Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1661
  • Last Modified:

IE opens porn webpages

Hi
I'm sure this is a most often asked question here. But this is a bit different.
Now this is what is happening, Since the last 2-3 months whenever I go online(through dialup)after about 5-10 mins, I see a a red install like box come which dissappers very rapidly and then this seperate IE page comes up (not a popup window, a full page), which is full of XXX rated  pics and links. I can close this page and it goes away but then it will come up again after every 5-10 mins.
I have seen that the first couple of pages always point out to the same IP address (not a domain name) like http://216.131.84.28/tout.php or http://216.131.116.180/re/re36.html, which looks like a redirected page. After this the pages that open up always have full domain names.

Now these are the things I have done about it.
1) Scanned the whole hard drive with Spybot S&D and Adaware. They did find some things and removed them but then the page still comes up. An interesting thing thats happening now is that after scanning about 50,000 odd files, adaware locks up and I have to close out of it. So I removed and installed the new version (SE) with updates but that also does the same thing...doesn't happen with spybot though.
2) I have also used CWsheredder but no go.
3) Went into IE properties and changed everthing to default settings. Also disabled active x controls and third party browser extensions.  No go.
4) Removed all junk from the hard drive like temp files, temp internet files, cookies, history etc. no go.
5) Also tried system restore in despeartion but again no go.

So if anyone can help me get rid of this annoyance (I have contemplated formatting the hard drive!!), I'll be most thankful. Just that its a big annoyance and its making me go slightly crazy.
Thanks
0
raghunaj
Asked:
raghunaj
  • 14
  • 10
  • 5
  • +2
1 Solution
 
SheharyaarSaahilCommented:
Hello raghunaj =)

Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
0
 
Pete LongConsultantCommented:
Browser Hijacking/Spyware/Adware/Malware Removal instructions

Full removal and Prevention instructions are available on my website,

http://www.petenetlive.com/Tech/Browsers/hijack.htm

Please don't "Gum up" the TA's here by posting Hijack This Logs
go here and have it analysed.
http://www.hijackthis.de/index.php?langselect=english

The EE Official Link to info is,
 http:Q_20975384.html#10973783
0
 
raghunajAuthor Commented:
Will do that and get back. Thanks.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Pete LongConsultantCommented:
:)
0
 
SheharyaarSaahilCommented:
raghunaj ..... remember not to remove anything in LOG of hijackthis,,,, post here and then we will tell u waht is BAD which shud be removed :)
0
 
Pete LongConsultantCommented:
the link above will tell you what to remove :)
0
 
SheharyaarSaahilCommented:
but still i want to look at his LOG file..... if he dont mind and trust me :)
0
 
Pete LongConsultantCommented:
constantly filling th EE PAQ with hijack this logfiles bloats the EE PAQ and provides little or no help to people searching the PAQ
if the poster can analise his/her own log, then

a they will know what to do in future and will save points
b will be happy in the knowledge thry fixed it themselves and can get a refund.

Pete
0
 
SheharyaarSaahilCommented:
that can be ur thought.... i think that we are sitting here to do this..... we can share our knowledge and experience with them and can help them with that..... and giving a site can cure the problem for once or twice..... but what is the guarantee that this particualr site will be there always and will not get down.... and what if it will close ??

sites are not fore ever,,, but knowledge is fore ever and that's what i want to use with hijackthis logs :)
0
 
Pete LongConsultantCommented:
if you tell him

fix these lines

he has learned nothing - if he fixes it himself then - id be happier in the knowledge that he has taken something from the site of worth.
sites are not forever? true but then neither is software.
0
 
SheharyaarSaahilCommented:
that will also tell him to Fix the lines.... actaully i dont trust that site...... i tried it with my LOG when i first discoverred that site... and it Labelled my DSL modem software as NASTY..... lol i cannot trust it anymore.... it can label anything as NASTY if its unknown to it..... atleast i dont do it :)
0
 
LucFCommented:
raghunaj,

Please follow Pete's suggestion at http:#11985323
Just posting a hijackthis log without even scanning with either Ad-aware or Spybot S&D will give you a very messy hijackthislog which is terrible to search through, and is in no-way even close to a fix-all. A lot will be left on your system when following only SheharyaarSaahils advice.

Thanks,

LucF
0
 
SheharyaarSaahilCommented:
LucF, let me handle what i have suggested or asked.... a messy hijakcthis log can be terrible for u,,,,, but i can handle it.... dont force me to be rude enough with u by posting such comments.
0
 
Pete LongConsultantCommented:
>>it labelled my DSL software as nasty

possible but not as bizarre as telling a poster to disable their firewall
http://www.experts-exchange.com/Web/Browser_Issues/Q_21114323.html#11946705
0
 
Pete LongConsultantCommented:
no one is being rude - we care about this site and the quality of its PAQ
0
 
SheharyaarSaahilCommented:
it was not his firewall..... read his comment where he said that he never Installed any Sygate firewall >> http://www.experts-exchange.com/Web/Browser_Issues/Q_21114323.html#11947381

more over he didn't have any C:\Program Files\Sygate type of thingy on his system,,,,,,, read the whole question Pete.... even after removing those lines,,,,, no harm was made to his system...... those were all unwanted entries and were not at all related to any kind of firewall....... ur behaviour is disappointing me today =\
0
 
SheharyaarSaahilCommented:
>> no one is being rude - we care about this site and the quality of its PAQ

so do I..... and that's why i dont POINT-OUT on other expert's comments or suggestions.
0
 
Pete LongConsultantCommented:
Im sorry my behaviour is dissapointing you - I have spent the last two years calling EE my home Ive worked to keep it the outstanding site it was when I found it.
this site survives as a business entity on the quality of its PAQ - its the site most marketable quality - filling it with dirge, debases the quality of this site.

 
0
 
Pete LongConsultantCommented:
>>dont POINT-OUT on other expert's comments or suggestions.

no but you happy to tell me my behaviour is "disappointing me today "

well sorry squire but your behaviour has been dissapointing me for months.
0
 
SheharyaarSaahilCommented:
My GOD..... is it the first time we are asking for LOG files...... we are doing it from quite a long time.... and only becoz of another site has put a so called log file analysis which can label anything as nasty..... we are asking users to not to use EE's experts' knowledge or help but instead goto blah blah site and that will do the job for u...... come on guysssss, Cant we deal with LOG files..... we dont need an Extra or Automatic site..... EE's community is enough for us !!
0
 
LucFCommented:
Wrong, YOU can't deal with real logfiles, you don't even recognize if something like Adaware has been ran before running hijackthis... Sorry to say but I wouldn't trust you with any of my computers.

LucF
0
 
raghunajAuthor Commented:
ok wait a min.....whats going on guys!!???

I followed  PeteLong's suggestion and removed couple of entries.....I'm no total greenhorn and can understand a few things. The log analysis sytem on that website is probably setup to scan common things but its helpful in scanning those registries that I have no clue about but still am suspicious. So far I haven't seen new windows coming up, so good!!
but this problem may return after I reboot my box. So will get back to you after rebooting....and no it won't take days!! ;)

This is what I thought was nasty and removed.
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28A2810-9C38-46DC-A6C3-BD473C99CF49}: NameServer = 203.94.
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
O4 - HKLM\..\Run: [SysInit] C:/Program Files/Common Files/svchost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://free64all.com/tgp/out.php?l=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://free64all.com/tgp/out.php?l
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://free64all.com/tgp/ou
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://free64all.com/tgp/
0
 
SheharyaarSaahilCommented:
LucF.... how many times i have to ask u to keep ur thoughts abt me to urself..... i dont want ur opinions abt me..... plzz for GOD sake.... leave me ALONE !!!

>> well sorry squire but your behaviour has been dissapointing me for months.
hmmmmmmm so one more on the list...... never mind.... i will take this issue as closed coz now i know the reason of all the above comments..... still good luck to u from me Pete !!!
0
 
LucFCommented:
yes, that 04 line there is a nasty one:
http://www.sophos.com/virusinfo/analyses/trojstartpabd.html

Please also check your favorites, some links could have been added by that trojan.

LucF
0
 
Pete LongConsultantCommented:
>>My GOD..... is it the first time we are asking for LOG files......

no this is probably the thirtyeth log file you have asked for today

>>we are doing it from quite a long time....

We? show me one post in the nearly 17 thousand posts Ive made where I ask to see someones logfile

in fact see my comments on my website
-----------------------------------------------------------------------
OK If the above software didn't solve the problem then your next step is to download the following piece of software.

Run this little doohickey, and it will list registry entries and running processes that it considers suspicious (NOTE a lot of innocent entries will be listed). OK now you have a list of what's running you need to analyzed it (Gulp!) Don't panic the good thing is, if you haven't got a clue, DONT go posting your hijack list to a forum like EE It just gums up the message boards go here and have it analysed for you CLICK HERE

To Learn how to analyse the logs for yourself CLICK HERE

-----------------------------------------------------------------------
>>and only becoz of another site has put a so called log file analysis which can label anything as nasty.....


Do you presume to offer the opinion that YOU can't label something as NASTY? If it were me asking the question I think I'd be more respondant to Luc's approach of dont try to do things manually.

>>we are asking users to not to use EE's experts' knowledge or help but instead goto blah blah site and that will do the job for u......

in my first post I believe that I posted the EE official link to information regarding hijacking correct me if I am in error


>>come on guysssss, Cant we deal with LOG files....

Yes, In fact im willing to be i pretty much know my way round the registry as well if not better than any expert on this site - the fact of the matter remains HJ is as the publisher admits - the tool to use when nothing else works.

your approach is no different to looking at engine oil to cure all automotive problems.

>>we dont need an Extra or Automatic site..... EE's community is enough for us !!

we need it more than looking at thousands of HJ log files in our PAQ, and if as you say EE is enough for you why are you not posting the link to EE's official information page.

you sir are a buffoon! I would not trust you with the health of my toaster.
0
 
sunray_2003Commented:
hey all ,

It was not a pleasure to see all the comments here before posting my suggestion on this .

Bottomline is I would agree with what Petelong has suggested. First let the site determine what all the bad entries, let the user delete those and will reduce half of our work.  To start with we have to trust websites like that . Nobody has said so far that the site is bad.  
Secondly , it has become new (may be i should say  default) for all questions in almost all the major TA to see a Hijackthis log. Personally , I donot have that much time to see through every line in hijackthis and say fix this  etc.  Why cant the user do that when there is resource available.

Thirdly , there are already questions coming up in EE where the user says
" Well I posted my hijackthis log last time and fixed my issue but now again it has come back". I am not saying the expert who helped in fixing the issue didnot do a good job , it is because Hijackthis is always not a perfect solution

0
 
Pete LongConsultantCommented:
good call Ashwin :)
0
 
Pete LongConsultantCommented:
raghunaj

please accept my appologies for the extra off topic comments in your thread - as expert we care about both this site and its standing as a technical resource
unfortunately some EXPERTS dont engage their brain before hitting "submit"
0
 
raghunajAuthor Commented:
Hey guys like I said I'll be back...after a reboot. Please do not consider this thread closed yet.
Yes LucF, I forgot to mention that, a link is always added to my fav's.

Thanks to everyone.
0
 
LucFCommented:
You're welcome, good luck raghunaj.

LucF
0
 
Pete LongConsultantCommented:
raghunaj thanks for responding keep us posted :)

Pete
0
 
raghunajAuthor Commented:
Hey guys it seems like that was it!!
I have rebooted and am online for the last 40 mins but it hasn't come up!!

Many thanks to PeteLong and LucF!!
All of you helped but PeteLong gets the credit.

Thanks again.

0
 
LucFCommented:
Great to hear!

LucF
0
 
Pete LongConsultantCommented:
My Pleasure have a better one

Pete
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 14
  • 10
  • 5
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now