can someone please help me with hijacked web page and explicit pop



tinman
07-09-2005, 10:53 PM
can someone please help me urgently. I have somehow been hijacked and my home
page always comes up first with explicit web sites. I have tried everything,
except my various scans indicate that everything is safe and that I have no
viruses.

I have the following on my computer, ad-aware SE Personal, FixQhost.exe,
Microsoft Antispyware, Spybot, and my main scan is PC CILLIN - trend micro.

Is it safe to use my computer for financial payments etc? I am too scared too.

I really dont want to delete everything and start again if possible.

Can someone help me please.

Thanks
--
Tinman

Malke
07-09-2005, 10:53 PM
tinman wrote:

> can someone please help me urgently. I have somehow been hijacked and
> my home page always comes up first with explicit web sites. I have
> tried everything, except my various scans indicate that everything is
> safe and that I have no viruses.
>
> I have the following on my computer, ad-aware SE Personal,
> FixQhost.exe, Microsoft Antispyware, Spybot, and my main scan is PC
> CILLIN - trend micro.
>
> Is it safe to use my computer for financial payments etc? I am too
> scared too.
>
> I really dont want to delete everything and start again if possible.
>

Even though you've got some antimalware tools, go through these removal
instructions systematically. You need to do everything with updated
tools in Safe Mode. You may need to run HijackThis (see below) and then
post your log to one of the forums in the links (not here, please).

First delete all Temporary and Temporary Internet Files. For IE's
Temporary Files, go to Control Panel>Internet Options>General tab.
You'll see where you can delete cookies and files. For Firefox, clear
its cache by going to Tools>Options>Privacy>Cache> Clear. For Windows
Temporary files, Start>Run cleanmgr [enter]. Then follow these detailed
malware removal steps, doing everything with updated tools in Safe
Mode. You can find all the links to referenced programs and sites on
my website here:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

1) Scan in Safe Mode with current version (not earlier than 2004)
antivirus using updated definitions.

Before you remove malware, get LSPFix or WinSockFix for XP - see links
below.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

If the malware remains even after you used Ad-aware and Spybot, you can
scan with HijackThis. HijackThis is an excellent tool to discover and
disable hijackers, but it requires expert skill. See the links on my
website for a HijackThis tutorial and places where you can post your
HJT log. Again, this is an expert tool and novices should get help
with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore after the system is clean because malware will be in the
Restore Points. With ME, you must disable System Restore completely.
With XP, you can delete all but the most recent (presumably clean)
System Restore point from the More Options section of Disk Cleanup
(Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

RiCtee
07-09-2005, 10:53 PM
yelo......some1 can actually change ur homepage settings remotely.....that
"some1" CAN exploit the web server u r using and then meddle with ur
homepage. So, I suggest u change the web hosting service u r using (except
if u own a web server) to a more reliable & secure 1. That "some1" CAN also
exploit directly into ur homepage if "he's" really experience. There's also
those "zombies" lurking around da internet, finding an unsecure homepage to
exploit. I also agree with wad malke said. -HaPPy WeBsPiNNiNg-


can someone please help me with hijacked web page and explicit pop