• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 183
  • Last Modified:

Malicious program on IE. Cannot change web pages. It jumps back to previous page.

Malicious program affecting Internet Explorer.  I can't change sites.  If I change sites, it stays there for 1or 2 seconds, then jumps back to the previous site.  OS is XP SP2.  This happened with IE 6.0.  It is impossible to download any programs because the site jumps back.  I was able to install IE 7.0 because the computer manufacturer's Help Panel worked without me having to access Microsoft's Update site directly.  I have run  Spyware Doctor and it found malicous programs but removing them did not fix the problem.  I have 2 computers so I can download and install programs that do not require the host computer to perform the download.
0
lakotasdad
Asked:
lakotasdad
  • 6
  • 3
  • 2
  • +2
1 Solution
 
Alan Huseyin KayahanCommented:
Hi lakotasdad,

                              Try running Malicious software removal tool which is installed with IE7 (check the box for that option while installing IE7)

Regards,

MrHusy
0
 
war1Commented:
Greetings lakotasdad !

Some website has hijacked your homepage.

1. Use the following scanners to find and remove the website.

Superantispyware
http://www.superantispyware.com/
or
Ewido
http://www.ewido.net/en/
or
Spy Sweeper
http://mysite.webroot.com/forms/Infoworld
or
SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/

2. Some shopping and porn websites redirects links to their websites using your HOSTS file. Do a search for the HOSTS (without extension) file and remove the entry.

HOSTS file is located in C:\WINDOWS\SYSTEM32\DRIVERS\ETC. It is a hidden file, so you need to unhide hidden files to see it. Go to any folder and select Tools > Folders Options > View. Check "Show hidden files and folders". Click OK.

3. Check if a security is locking your homepage.  Windows Defender will lock your homepage.  Check your antispyware, antivirus and other programs for the locking.  Temporarily disable them one by one.

4. If still no joy, download HijackThis

http://www.majorgeeks.com/download3155.html

Run the program and you will find many entries. Most are OK. Post the log at http://www.hijackthis.de/ and click Analyse, Save.  Post a link to the saved list here.

Best wishes, war1
0
 
lakotasdadAuthor Commented:
MrHusy,
I already installed ie7 and I believe it defaulted to that setting.  Can I do something to verify this since it is already installed?
War1: I have noticed something else bad.  Just using Windows Explorer, it will jump to the previous folder I already have open.  So this going beyond IE.  Also, for the websites you mentioned, I can't access websites.  I can only download programs from the 2nd computer, the one I'm using to write experts exchange.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
war1Commented:
tlaotasdad,

Have you ran Superantispyware in I proposed in my link above?
0
 
Alan Huseyin KayahanCommented:
       Hi lakotasdad
               If it is installed, it should be in Start>Programs>Malicious software removal tool  . Run it
             

Regards  
0
 
rpggamergirlCommented:
Maybe there's still some nasties left.

Can we look at a hijackthis log?
http://danborg.org/spy/hjt/alternativ.exe

Also run this tool:
Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Please show us the log.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
0
 
lakotasdadAuthor Commented:
Here is the link to the logfile from running "HijackThis":
http://www.hijackthis.de/logfiles/b78ff5a2c5f7846ff7257921d13f6fc3.html

0
 
war1Commented:
lakotasdad,

You HijackThis log looks fiine.  Did you run Superantispyware?  Did you look at the Host file?
0
 
lakotasdadAuthor Commented:
I deleted the two Host files that I found with the search.  I
I ran the malicious software removal tool and it did find any problems.
I ran the quick Superantispyware with only 22 cookies found.  It is 11pm my time.  I am started a "full scan" using Superantispyware and will let it run overnight.
0
 
lakotasdadAuthor Commented:
Superantispyware found 27 tracking cookies.  That was it.
0
 
SheharyaarSaahilCommented:
are you using wireless keyboard/mouse?
if yes then replace them with the wired ones, and then check if same issue?
0
 
lakotasdadAuthor Commented:
And the winner is ... Sheharyaar Saahil !!!!!!!  Thank You!  It's a laptop.  I read your post and was like..."really?"  So I unplug the wireless mouse antenna from the USB and ..Voila!  

Why does that happen?  Weak batteries in the mouse?
0
 
SheharyaarSaahilCommented:
>> Weak batteries in the mouse?

do you have an extra "forward/back" button in your mouse?
if yes then it can due to weak batteries or a damaged buttong.
0
 
lakotasdadAuthor Commented:
Yes it does.  Many thanks.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now