 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Internet Explorer / General Topics / August 2007IE7 Hijacked ....
Hello my IE7 is popping up on its own and launching web pages, also when I Launch Firefox it launches IE. I know it can be uninstalled, also my virus scanners and spy ware scanners do not detect anything. what can I do to repair IE7 in Vista ? I would start here: Kaspersky Virus Scan http://usa.kaspersky.com/products_services/free-virus-scanner.php Panda Total Scan http://www.nanoscan.com/as/v1/principal.aspx?track=40916 Trend Micro Housecall http://housecall.trendmicro.com/ Sophos Threat Detection Test http://www.sophos.com/products/free-tools/sophos-threat-detection-test.html Malware Removal and Prevention (CastleCops) http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction If you are able to identify the infection but unable to remove it you may find help here: Eset Virus Removers http://www.eset.com/download/free-virus-remover.php and if all else fails... TrendMicro HiJack This http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php --- Leonard Grey Errare humanum est > Hello my IE7 is popping up on its own and launching web pages, also when I > Launch Firefox it launches IE. I know it can be uninstalled, also my virus > scanners and spy ware scanners do not detect anything. what can I do to > repair IE7 in Vista ? I have already done all this, Defender, AVG, Norton, Mcafee, Yahoo and Comcast have all not detected anything wrong with my computer. Whatever is in my IE seems to not be a detectable problem but it is one still. I have had to unplug my speakers cause it will sometimes launch into a webpage that plays loud sounds. Any other sugestions before I have to completely reload my system =( > I would start here: > [quoted text clipped - 32 lines] > > scanners and spy ware scanners do not detect anything. what can I do to > > repair IE7 in Vista ? Those are my suggestions and you haven't followed them. Maybe you'd rather show your computer to a technician? Makes no difference to me if you want to reload your system - up to you. --- Leonard Grey Errare humanum est > I have already done all this, Defender, AVG, Norton, Mcafee, Yahoo and > Comcast have all not detected anything wrong with my computer. Whatever is in [quoted text clipped - 40 lines] >>> scanners and spy ware scanners do not detect anything. what can I do to >>> repair IE7 in Vista ? I have followed your suggestions as I stated Malware and spyware checkers ect... are not finding it, and your suggesting I use ever checker on the net as per your list of them. I have also done the Hijackthis log and currently looking it over. But thanks for reading my last post and determining I haven't done so =) As I am anoyed enough already that there is a bug in my IE7 that cant be located and my IE7 cant be removed or even reinstalled that I know of (Thanks Microsoft!). Yahoo has a Spyware tool I used it and no luck finding anything, Comcast also has one, same results. AVG is supposed to be one of the best on the net (Supplied by the same people as Hijackthis) also no luck. Norton and Mcafee also find nothing. I shall try useing all the other spywares on your list if so needed however....... I was simply asking if there were other sugestions other then the obvious spyware removal tools that have yet to find anything =) > Those are my suggestions and you haven't followed them. Maybe you'd > rather show your computer to a technician? Makes no difference to me if [quoted text clipped - 48 lines] > >>> scanners and spy ware scanners do not detect anything. what can I do to > >>> repair IE7 in Vista ? Malware (an all-inclusive term for all kinds of malicious software) is often very difficult to detect and/or remove. You frequently have to try many scanners before you find one that can identify and (hopefully) remove what's infected a computer. Sometimes there's nothing you can do no matter what you try. Because of this - and because malware is just damn annoying - I suggested you show your computer a to a technician. It may save you from a clean install. I would not recommend trying to decipher a HiJack This log. Interpretation of HiJack This is best left to the pros and there are many web sites with experts who do this for you. I don't know who told you that "AVG is supposed to be one of the best on the net" but even if it were you might still need to use other scanners, as I explained above. BTW, AVG is from Grisoft and HiJack This was created by Merijn Bellekom, who recently sold it to Trend Micro. --- Leonard Grey Errare humanum est > I have followed your suggestions as I stated Malware and spyware checkers > ect... are not finding it, and your suggesting I use ever checker on the net [quoted text clipped - 64 lines] >>>>> scanners and spy ware scanners do not detect anything. what can I do to >>>>> repair IE7 in Vista ? You are absolutly right about AVG..... I was thinking of another program from Trendmicro. So far I have booted to safemode and run scanners of many kinds and nothing is having an effect. They have removed all knids of cookies and even an adware program, I was hopeful after that, however I restarted and the problem persists. It seems to have only effected my browser. If I run Firefox, it will launch my IE7 and send me to vairous webs, if I launch IE7 it just starts launching more windows tabs. I was thinking a reload of IE7 may fix this but no thank you to Windows for giving this option =( I guess I was hoping for some kinda cure from here like.... Here is how you can reload IE7 !!! or I had this problem and here is how to fix it !!! lol your advice has been helpful and I thank you. I will attempt a few more things and wait another day and check this forum throughout the day and see if anything that works comes along =) Also I do attend a computer school and I am in the middle of my OS course so I will take this computer to my instructor and see if he has an idea. > Malware (an all-inclusive term for all kinds of malicious software) is > often very difficult to detect and/or remove. You frequently have to try [quoted text clipped - 87 lines] > >>>>> scanners and spy ware scanners do not detect anything. what can I do to > >>>>> repair IE7 in Vista ? > You are absolutly right about AVG..... I was thinking of another program > from Trendmicro. So far I have booted to safemode and run scanners of many [quoted text clipped - 7 lines] > it just starts launching more windows tabs. I was thinking a reload of IE7 > may fix this but no thank you to Windows for giving this option =( Was the other program you were thinking of CWShredder as that is one of the common browser hijack removal tools: http://us.trendmicro.com/us/products/personal/CWShredder/index.html Worth a try if you have not done so already. Graham. Daarrheel, you should know I have the EXACT SAME PROBLEM with Vista Ultimate. Don't know how it happened, and nothing I do works. Tried Hijack This, AVG Anti-Spy, CWShredder, AdAware 2007 and SuperAntiSpyware, plus serveral others and nothing detects this bug. I think it's related to "mgrs.exe" (which I discovered with Security Task Manager 1.7) and disabled it via the registry however BOTH IE7 AND FIREFOX are infected. Neither browser will link to any proper url from a search engine, I must type in a direct url. Both browsers take me to a Russian Google Adserver with links in English when performing a search. And of course IE7 pops up at any time and replicates four junk addresses before stopping. (and yes, I flushed the DNS cache, more than once). They don't seem to go anywhere, which makes me think it is disabled, however without a proper firewall available for Vista yet I can't say for sure. And the problem began once I changed default search engines from Windows Live to Google. I cannot install the either the Google or Yahoo toolbars, and no longer have access to Windows Update. I haven't tried the everything at the Elephant Boy link yet, and may still do so. However at this point I'd say it's probably easier to just wipe and reinstall. FYI - I triple boot XP MCE 2005 (on two drives), openSUSE and Vista, and am writing from XP now; otherwise I'd have never found your post because I can't live without Google. AND ONE LAST THING - I attempted to alter properties from a Domain Administrator Login in Vista for certain system 32 and temp files which may contain the malware and CANNOT CREATE NEW PERMISSIONS IN THESE FILES AT ALL. And although this may be a condition of the virus itself I blame it on Microsoft because: 1) I can create new permissions in other system32 files not as intricatly tied to the OS and 2) It's par for the course for Redmond, less end-user control means creater dependance on them for my "Windows Experience". So don't get downhaearted by PhanBoyz like LG, you can tell he drank their Kool-Aid a long time ago. Peace and Out, trp > You are absolutly right about AVG..... I was thinking of another program > from Trendmicro. So far I have booted to safemode and run scanners of many [quoted text clipped - 106 lines] > > >>>>> scanners and spy ware scanners do not detect anything. what can I do to > > >>>>> repair IE7 in Vista ? And one more thing . . . After a third attempt at an AVG Anti-Spy scan it found Downloader.Alphabet.k imbedded within System32/syswin6000.exe, it's one of the CG variants out there. After removal to the Recycle Bin it replicated itself inside the Bin, and once emptied imbedded itself in one of the System Volume Info/restore folders. After removing this file, and after another clean scan by Anti-Spy, both IE7 and Firefox and the search tools were still redirecting to Russian Google Adservers, as they had before. Tonight I simply wiped the partition and re-installed Vista, no problems so far. At this point I won't run Vista for a primary partition (and not just because of this incident but for a number of reasons, which boil down to the point that in my opinion Vista is still an inferior OS compared to either XP or Linux) until the first service pack is released, about Thanksgiving or Christmas I imagine. So my advice is to simply wipe and re-install, and hope for the best. PS: Go get a beta verison of Outpost Firewall for Vista; my own next step will be to get this and see how well it works. Peace and Out, trp > Daarrheel, you should know I have the EXACT SAME PROBLEM with Vista Ultimate. > Don't know how it happened, and nothing I do works. Tried Hijack This, AVG [quoted text clipped - 138 lines] > > > >>>>> scanners and spy ware scanners do not detect anything. what can I do to > > > >>>>> repair IE7 in Vista ? > And one more thing . . . > [quoted text clipped - 161 lines] > > > > >>>>> scanners and spy ware scanners do not detect anything. what can I do to > > > > >>>>> repair IE7 in Vista ? Hey all I used the SuperAntiSpyware professional and it cleaned my system up for me. I was having the same problem with all kind of stuff popping up and playing things off the internet. Anyway I went to the web site that has SuperAntiSpyware and got the prfessional series for free and it found 298 different things on my computer. I have McAfee system suite and had run it several times over the last week trying to get it cleaned up and it always found around 19 things and the next day they were back again. So that is what I found out. Good Luck. I am running Vista Home Premium on my computer. http://www.elephantboycomputers.com/page2.html#Removing_Malware  SignaturePeter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. > Hello my IE7 is popping up on its own and launching web pages, also when I > Launch Firefox it launches IE. I know it can be uninstalled, also my virus > scanners and spy ware scanners do not detect anything. what can I do to > repair IE7 in Vista ? Run a /thorough/ check for hijackware, including posting your hijackthis log to an appropriate forum. Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/page2.html#Removing_Malware When all else fails, HijackThis v1.99.1 (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to http://forums.spybot.info/forumdisplay.php?f=22, http://castlecops.com/forum67.html, http://forums.subratam.org/index.php?showforum=7, http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert analysis, not here.** If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop. PS: Replace AVG Anti-Virus! Signature~Robear Dyer (PA Bear) MS MVP-Windows (IE, OE, Security, Shell/User) AumHa VSOP & Admin; DTS-L.org > Hello my IE7 is popping up on its own and launching web pages, also when I > Launch Firefox it launches IE. I know it can be uninstalled, also my virus > scanners and spy ware scanners do not detect anything. what can I do to > repair IE7 in Vista ? > Hello my IE7 is popping up on its own and launching web pages, also when I > Launch Firefox it launches IE. I know it can be uninstalled, also my virus > scanners and spy ware scanners do not detect anything. what can I do to > repair IE7 in Vista ?Here is the Hijack this log file: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 4:48:34 PM, on 7/3/2007 Platform: Windows Vista (WinNT 6.00.1904) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Windows\System32\kmw_run.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe C:\Windows\system32\WerCon.exe C:\Users\Jeff\Desktop\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {066A2CDC-319E-4460-BA45-C24562CD51AA} - C:\Windows\system32\byxxyyx.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\Windows\system32\julgwajh.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {CDB132BC-3892-4476-8797-C515A5A4C114} - C:\Users\Jeff\AppData\Local\Temp\ddayy.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\Windows\system32\oryhstka.dll",forkonce O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Jeff\AppData\Local\Temp\ddayy.dll,CreateProtectProc O4 - HKCU\..\Run: [icq.com] rundll32.exe "C:\Windows\system32\oryhstka.dll",forkonce O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.27.6/ttinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.2.cab O20 - Winlogon Notify: byxxyyx - byxxyyx.dll (file missing) O20 - Winlogon Notify: ddayy - C:\Users\Jeff\AppData\Local\Temp\ddayy.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DomainService - Unknown owner - C:\Windows\system32\dmrwikug.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (file missing) O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock.Net, Inc - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6554 bytes HiJack This logs are not analyzed in this newsgroup. --- Leonard Grey Errare humanum est >> Hello my IE7 is popping up on its own and launching web pages, also when I >> Launch Firefox it launches IE. I know it can be uninstalled, also my virus [quoted text clipped - 130 lines] > -- > End of file - 6554 bytes Repost: When all else fails, HijackThis v1.99.1 (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to http://forums.spybot.info/forumdisplay.php?f=22, http://castlecops.com/forum67.html, http://forums.subratam.org/index.php?showforum=7, http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert analysis, not here.** Signature~PA Bear >> Hello my IE7 is popping up on its own and launching web pages, also when >> I >> Launch Firefox it launches IE. I know it can be uninstalled, also my >> virus >> scanners and spy ware scanners do not detect anything. what can I do to >> repair IE7 in Vista ?Here is the Hijack this log file: <snip> |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.