junebug52
asked on
IE 6.0.2 Home Page Hijacked By "www.safetyhomepage.com"
MY Windows XP professional PC internet explorer 6.0.2 homepage has been hijacked by (www.safetyhomepage.com). I have treid everything I can think of to remove this pest. It causes numerous popups to appear on my machine such as X-rated websites and warnings that my computer is infected with viruses and spyware. It also has placed a triangular yellow icon in desktop tray that says (system alert:spyware detected; system has detected 4 spyware applications that will cause your system to crash and restart, slow it to a crawl or even shut it down entirely; click the icon to get rid of the unwanted spyware). This is to dupe me into clicking on this icon which will link my PC to their website.
I run McAfee security suite and Webroot spy sweeper applications but neither can detect or remove this malicious pest before it causes more harm to my system. My windows restore function does not work since this pest has invaded my system. I have tried all I can think of such windows restore (does not work), deleting internet and temp files, scanning for pest and viruses, and doing file searches for names that seem to be related. I have had no luck removing this pest. I would definitely appreciate any expert assistance that you all would provide to me on this issue.
I run McAfee security suite and Webroot spy sweeper applications but neither can detect or remove this malicious pest before it causes more harm to my system. My windows restore function does not work since this pest has invaded my system. I have tried all I can think of such windows restore (does not work), deleting internet and temp files, scanning for pest and viruses, and doing file searches for names that seem to be related. I have had no luck removing this pest. I would definitely appreciate any expert assistance that you all would provide to me on this issue.
Hi,
1. Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
Once in Safe Mode, open the SmitfraudFix folder again and double-click
"smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
2. After that , let us look at your hijackthis log please.
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.
OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.
2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save". Then post the link to the saved list here.
1. Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
Once in Safe Mode, open the SmitfraudFix folder again and double-click
"smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
2. After that , let us look at your hijackthis log please.
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.
OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.
2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save". Then post the link to the saved list here.
Microsoft Windows Defender
http://download.microsoft.com/download/e/d/0/ed099d5e-dc60-4740-8747-1c72f053b800/windowsdefender.msi
Defender Requires : GDI+
Download GDI+ :- http://download.microsoft.com/download/a/b/c/abc45517-97a0-4cee-a362-1957be2f24e1/gdiplus_dnld.exe
http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en
Defender Q & A
http://www.russelltexas.com/malware/defender.htm
http://download.microsoft.com/download/e/d/0/ed099d5e-dc60-4740-8747-1c72f053b800/windowsdefender.msi
Defender Requires : GDI+
Download GDI+ :- http://download.microsoft.com/download/a/b/c/abc45517-97a0-4cee-a362-1957be2f24e1/gdiplus_dnld.exe
http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en
Defender Q & A
http://www.russelltexas.com/malware/defender.htm
Good suggestions above.
Depending on how much data you have on your computer, it may be quicker and easier to just backup your data, reformat, and start over. If you find yourself spending hours and hours trying to get rid of the crap, i'd highly suggest this option.
Depending on how much data you have on your computer, it may be quicker and easier to just backup your data, reformat, and start over. If you find yourself spending hours and hours trying to get rid of the crap, i'd highly suggest this option.
Hi there. I don't think there is a single magic bullet for this. Most security people I know run more than one spyware program. My advice would be the following:
1. Use Adaware (and use it to scan ADS - not just its standard scan) since rootkits are becomming very common
2. Use Spybot S&D also
3. Get the free version of Zone alarm (zonelabs.com). This is an excellent firewall that should at least alert you if bad programs are trying to communicate outside of your PC, enabling you to block them
And a couple of prevention tips for the future (not a criticism - I only know this cos I have done the same).
1. If you ever download *anything* to run on your pc from a site you do not completely trust, google it first to see if there is anything bad about it
2. Check out siteadvisor.com - this is a free tool from McAfee that will integrate with your web browser and let you know, whenever you use a major search engine, which sites they have tested and are safe or contain dodgey downloads.
Good luck!
1. Use Adaware (and use it to scan ADS - not just its standard scan) since rootkits are becomming very common
2. Use Spybot S&D also
3. Get the free version of Zone alarm (zonelabs.com). This is an excellent firewall that should at least alert you if bad programs are trying to communicate outside of your PC, enabling you to block them
And a couple of prevention tips for the future (not a criticism - I only know this cos I have done the same).
1. If you ever download *anything* to run on your pc from a site you do not completely trust, google it first to see if there is anything bad about it
2. Check out siteadvisor.com - this is a free tool from McAfee that will integrate with your web browser and let you know, whenever you use a major search engine, which sites they have tested and are safe or contain dodgey downloads.
Good luck!
ASKER
Guys,
I used a anti-spyware application by the name of "Prevx1" to scan and remove the pest that had invaded and taken over my computer and my IE homepage. The sypweeper and sybot along with other pest detection and removal applications would not detect and remove this pest. I ran the "Prevx1" and it detected and removed the pest. The machine and the homepage are mind again.
Thanks for the assist!
I used a anti-spyware application by the name of "Prevx1" to scan and remove the pest that had invaded and taken over my computer and my IE homepage. The sypweeper and sybot along with other pest detection and removal applications would not detect and remove this pest. I ran the "Prevx1" and it detected and removed the pest. The machine and the homepage are mind again.
Thanks for the assist!
Glad to hear you solved it.
You can post at Community Support and ask for a refund of points for answering your own question and have this question closed.
I answered my question myself. What Do I Do?
https://www.experts-exchange.com/help.jsp#hi70
You can post at Community Support and ask for a refund of points for answering your own question and have this question closed.
I answered my question myself. What Do I Do?
https://www.experts-exchange.com/help.jsp#hi70
Alright, took rpggamesgrrrrl's ;-) suggestion, to refund the points. Since we got usefull information here, even how the malware was finally removed, I suggest to PAQ and keep it.
Tolomir CV
Tolomir CV
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1
After you install it make sure you search and install updates.
Run "immunize"
The run "Check for Problems"
Then open it in advance mode and go through all the tools.