Solved

IE opens porn webpages

Posted on 2004-09-05
34
1,615 Views
Last Modified: 2013-12-04
Hi
I'm sure this is a most often asked question here. But this is a bit different.
Now this is what is happening, Since the last 2-3 months whenever I go online(through dialup)after about 5-10 mins, I see a a red install like box come which dissappers very rapidly and then this seperate IE page comes up (not a popup window, a full page), which is full of XXX rated  pics and links. I can close this page and it goes away but then it will come up again after every 5-10 mins.
I have seen that the first couple of pages always point out to the same IP address (not a domain name) like http://216.131.84.28/tout.php or http://216.131.116.180/re/re36.html, which looks like a redirected page. After this the pages that open up always have full domain names.

Now these are the things I have done about it.
1) Scanned the whole hard drive with Spybot S&D and Adaware. They did find some things and removed them but then the page still comes up. An interesting thing thats happening now is that after scanning about 50,000 odd files, adaware locks up and I have to close out of it. So I removed and installed the new version (SE) with updates but that also does the same thing...doesn't happen with spybot though.
2) I have also used CWsheredder but no go.
3) Went into IE properties and changed everthing to default settings. Also disabled active x controls and third party browser extensions.  No go.
4) Removed all junk from the hard drive like temp files, temp internet files, cookies, history etc. no go.
5) Also tried system restore in despeartion but again no go.

So if anyone can help me get rid of this annoyance (I have contemplated formatting the hard drive!!), I'll be most thankful. Just that its a big annoyance and its making me go slightly crazy.
Thanks
0
Comment
Question by:raghunaj
  • 14
  • 10
  • 5
  • +2
34 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11985321
Hello raghunaj =)

Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 11985323
Browser Hijacking/Spyware/Adware/Malware Removal instructions

Full removal and Prevention instructions are available on my website,

http://www.petenetlive.com/Tech/Browsers/hijack.htm

Please don't "Gum up" the TA's here by posting Hijack This Logs
go here and have it analysed.
http://www.hijackthis.de/index.php?langselect=english

The EE Official Link to info is,
 http:Q_20975384.html#10973783
0
 

Author Comment

by:raghunaj
ID: 11985471
Will do that and get back. Thanks.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11985479
:)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11985483
raghunaj ..... remember not to remove anything in LOG of hijackthis,,,, post here and then we will tell u waht is BAD which shud be removed :)
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11985492
the link above will tell you what to remove :)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11985501
but still i want to look at his LOG file..... if he dont mind and trust me :)
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11985513
constantly filling th EE PAQ with hijack this logfiles bloats the EE PAQ and provides little or no help to people searching the PAQ
if the poster can analise his/her own log, then

a they will know what to do in future and will save points
b will be happy in the knowledge thry fixed it themselves and can get a refund.

Pete
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11985551
that can be ur thought.... i think that we are sitting here to do this..... we can share our knowledge and experience with them and can help them with that..... and giving a site can cure the problem for once or twice..... but what is the guarantee that this particualr site will be there always and will not get down.... and what if it will close ??

sites are not fore ever,,, but knowledge is fore ever and that's what i want to use with hijackthis logs :)
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11985569
if you tell him

fix these lines

he has learned nothing - if he fixes it himself then - id be happier in the knowledge that he has taken something from the site of worth.
sites are not forever? true but then neither is software.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11985589
that will also tell him to Fix the lines.... actaully i dont trust that site...... i tried it with my LOG when i first discoverred that site... and it Labelled my DSL modem software as NASTY..... lol i cannot trust it anymore.... it can label anything as NASTY if its unknown to it..... atleast i dont do it :)
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 11985597
raghunaj,

Please follow Pete's suggestion at http:#11985323
Just posting a hijackthis log without even scanning with either Ad-aware or Spybot S&D will give you a very messy hijackthislog which is terrible to search through, and is in no-way even close to a fix-all. A lot will be left on your system when following only SheharyaarSaahils advice.

Thanks,

LucF
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11985612
LucF, let me handle what i have suggested or asked.... a messy hijakcthis log can be terrible for u,,,,, but i can handle it.... dont force me to be rude enough with u by posting such comments.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11985620
>>it labelled my DSL software as nasty

possible but not as bizarre as telling a poster to disable their firewall
http://www.experts-exchange.com/Web/Browser_Issues/Q_21114323.html#11946705
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11985630
no one is being rude - we care about this site and the quality of its PAQ
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11985643
it was not his firewall..... read his comment where he said that he never Installed any Sygate firewall >> http://www.experts-exchange.com/Web/Browser_Issues/Q_21114323.html#11947381

more over he didn't have any C:\Program Files\Sygate type of thingy on his system,,,,,,, read the whole question Pete.... even after removing those lines,,,,, no harm was made to his system...... those were all unwanted entries and were not at all related to any kind of firewall....... ur behaviour is disappointing me today =\
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11985647
>> no one is being rude - we care about this site and the quality of its PAQ

so do I..... and that's why i dont POINT-OUT on other expert's comments or suggestions.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 57

Expert Comment

by:Pete Long
ID: 11985663
Im sorry my behaviour is dissapointing you - I have spent the last two years calling EE my home Ive worked to keep it the outstanding site it was when I found it.
this site survives as a business entity on the quality of its PAQ - its the site most marketable quality - filling it with dirge, debases the quality of this site.

 
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11985676
>>dont POINT-OUT on other expert's comments or suggestions.

no but you happy to tell me my behaviour is "disappointing me today "

well sorry squire but your behaviour has been dissapointing me for months.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11985687
My GOD..... is it the first time we are asking for LOG files...... we are doing it from quite a long time.... and only becoz of another site has put a so called log file analysis which can label anything as nasty..... we are asking users to not to use EE's experts' knowledge or help but instead goto blah blah site and that will do the job for u...... come on guysssss, Cant we deal with LOG files..... we dont need an Extra or Automatic site..... EE's community is enough for us !!
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 11985708
Wrong, YOU can't deal with real logfiles, you don't even recognize if something like Adaware has been ran before running hijackthis... Sorry to say but I wouldn't trust you with any of my computers.

LucF
0
 

Author Comment

by:raghunaj
ID: 11985730
ok wait a min.....whats going on guys!!???

I followed  PeteLong's suggestion and removed couple of entries.....I'm no total greenhorn and can understand a few things. The log analysis sytem on that website is probably setup to scan common things but its helpful in scanning those registries that I have no clue about but still am suspicious. So far I haven't seen new windows coming up, so good!!
but this problem may return after I reboot my box. So will get back to you after rebooting....and no it won't take days!! ;)

This is what I thought was nasty and removed.
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28A2810-9C38-46DC-A6C3-BD473C99CF49}: NameServer = 203.94.
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
O4 - HKLM\..\Run: [SysInit] C:/Program Files/Common Files/svchost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://free64all.com/tgp/out.php?l=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://free64all.com/tgp/out.php?l
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://free64all.com/tgp/ou
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://free64all.com/tgp/
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11985745
LucF.... how many times i have to ask u to keep ur thoughts abt me to urself..... i dont want ur opinions abt me..... plzz for GOD sake.... leave me ALONE !!!

>> well sorry squire but your behaviour has been dissapointing me for months.
hmmmmmmm so one more on the list...... never mind.... i will take this issue as closed coz now i know the reason of all the above comments..... still good luck to u from me Pete !!!
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 11985746
yes, that 04 line there is a nasty one:
http://www.sophos.com/virusinfo/analyses/trojstartpabd.html

Please also check your favorites, some links could have been added by that trojan.

LucF
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11985780
>>My GOD..... is it the first time we are asking for LOG files......

no this is probably the thirtyeth log file you have asked for today

>>we are doing it from quite a long time....

We? show me one post in the nearly 17 thousand posts Ive made where I ask to see someones logfile

in fact see my comments on my website
-----------------------------------------------------------------------
OK If the above software didn't solve the problem then your next step is to download the following piece of software.

Run this little doohickey, and it will list registry entries and running processes that it considers suspicious (NOTE a lot of innocent entries will be listed). OK now you have a list of what's running you need to analyzed it (Gulp!) Don't panic the good thing is, if you haven't got a clue, DONT go posting your hijack list to a forum like EE It just gums up the message boards go here and have it analysed for you CLICK HERE

To Learn how to analyse the logs for yourself CLICK HERE

-----------------------------------------------------------------------
>>and only becoz of another site has put a so called log file analysis which can label anything as nasty.....


Do you presume to offer the opinion that YOU can't label something as NASTY? If it were me asking the question I think I'd be more respondant to Luc's approach of dont try to do things manually.

>>we are asking users to not to use EE's experts' knowledge or help but instead goto blah blah site and that will do the job for u......

in my first post I believe that I posted the EE official link to information regarding hijacking correct me if I am in error


>>come on guysssss, Cant we deal with LOG files....

Yes, In fact im willing to be i pretty much know my way round the registry as well if not better than any expert on this site - the fact of the matter remains HJ is as the publisher admits - the tool to use when nothing else works.

your approach is no different to looking at engine oil to cure all automotive problems.

>>we dont need an Extra or Automatic site..... EE's community is enough for us !!

we need it more than looking at thousands of HJ log files in our PAQ, and if as you say EE is enough for you why are you not posting the link to EE's official information page.

you sir are a buffoon! I would not trust you with the health of my toaster.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 11985790
hey all ,

It was not a pleasure to see all the comments here before posting my suggestion on this .

Bottomline is I would agree with what Petelong has suggested. First let the site determine what all the bad entries, let the user delete those and will reduce half of our work.  To start with we have to trust websites like that . Nobody has said so far that the site is bad.  
Secondly , it has become new (may be i should say  default) for all questions in almost all the major TA to see a Hijackthis log. Personally , I donot have that much time to see through every line in hijackthis and say fix this  etc.  Why cant the user do that when there is resource available.

Thirdly , there are already questions coming up in EE where the user says
" Well I posted my hijackthis log last time and fixed my issue but now again it has come back". I am not saying the expert who helped in fixing the issue didnot do a good job , it is because Hijackthis is always not a perfect solution

0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11985798
good call Ashwin :)
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11985832
raghunaj

please accept my appologies for the extra off topic comments in your thread - as expert we care about both this site and its standing as a technical resource
unfortunately some EXPERTS dont engage their brain before hitting "submit"
0
 

Author Comment

by:raghunaj
ID: 11985909
Hey guys like I said I'll be back...after a reboot. Please do not consider this thread closed yet.
Yes LucF, I forgot to mention that, a link is always added to my fav's.

Thanks to everyone.
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 11985926
You're welcome, good luck raghunaj.

LucF
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11985936
raghunaj thanks for responding keep us posted :)

Pete
0
 

Author Comment

by:raghunaj
ID: 11986250
Hey guys it seems like that was it!!
I have rebooted and am online for the last 40 mins but it hasn't come up!!

Many thanks to PeteLong and LucF!!
All of you helped but PeteLong gets the credit.

Thanks again.

0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 11987430
Great to hear!

LucF
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11987476
My Pleasure have a better one

Pete
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This video discusses moving either the default database or any database to a new volume.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now