Solved

Spyware changing homepage

Posted on 2004-11-01
213 Views
Last Modified: 2013-12-04
A few days ago, my homepage started to be changed from the regular homepage setting to spykiller.com.  I could not search the internet or check my e-mail account.  On startup, everything will be fine, but after a little while, spykiller takes over.  I have run Spybot, Ad-aware, and spy sweeper, but they do not register that anything is wrong.  What should I do?

HEre is what I get when I run HiJack this!

Logfile of HijackThis v1.98.2
Scan saved at 7:40:11 PM, on 11/1/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Adam and Kim\Desktop\antivirus\HijackThis2.exe

O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [FM20644h.exe] "C:\WINDOWS\System32\FM20644h.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {8725FAB8-32D3-4C61-9D9A-EDEEF217350D} - (no file) (HKCU)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O20 - AppInit_DLLs: C:\WINDOWS\System32\kbdfc1066d.dll

0
Question by:apatai
    3 Comments
     
    LVL 65

    Accepted Solution

    by:
    Hello apatai =)

    First thing, uninstall that Bearshare.... that program doesn't comein the list of Good programs =\
    Second thing, fix just four two lines in hijackthis scan,

    O4 - HKCU\..\Run: [FM20644h.exe] "C:\WINDOWS\System32\FM20644h.exe"
    O9 - Extra button: (no name) - {8725FAB8-32D3-4C61-9D9A-EDEEF217350D} - (no file) (HKCU)
    O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
    O20 - AppInit_DLLs: C:\WINDOWS\System32\kbdfc1066d.dll

    Third thing, whatever tool u run, run it in safemode and plzz delete the temp and temp intenet files by running Disk Cleanup on ur hard drive, check if any progress :)
    0
     

    Author Comment

    by:apatai
    That worked...Thanks!
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    great..... :)

    now as the problem is solved, u can close this question :)
    for more info. on how to close a Question, plzz refer here >> http://www.experts-exchange.com/help.jsp#hs5
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    846 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now