We help IT Professionals succeed at work.

Title of all webpages I open is www.safyway.blogspot.com, I think IE has been hijacked. Kindly advice.

Medium Priority
3,159 Views
Last Modified: 2013-11-16
All my IE pages have default title : www.safyway.blogspot.com. How can I remove it?
Comment
Watch Question

First I would try running Spybot Search and Destroy. You can download it from www.download.com. If that doesn't work, download HijackThis (also from download.com) and post the log file results. We should be able to pick out the program causing the issue from your log results.

Author

Commented:
Hi, I ran spybot but didn't find anything there. Attached is hijackthis log file.


hijackthis.log
Remove these two entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safyway.blogspot.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.safyway.blogspot.com

There are a couple more that make me suspicious, but lets start out by deleting those two and see if that fixes your problem.

A couple of other questions. Are you getting your internet connection through a proxy server? If you're not sure then another question would be, how are you connected to the internet?

Author

Commented:
I tried deleting them but they reappear after some time. As for my internet connectivity is concerned, I it get through IP NAT from my H/W Firewall.
Commented:
I got the solution myself. Here are the steps:-

First
Open task manager and kill process wscript.exe.

Then
Delete VirusRemoval.vbs and Autorun.inf files from all usb drives.

Then
Go to c:\Windows\System32 and delete the file VirusRemoval.vbs. It is super hidden so first go to Folder Options and check show hidden and super hidden check boxes. Also required for the above files.

Then
Go to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
On the right side look for Shell which should have value of just explorer.exe.
delete anything after explorer.exe.

Under same key Winlogon also look for Userinit which should have value of
c:\WINDOWS\system32\userinit.exe,
Delete all the crap after the comma.

Then
Go to HKCU\Software\Microsoft\Internet Explorer\Main
On the right side locate Window Title and delete its value


Under the same key locate Start Page and delete its value

Explore More ContentExplore courses, solutions, and other research materials related to this topic.