsrvx.ex
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macrom
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThi
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-F
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-2
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-9
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-0
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-A
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.ex
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-5
O13 - Gopher Prefix:
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-4
O16 - DPF: {E2883E8F-472F-4FB0-9522-A
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-F
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SAS
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\Driver
O23 - Service: @%SystemRoot%\system32\Alg
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgem
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwd
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.e
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shar
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpserv
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.e
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.
O23 - Service: @%SystemRoot%\System32\net
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125
O23 - Service: @%systemroot%\system32\psb
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Loc
O23 - Service: @%SystemRoot%\system32\sam
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLs
O23 - Service: @%SystemRoot%\system32\snm
O23 - Service: @%systemroot%\system32\spo
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\Driver
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Medi
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Medi
O23 - Service: @%SystemRoot%\system32\ui0
O23 - Service: @%SystemRoot%\system32\vds
O23 - Service: @%systemroot%\system32\vss
O23 - Service: @%Systemroot%\system32\wbe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10685 bytes
Well now you can try taking IE8 off and deleting the history using the methods you have tried. If this doesn't work, then try this method that helps you go through the hole nine yards and more.
http://browsers.about.com/
As always follow the steps, and report your findings.
just a last thought, do you have any software that prevents you from making some changes to your computer such as deepfreeze, windows steady state, centurion technologies or something like that?
Just a thought!
yeller--I am no HJT expert , but you do seem to have some baddies
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-9
O23 - Service: @%SystemRoot%\System32\net
O23 - Service: @%SystemRoot%\system32\sam
O23 - Service: @%SystemRoot%\system32\SLs
O23 - Service: @%systemroot%\system32\vss
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%systemroot%\system32\spo
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpserv
The first and the last are "missing" so serve no purpose. The other six seem to be running from the the wrong folder and probably are the baddies.
So, run HiJackThis again and this time "Fix" the baddies. I think you will be able to quarantine them in case I am wrong and you want to restore. Alternatively, backup your hard drive to an external drive to allow a restore. If all is OK after a day or so, DELETE those/that backup(s) immediately. Also delete any System Restore points from the past and start fresh.
I tried pr0t0c0l12's removal procedures and the problem remains. I don't quite understand what you means by "now you can try taking IE8 off". Do you want me to uninstall IE8?
cimarron: I have already fixed those items in Hijackthis but the problem remains. IThis PC does not have any of that software you mentioned. I finally figured out how to put IE8 in inprivate mode. I ran the "delete browsing history" but no improovement.
I really do not know what else I can do.
yeller--"I have already fixed those items in Hijackthis but the problem remains. IThis PC does not have any of that software you mentioned. I finally figured out how to put IE8 in inprivate mode. I ran the "delete browsing history" but no improovement."
If you put the baddies into quarantine, both from MalwareBytes and HJT, they should not be affecting IE until at least the next boot, if ever again. So I do not understand how the problem can remain unless you need stronger malware removal such as ComboFix. I am not at all expert with that, so hope someone else will guide you. There is no point to putting IE8 into InPrivate mode until you are free of the baddies. It does not act retroactively. Conderning software you feel you do not have, there is none you need (except perhaps ComboFix, which I have only now mentioned) so I do not know what you mean by that.
jcimmaron: sorry, it was pr0t0c0l12: that asked " just a last thought, do you have any software that prevents you from making some changes to your computer such as deepfreeze, windows steady state, centurion technologies or something like that?" This PC does not have any of thoses programs installed.
I am at a loss as well. I have run all the suggested removal programs but the problem remains.
I will try Combofix.
Thanks
yeller--Forgive me, I have not read the previous posts in detail so may repeat what someone else has suggested.
If your friend can live with the porn sites, I would rename the existing History file (to anything, but try something that attracts no attention). Encrypt it, using TrueCrypt or something similar
http://www.truecrypt.org/
Rebooting should create a new and empty History file.
A further step, if still desired, would be a Repair Install.
http://www.dougknox.com/xp
http://www.michaelstevenst
That should not affect personal data or installed programs (except IE, which can be separately reinstalled).
Unfortunately this is a business PC and they want me to get rid of any Malware, if it exists. So, they would not want to just rename the sites.
I do not understand this suggestion: "Encrypt it, using TrueCrypt or something similar". It seems to me that you are suggesting I encrypt the History file but I might be confused. What do you want me to encrypt? Do you want me to encrypt the entire hard disk?
Additionally, you said "Rebooting should create a new and empty History file." Is this after the hard disk is encrypted? I am not clear on this suggestion.
In the "further steps" you gave links to XP repair installation. This PC is Vista 64bit.
Thanks for all your help. Any clarification would be really appreciated.
yeller--I presume the reason for your question here is because the History folder, full of porn site URL's, is embarassing. It actually causes no harm to the function of the PC--assuming all malware has been removed. If you encrypt the existing, but renamed, History folder, it cannot be opened for all to see, except those that have the password.
" So, they would not want to just rename the sites." I do not know if anyone has suggested that. Interesting idea. But if you are trying to get rid of the sites, why would "they" care if you renamed them?
You have done just about everything that can be done to get rid of malware (though I think your order was sometimes mixed up), so either a Repair Install or Clean Install
http://www.vistax64.com/tu
http://www.vistax64.com/tu
is about all there is left to do. The latter will wipe everything off the drive.
jcimarron,
Thanks a million for all you help and suggestions.
I will give you the points for this question.
I did find an alternative to your suggestions (but it basically disables your ability to see any history):
1) This clears existing address bar autocomplete history: (but will also clear your entire index, which will rebuild next startup)
Start button>Control Panel>System And Maintenance>Indexing Options, Click on Internet Explorer History, Click ADVANCED, Click RESTORE DEFAULTS
2) This will stop autocomplete history showing again in future: (slightly different for IE7 vs IE8 but you will get the idea)
IE8 > Tools > Internet Options > Content > AutoComplete Settings > Use Autocomplete for: > Uncheck 'Web Addresses'
Thanks again,
Yeller
yeller--Thanks for sharing your good information with us!
You should have written this reference
http://browsers.about.com/
3 Ways to Join
Business Accounts
- Perfect for organizations
- Multiple users
- Save over 36%
- Create a Business Account
Answer for Membership
- Earn free access
- Showcase your knowledge
- No credit card required
- Sign Up to Answer
Loading Advertisement...
by: yellerPosted on 2009-10-03 at 13:12:29ID: 25486836
Sorry, I forgot. It is Vista.