Sign In
Register
Help
My homepage has been hijacked by startzone.info and messenger.I trhink it may have been attached to an email of my daughters.I am not a computer wizard,so if there is a easy way to rid my pc of this pest it would be greatly appreciated
Page 1 of 1
hijacked homepage
MultiQuote
#2
Flashorn 
- Expert
-
- Group: Members
- Posts: 2,848
- Joined: 19-May 07
- Location:Canada
Posted 13 October 2008 - 11:05 AM
Hey gasser!!
Welcome to PCWorld Community!
If you can still access all sites on the web, would you PLZ download this scanner and run a Quick scan
of your PC. MalwareBytes AntiMalware .
Once you have downloaded this Free scanner , you have to up-date the definitions so, got to the Up-Date
Tab and do the up-date.Now go the Settings Tab and make sure that ALL of the check mark boxes are
checked.
Come back to the Scanner Tab and do a quick scan of your PC.
When the scan has finished , go to the Logs Tab and double click on the Log that the scanner has generated
and copy and paste the results ALONG with the browser that you use and the Operating System. XP or Vista,
and post back with this info.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
Welcome to PCWorld Community!
If you can still access all sites on the web, would you PLZ download this scanner and run a Quick scan
of your PC. MalwareBytes AntiMalware .
Once you have downloaded this Free scanner , you have to up-date the definitions so, got to the Up-Date
Tab and do the up-date.Now go the Settings Tab and make sure that ALL of the check mark boxes are
checked.
Come back to the Scanner Tab and do a quick scan of your PC.
When the scan has finished , go to the Logs Tab and double click on the Log that the scanner has generated
and copy and paste the results ALONG with the browser that you use and the Operating System. XP or Vista,
and post back with this info.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
#3
gasser
- Newbie
-
- Group: Members
- Posts: 4
- Joined: 13-October 08
Posted 13 October 2008 - 12:38 PM
Malwarebytes' Anti-Malware 1.28
Flashorn,My OS is Windows XP And i use IE as my browser,this did not eliminate the startzone or messengersite problem
Database version: 1266
Windows 5.1.2600 Service Pack 3
10/13/2008 3:23:37 PM
mbam-log-2008-10-13 (15-23-37).txt
Scan type: Quick Scan
Objects scanned: 59977
Time elapsed: 6 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEYCURRENTUSERSOFTWAREMicrosoftInternet ExplorerSearchScopes{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEYCURRENTUSERSOFTWAREMicrosoftWindowsCurrentVersionRunwinlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEYLOCALMACHINESOFTWAREMicrosoftWindowsCurrentVersionRunwinlogon (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:WINDOWSsystem32netstat.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:WINDOWSsystem32~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Flashorn,My OS is Windows XP And i use IE as my browser,this did not eliminate the startzone or messengersite problem
Database version: 1266
Windows 5.1.2600 Service Pack 3
10/13/2008 3:23:37 PM
mbam-log-2008-10-13 (15-23-37).txt
Scan type: Quick Scan
Objects scanned: 59977
Time elapsed: 6 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEYCURRENTUSERSOFTWAREMicrosoftInternet ExplorerSearchScopes{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEYCURRENTUSERSOFTWAREMicrosoftWindowsCurrentVersionRunwinlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEYLOCALMACHINESOFTWAREMicrosoftWindowsCurrentVersionRunwinlogon (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:WINDOWSsystem32netstat.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:WINDOWSsystem32~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
#4
Flashorn
- Expert
-
- Group: Members
- Posts: 2,848
- Joined: 19-May 07
- Location:Canada
Posted 13 October 2008 - 05:09 PM
Hey gasser!!
OK, so we got the main infected files out of the way.Now, I would like you
to go to the "msconfig" app. in XP. This is how to :
1. In Windows XP, go to Start > Run
2. Type MSCONFIG in the "Open:" box and then either press enter on your keyboard or click on the OK button.
.
3. This launches Microsoft's System Configuration Utility. Click on the Startup tab (the tab at the far right).
4. This takes you to a page with a list of "startup items." Startup
items are programs that are automatically loaded every time you turn on
your computer.
In msconfig , see if you can identify any of those redirections that appear in your web browser.
If you DO , PLZ. Uncheck those check mark. This will enable the " Apply" button to highlight.
Click on the "Apply" and then on the "OK" button. This will bring on the pop-up to ask you to:
PLZ. Restart your PC. When rebooted you will get another pop-up.
On this pop-up, on the bottom left hand corner you will see a box to check mark.
Put a check mark in the box and click on the OK. This pop-up will not come back.
Now , I would like you to download this app. which does not require an install.
It is a temps file cleaner called ATF Temps Files Cleaner By Atribune .
You will check mark all of the boxes and then click on the "Empty Selected"
Once you have deleted all of the temps files on your PC , I would now like you to empty the
Java cache . For this you will go to the "Control Pane" and click on the "Java icon". This will bring up
the Java Control Panel.At the bottom of the Java Control Panel you will see a "Settings" button ,
click on that. The next window to open will be this one:
Now, click on the "Delete Files" . there will be another window which will be this one:
!http://forums.pcworld.com/legacyimages/
1!
Now click on the "OK" button of all of the open windows to close.
After you have done this we will now download and run this little app.
wnhich is a free Virus Scanner that does not require an Install.
It will take only a few minutes to run and if it does find something , it
will show in the box in the middle of the app. Kindly copy and paste if it
finds anything.Dr. Web CureIt . The download link
is on the bottom of the page. You do NOT have to up-date as this is the
latest version.
To finish , Bring up your IE browser and go to "Tools" then "Internet Options"
and delete all of the temporary internet files along with the cookies.:
You can also delete the home page that the Trojan created for itself
and choose the home page that you want to appear when you open your browser.
!http://forums.pcworld.com/legacyimages/
1!
To clear your temps files, Click on the "Delete" . A pop-up will appear like this one"
!http://forums.pcworld.com/legacyimages/
1!
Click on the "Delete" button and all temps files will be deleted. Now , if you have made
any changes , you will have to click on the "Apply" button on the General Page and then on the OK.
OK, gasser this is what we would do to try and restore the host web page and also hopefully
remove other traces of this infection. Try these procedures and post back with your results.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
PS. Sorry it took so long to get back to you.
OK, so we got the main infected files out of the way.Now, I would like you
to go to the "msconfig" app. in XP. This is how to :
1. In Windows XP, go to Start > Run
2. Type MSCONFIG in the "Open:" box and then either press enter on your keyboard or click on the OK button.
.
3. This launches Microsoft's System Configuration Utility. Click on the Startup tab (the tab at the far right).
4. This takes you to a page with a list of "startup items." Startup
items are programs that are automatically loaded every time you turn on
your computer.
In msconfig , see if you can identify any of those redirections that appear in your web browser.
If you DO , PLZ. Uncheck those check mark. This will enable the " Apply" button to highlight.
Click on the "Apply" and then on the "OK" button. This will bring on the pop-up to ask you to:
PLZ. Restart your PC. When rebooted you will get another pop-up.
On this pop-up, on the bottom left hand corner you will see a box to check mark.
Put a check mark in the box and click on the OK. This pop-up will not come back.
Now , I would like you to download this app. which does not require an install.
It is a temps file cleaner called ATF Temps Files Cleaner By Atribune .
You will check mark all of the boxes and then click on the "Empty Selected"
Once you have deleted all of the temps files on your PC , I would now like you to empty the
Java cache . For this you will go to the "Control Pane" and click on the "Java icon". This will bring up
the Java Control Panel.At the bottom of the Java Control Panel you will see a "Settings" button ,
click on that. The next window to open will be this one:
Now, click on the "Delete Files" . there will be another window which will be this one:
!http://forums.pcworld.com/legacyimages/
1!
Now click on the "OK" button of all of the open windows to close.
After you have done this we will now download and run this little app.
wnhich is a free Virus Scanner that does not require an Install.
It will take only a few minutes to run and if it does find something , it
will show in the box in the middle of the app. Kindly copy and paste if it
finds anything.Dr. Web CureIt . The download link
is on the bottom of the page. You do NOT have to up-date as this is the
latest version.
To finish , Bring up your IE browser and go to "Tools" then "Internet Options"
and delete all of the temporary internet files along with the cookies.:
You can also delete the home page that the Trojan created for itself
and choose the home page that you want to appear when you open your browser.
!http://forums.pcworld.com/legacyimages/
1!
To clear your temps files, Click on the "Delete" . A pop-up will appear like this one"
!http://forums.pcworld.com/legacyimages/
1!
Click on the "Delete" button and all temps files will be deleted. Now , if you have made
any changes , you will have to click on the "Apply" button on the General Page and then on the OK.
OK, gasser this is what we would do to try and restore the host web page and also hopefully
remove other traces of this infection. Try these procedures and post back with your results.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
PS. Sorry it took so long to get back to you.
#5
SpiritWind
- Expert
-
- Group: Members
- Posts: 1,921
- Joined: 19-August 06
Posted 13 October 2008 - 06:19 PM
:D Hi Gasser :
My Research indicates you are going to need the assistance of a trained, experienced,
certified, Volunteer "Malware Removal Specialist" to Help with your problem(s) ; I
recommend you ask the "Microsoft Most Valuable Professional(s)" at aumha.net
and I recommend you ask in their "Parasites........." Forum .
My Research indicates you are going to need the assistance of a trained, experienced,
certified, Volunteer "Malware Removal Specialist" to Help with your problem(s) ; I
recommend you ask the "Microsoft Most Valuable Professional(s)" at aumha.net
and I recommend you ask in their "Parasites........." Forum .
#6
gasser
- Newbie
-
- Group: Members
- Posts: 4
- Joined: 13-October 08
Posted 14 October 2008 - 01:11 PM
Flashorn,part of the problem with this whatever it is that it also gets into the registry and causes problems there also.MSCONFIG wont stay up ong enough to click on any of the tabs.Really frustrating,but thanks for your help .
#8
Flashorn
- Expert
-
- Group: Members
- Posts: 2,848
- Joined: 19-May 07
- Location:Canada
Posted 15 October 2008 - 01:58 AM
Hey gasser!!
Well, as SpiritWind has indicated you do have more problems in that the infections
found by Malwarebytes do specify a Trojan Downloader and a Worm. These usually
infect more than one place on your PC and also leave tidbits all over.
You would be better served by posting to a site such as "AumHa" for more indepth cleaning.
They will make use of specialized tools which only trained personnel should advise you on
how to work with them. Unless you favor a reformat like Tech suggested, a site such as
mentioned above should and will be your best option.
If you do decide on the AumHa Forums , be certain to follow there
recommendations. Also , be as descriptive as possible in your post mentioning what you have done
with us. This will only help to speed up the cleaning process and avoid unnecessary exchanges.
The clearer the information the faster they will be able to restore your PC to a running state.
The link provided above is for registration. The first page is the "Legal" stuff. Once read , scroll down to the
"I Agree" and then continue the registration as you did for this forum.
This link is for the "HijackThis" forum. The first link in that forum has to be read along with the recommendations
for the "Quick Fix" link which might be able to help you. If not then , continue to post in your own thread
describing as much as possible the state of your PC and what you have already done. One word of advice,
if you have any P2P programs installed on your PC , I would recommend that you uninstall them before
posting a HijackThis log. If you do have such a program installed, it is the most likely source for the infection.
OK gasser, let us know what you decide on and if you have any other questions or if you don't understand
a procedure to be followed PLZ , don't hesitate to ask. If you do post to AumHa, you will find them patient
and understanding.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
Well, as SpiritWind has indicated you do have more problems in that the infections
found by Malwarebytes do specify a Trojan Downloader and a Worm. These usually
infect more than one place on your PC and also leave tidbits all over.
You would be better served by posting to a site such as "AumHa" for more indepth cleaning.
They will make use of specialized tools which only trained personnel should advise you on
how to work with them. Unless you favor a reformat like Tech suggested, a site such as
mentioned above should and will be your best option.
If you do decide on the AumHa Forums , be certain to follow there
recommendations. Also , be as descriptive as possible in your post mentioning what you have done
with us. This will only help to speed up the cleaning process and avoid unnecessary exchanges.
The clearer the information the faster they will be able to restore your PC to a running state.
The link provided above is for registration. The first page is the "Legal" stuff. Once read , scroll down to the
"I Agree" and then continue the registration as you did for this forum.
This link is for the "HijackThis" forum. The first link in that forum has to be read along with the recommendations
for the "Quick Fix" link which might be able to help you. If not then , continue to post in your own thread
describing as much as possible the state of your PC and what you have already done. One word of advice,
if you have any P2P programs installed on your PC , I would recommend that you uninstall them before
posting a HijackThis log. If you do have such a program installed, it is the most likely source for the infection.
OK gasser, let us know what you decide on and if you have any other questions or if you don't understand
a procedure to be followed PLZ , don't hesitate to ask. If you do post to AumHa, you will find them patient
and understanding.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
#9
gasser
- Newbie
-
- Group: Members
- Posts: 4
- Joined: 13-October 08
Posted 28 October 2008 - 04:11 PM
Hello to everyone that gave me help with my problem.I tried a few more attempts at fixing my problem,but ended up freezing the computer up.I ended up doing a system recovery.The good things are that it went very smoothly and also fixed my problem.Thanks to all who tried to help me out with it.One more question,what is a good internet security /antivirus program to use .I know that Norton and McKafee are popular,but read more con than pro on these programs.
Thank You,Gasser
Thank You,Gasser
#10
SpiritWind
- Expert
-
- Group: Members
- Posts: 1,921
- Joined: 19-August 06
Posted 28 October 2008 - 04:24 PM
Hi Gasser :A good "Starter Guide" for very good & FREE programs is what I wrote at
forums.pcworld.com/docs/DOC-1141|d-1141 . And for the "Internet Options >
Security > Internet > Custom Settings ", make sure what I mention at
[http://forums.pcworld.com/docs/DOC-2144|d-2144] is the "minimum" Settings used .
Page 1 of 1
