IE help urgently needed..

Discussion in 'Computer Support' started by the niner nation, Jun 16, 2004.

  1. Hi...today i turned on Internet explorer and instead of yahoo as my home
    page, i got a home page from 'sloth'.
    I went to INTERNET OPTIONS to try and change it, but it wont even let me
    access it, saying that I need to contact systems administor and that i have
    restricted privelages.
    THIS is my damned computer and I am the 'administrator'!
    I am running windows xp home version.
    can anyone please tell me how to get my control back and what has happened?
    I scanned for viruses using NORTON and it says i wasnt infected.
    all replies warmly appreciated.
     
    the niner nation, Jun 16, 2004
    #1
    1. Advertisements

  2. the niner nation

    Yddap Guest

    In
    Try "adaware & " Spybot S&D" if not the rest
    (Copied from Mike )

    Spybot Search & Destroy
    http://spybot.eon.net.au/
    http://www.safer-networking.org/
    http://spybot.safer-networking.de/
    SpyBot S&D guide
    http://www.chem.wisc.edu/~network/spybot/

    Ad-Aware
    http://www.lavasoftusa.com/
    http://www.lavasoft.nu/

    Spyware Blaster
    http://www.wilderssecurity.net/spywareblaster.html
    http://www.javacoolsoftware.com/spywareblaster.html
    http://www.net-integration.net/tools/spywareblaster.html

    CWShredder (CoolWebSearch remover)
    http://www.spywareinfo.com/~merijn/cwschronicles.html
    http://www.spywareinfo.com/~merijn/files/cwshredder.zip
     
    Yddap, Jun 17, 2004
    #2
    1. Advertisements

  3. the niner nation

    reid decker Guest

    Try control panel, administrative services. Set yourself back as
    Administrator.(I think)Or, Go to help, System Restore. Set your own Restore
    Point back a month or so.
     
    reid decker, Jun 18, 2004
    #3
  4. the niner nation

    Jim Byrd Guest

    Hi Niner - Sounds like this might be a variant of some malware called
    CoolWebSearch (if CWShredder doesn't fix it, then see AdAware, SpyBot, and
    HijackThis, below, in that order). Do the following:



    Before you try to remove spyware using any of the programs below, download a
    copy of LSPFIX from any of the following sites:

    http://www.cexx.org/lspfix.htm
    http://www.spychecker.com/program/winsockxpfix.html (if your OS is Win2k or
    XP)


    The process of removing certain malware may kill your internet connection.
    If this should occur, this program, LSPFIX, will enable you to regain your
    connection. The process of removing certain malware may kill your internet
    connection. If this should occur, this program, LSPFIX, will enable you to
    regain your connection.


    Download, UPDATE before running, and run:
    http://209.133.47.200/~merijn/files/CWShredder.exe to remove the parasite.
    Be sure to close all instances of IE and OE. You may also get it here if
    that link is blocked: http://www.zerosrealm.com/downloads/CWShredder.zip

    BE SURE that you get v.158 or later!

    You will need to show Hidden files first and then at the end clear the
    malware garbage from your System Restore backups after you've cleaned up.
    It's best to perform CWShredder (and most other malware fixers too) from
    Safe mode and then reboot. AFTER cleaning things up, then you can disable
    and then re-enable System Restore. See ******** below.

    The following links give instructions on how to do these various functions:


    HOW TO Restart in Safe Mode
    <http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406>

    HOW TO Enable Hidden Files
    <http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339>

    HOW TO Disable/Flush System Restore (do this at the end AFTER cleaning or
    use the suggested procedure for XP at the ******'s)
    <http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039>
    (WinXP)
    <http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239>
    (WinME)



    Then download and run:
    http://www.kellys-korner-xp.com/regs_edits/iegentabs.reg to restore your
    tabs and remove any restrictions that the parasite has put in place.

    Now download and run:
    http://www.kellys-korner-xp.com/regs_edits/RestoreSearch2.REG to restore
    your search functions if they've been affected (as they probably will have
    been).


    Be sure that you also download and install hotfix Q816093, here:

    http://support.microsoft.com/?kbid=816093

    which blocks the exploit upon which this parasite family depends.



    However, this also indicates that you may have acquired some other malware
    along the way. If you go to this page at Jim Eshelman's site, here:
    http://aumha.org/a/noads.htm and wait a little bit (be patient), an analysis
    of a number of possible parasites on your machine will be made to help you
    identify and remove them. NOTE: You will need to disable Ad Blocking in Zone
    Alarm 3.x, if present or any other Ad Blocking software which interferes
    with Java Scripting for this scan to work. You should get a message between
    the two lines of **** giving the results of the scan.

    Get Ad-Aware 6.0, Build 181 or later, here:
    http://www.lavasoftusa.com/support/download/. UPDATE and run this regularly
    to get rid of most "spyware/hijackware" on your machine. If it has to fix
    things, be sure to re-boot and rerun AdAware again and repeat this cycle
    until you get a clean scan. The reason is that it may have to remove
    things which are currently "in use" before it can then clean up others.

    Another excellent program for this purpose is SpyBot Search and Destroy
    available here: http://security.kolla.de/ SpyBot Support Forum here:
    http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi. I recommend
    using both normally. After UPDATING and fixing things with SpyBot S&D, be
    sure to re-boot and rerun SpyBot again and repeat this cycle until you get a
    clean "no red" scan. The reason is that SpyBot sometimes has to remove
    things which are currently "in use" before it can then clean up others.

    Note that sometimes you need to make a judgement call about what these
    programs report as spyware. See here, for example:
    http://www.imilly.com/alexa.htm

    Both of these programs should normally be UPDATED and run after doing any
    other fix such as CWShredder and, as a minimum, normally at least once a
    week.



    If they don't fix it then start here:

    Download HijackThis, free, here:
    http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
    fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
    You may also get it here if that link is blocked:
    http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

    In Windows Explorer, click on Tools|Folder Options|View and check "Show
    hidden files and folders" and uncheck "Hide protected operating system
    files". (You may want to restore these when you're all finished with
    HijackThis.)

    Unzip the downloaded HijackThis to any convenient folder, start it then
    press Scan. Click on SaveLog when it's finished which will create
    hijackthis.log. Now click the Config button, then Misc Tools and click on
    Generate StartupList.log which will create Startuplist.txt

    Then go to one of the following forums:

    Spyware and Hijackware Removal Support, here:
    http://216.180.233.162/~swicom/forums/

    or Net-Integration here:
    http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

    or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx

    Sign in, then copy and paste both files into a message asking for
    assistance, Someone will answer with detailed instructions for the removal
    of your parasite(s).


    *******
    ONLY IF you've successfully eliminated the malware, you can now make a new,
    clean Restore Point and delete any previously saved (possibly infected)
    ones. The following suggested approach is courtesy of Gary Woodruff: For XP
    you can run a Disk Cleanup cycle and then look in the More Options tab. The
    System Restore option removes all but the latest Restore Point. If there
    hasn't been one made since the system was cleaned you should manually create
    one before dumping the old possibly infected ones.
    *******


    Once you get this cleaned up, you might want to consider installing the
    SpywareBlaster and SpywareGuard here to help prevent this kind of thing from
    happening in the future:

    http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
    X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
    memory load - but keep it UPDATED) The latest version as of this writing
    will prevent installation or prevent the malware from running if it is
    already installed, and it provides information and fixit-links for a variety
    of parasites.

    http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
    install malware) Keep it UPDATED. Both Very Highly Recommended


    Finally, go to Windows Update and ensure that ALL Critical updates are
    installed.

    --
    Please respond in the same thread.
    Regards, Jim Byrd, MS-MVP



    In
     
    Jim Byrd, Jun 18, 2004
    #4
  5. the niner nation

    Gstarkey Guest

    Sounds like you got Hijacked! You can get Hijacked by installing some
    "freeware" or by clicking on some links nowdays. Some of these things
    are hard to get rid of. Some just send you to a page hoping you will
    buy something. Others are vicious and have Keyloggers which can send
    info about you and your computer to their computers. I installed the
    free Zone Alarm and found three programs trying to access the internet
    on my computer that wasn't suppose to. The free program adaware found
    like 100 and some files of spyware on my computer. The free program
    Spybot found and removed more. My new computer had slowed down to a
    crawl when booting-up. I was running up to date Norton's system works
    and Windows Xp update was on and updated. I had to reformat to get rid
    of that trash completely. I paid the $50 bucks to buy Zone Alarm Pro it
    is your best defense. Anyway here is a great link from PcStats a
    newsletter I subscribe to. Yesterday, they had a great article on how
    to secure your Pc. It is well worth the read and very inlighting. I
    wish you Luck, Here is the link.
    http://www.pcstats.com/articleview.cfm?articleID=1598
    If the link don't work type it in the address bar or copy and paste.
     
    Gstarkey, Jun 19, 2004
    #5
  6. the niner nation

    ProfGene Guest

    If you don't want to buy a program to get rid of it you can download Opera
    which is what I did when this happened and use it as your browser as it will
    not be affected by this hijacking and it is a very good browser.
     
    ProfGene, Jun 19, 2004
    #6
  7. the niner nation

    RØß Vargas Guest

    My bank, my cable ISP, and my cell phone company all run sites that,
    while they'll work after a sort, are of a format that Opera didn't
    accept very well last time I tried to use it. Not Opera's fault, but
    it's worth being aware.

    Maybe it's become even better since last I tried it (sometime in
    2002, IIRC).
     
    RØß Vargas, Jun 20, 2004
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.