jerryvoss
asked on
SafetyDefender
Each time I click on IE, safetydefender.com opens instead of my home page. The content says that I am under the control of a remote computer and the only way to fix this is to click a link that will sell me the removal tools,ie. Spyware and Malware removal software.
I have tried smitrem and smitfraudfix, but even though they say they are cleaning my machine, when I reboot and open IE, I still am at the safetydefender website.
Has anyone else encountered this and overcome it?
I have tried smitrem and smitfraudfix, but even though they say they are cleaning my machine, when I reboot and open IE, I still am at the safetydefender website.
Has anyone else encountered this and overcome it?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That is the ight way, thanks.
I would suggest running HJT again and asking it fix the following entries:
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Local Page = C:\windows\system32\blank. htm
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Local Page = C:\windows\system32\blank. htm
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c 75078eb7c8 e} - C:\WINNT\system32\hpB1F9.t mp
Then reboot and re-run HJT to see if these entries are really gone. If so, the problem should be mostly solved and you should be able to reset you home page.
I would suggest running HJT again and asking it fix the following entries:
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c
Then reboot and re-run HJT to see if these entries are really gone. If so, the problem should be mostly solved and you should be able to reset you home page.
ASKER
After rebooting, I ran HJT again. Two of the entries are gone, and the BHO has changed, but is still there.
When I opened IE, it didn't open to "safetydefender.com," instead, there is an empty page with the address "about:blank" and when I try to reset my home page it returns to about:blank as soon as I leave the page.
I resubmitted the logfile from the latest scan. It is: http://www.hijackthis.de/logfiles/36da920c430d1c9d4e19b164242d18d1.html
How do I get rid of about:blank?
Thank you for your help.
Jerry
When I opened IE, it didn't open to "safetydefender.com," instead, there is an empty page with the address "about:blank" and when I try to reset my home page it returns to about:blank as soon as I leave the page.
I resubmitted the logfile from the latest scan. It is: http://www.hijackthis.de/logfiles/36da920c430d1c9d4e19b164242d18d1.html
How do I get rid of about:blank?
Thank you for your help.
Jerry
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oh yeah, remove the entries that r-k suggested if they're still present after running the tool, :)
Ooops, the rougescanfix canned speech is a little outdated but the fix itself is also updated with removing the the re-spawner "C:\WINNT\system32\dcomcfg .exe"
Ooops, the rougescanfix canned speech is a little outdated but the fix itself is also updated with removing the the re-spawner "C:\WINNT\system32\dcomcfg
ASKER
Thank you all for your help. I won't be able to try them until later in the day.
Jerry
Jerry
Hi There, Check Out this link , Someone has the same problem ;)
http://forums.techguy.org/security/461472-windows-xp-hijack-log-eliminate.html
ASKER
Thank you all for your help!
After I ran the newer version of SmitFraudFix in Safe Mode, I got a message saying: "Cannot inport cleanup.reg: Error accessing the registry" but when the text file came up at the end, it reported that the registry was cleaned.
I restarted the computer in normal mode, and IE opened up to MSN, and then I reset it to my normal home page. I've opened and closed the browser several times, and it seems to be back to normal. Again, thank you all very much!
Jerry
After I ran the newer version of SmitFraudFix in Safe Mode, I got a message saying: "Cannot inport cleanup.reg: Error accessing the registry" but when the text file came up at the end, it reported that the registry was cleaned.
I restarted the computer in normal mode, and IE opened up to MSN, and then I reset it to my normal home page. I've opened and closed the browser several times, and it seems to be back to normal. Again, thank you all very much!
Jerry
Glad to hear your problem's resolved.
Thanks, :)
Thanks, :)
ASKER
http://www.hijackthis.de/logfiles/4e922e2fda7987abd7d332297775bb9a.html
I hope this is the right way to post the link.
Jerry