How to resolve a hijack problem with hijackthis software
Posted on 2006-04-18
A two part question:
The most pressing issue is that every time the user goes to IE, it opens a page entitled 'securitybulletin.net' with a bunch of apparently fake security warnings, even though his home page is msn.com. I ran hijack this, and looked through the log, searching on part of that website name, thinking maybe I could find some registry entry I needed to change, or a file to delete, etc.
But I'm not finding anything obvious, so I need guidance on how to resolve this.
The background, that leads to my second question, is that this is an XP computer on a small office network that has been working fine for two years with no problems at all. Yesterday he was on msn messenger with a guy for a few minutes, and all of a sudden he got blasted with all kinds of 'stuff'...fake warnings about spyware (complete with misspellings) telling him someone had invaded his computer, offers for all kinds of spyware and virus protection, and so many popups that he could not use his computer.
He was on XP SP1 at that time, with a current version of Trend Micro running. I cleaned up quite a few viruses, and purchased CounterSpy for him, which also found many problems and cleaned them up. I also updated him to SP2 and applied all the updates. And, with the exception of this seeming IE hijack, his problems seem to be solved.
But now he's asking me if it is possible that could have gotten all this stuff on his computer just by having talked with someone on msn messenger. Knowing little about that app, I couldn't tell him for sure. So my question is whether it seems likely or even possible that he could gotten all these problems as a result of using msn messenger--and is there anything specific to do or to avoid when using this program.