 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Internet Explorer / IE 5.x / August 2006Browser Hijackers on IE
Browser Hijackers on IE I have been infected with 'Browser Hijackers' that modify/corrupt the settings of Internet Explorer. Can somebody help me to repair this problem. I want to keep the Internet Explorer as my browser. Thanks in advance Oscar Wandel oscar_wandel@wanadoo.fr I know the location on my computer of this malware: here it is *** Installation Started 08/18/2006 12:26 *** Title: TSA Installation Source: C:\WINDOWS\TEMP\TSINSTALL_4_0_4_0_B4.EXE | 08-18-2006 | 12:26:32 | 1509364 Made Dir: C:\WINDOWS\uifr File Copy: C:\WINDOWS\uifr\wu | 07-26-2002 | 17:02:06 | | 153088 | 5be5019b File Copy: C:\WINDOWS\SYSTEM\tsuninst.exe | 11-02-2005 | 00:44:52 | 4.0.4.0 | 127574 | 18c1d951 RegDB Key: Software\uifr RegDB Val: C:\PROGRA~1\FICHIE~1\uifr RegDB Name: Path RegDB Root: 2 RegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\TSA RegDB Val: TSA RegDB Name: DisplayName RegDB Root: 2 RegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\TSA RegDB Val: C:\WINDOWS\SYSTEM\tsuninst.exe /u RegDB Name: UninstallString RegDB Root: 2 Made Dir: C:\Program Files\Fichiers communs\uifr File Copy: C:\Program Files\Fichiers communs\uifr\uifrm.exe | 11-03-2005 | 21:20:04 | 4.0.4.0 | 9216 | 78df4366 File Copy: C:\Program Files\Fichiers communs\uifr\uifrl.exe | 11-03-2005 | 21:19:22 | 4.0.4.0 | 16384 | d2fbf87e File Copy: C:\Program Files\Fichiers communs\uifr\uifra.exe | 11-03-2005 | 21:21:30 | 4.0.4.0 | 16896 | c8b4a248 File Copy: C:\Program Files\Fichiers communs\uifr\uifrp.exe | 11-03-2005 | 21:20:38 | 4.0.4.0 | 9216 | ecac4011 Made Dir: C:\Program Files\Fichiers communs\uifr\uifrd File Copy: C:\Program Files\Fichiers communs\uifr\uifrd\class-barrel | 04-19-2004 | 21:26:12 | | 4933375 | fa512af9 File Copy: C:\Program Files\Fichiers communs\uifr\uifrd\uifrc.dll | 02-18-2004 | 06:26:00 | | 46080 | 3c9bc69 File Copy: C:\Program Files\Fichiers communs\uifr\uifrd\vocabulary | 04-19-2004 | 21:26:12 | | 1234193 | 4d5f7b92 RegDB Key: Software\Microsoft\Windows\CurrentVersion\Run RegDB Val: C:\Program Files\Fichiers communs\uifr\uifrm.exe RegDB Name: uifr RegDB Root: 1 Delete in-use files: On RegDB Key: SOFTWARE\uifr\update RegDB Val: 4.0.4.0 RegDB Name: TSVersion RegDB Root: 2 RegDB Key: SOFTWARE\uifr RegDB Val: 174396902 RegDB Name: UID RegDB Root: 2 File Tree: C:\Program Files\Fichiers communs\uifr\uifrd\*.* File Tree: C:\Program Files\Fichiers communs\uifr\*.* File Tree: C:\WINDOWS\uifr\*.* RegDB Tree: SOFTWARE\uifr RegDB Root: 2 RegDB Tree: SOFTWARE\TSA RegDB Root: 2 RegDB Tree: SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TSA RegDB Root: 2 RegDB Tree: SOFTWARE\uifr RegDB Root: 1 *** Installation Started 08/18/2006 12:48 *** Title: TSA Installation Source: C:\WINDOWS\TEMP\TSUPDATE_4_0_4_1_B3.EXE | 08-18-2006 | 12:45:58 | 358404 Preserve Existing: Following file not copied. File Copy: C:\WINDOWS\uifr\wu File Overwrite: C:\WINDOWS\SYSTEM\tsuninst.exe | 07-21-2006 | 18:55:38 | 4.0.4.1 | 127578 | 2a055bb1 RegDB Key: Software\uifr RegDB Val: C:\PROGRA~1\FICHIE~1\UIFR RegDB Name: Path RegDB Root: 2 RegDB Old: C:\PROGRA~1\FICHIE~1\uifr RegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\TSA RegDB Val: TargetSaver RegDB Name: DisplayName RegDB Root: 2 RegDB Old: TSA RegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\TSA RegDB Val: C:\WINDOWS\SYSTEM\tsuninst.exe /u RegDB Name: UninstallString RegDB Root: 2 RegDB Old: C:\WINDOWS\SYSTEM\tsuninst.exe /u File Overwrite: C:\Program Files\Fichiers communs\uifr\uifrm.exe | 07-19-2006 | 14:56:46 | 4.0.4.1 | 9216 | c325cc93 File Overwrite: C:\Program Files\Fichiers communs\uifr\uifrl.exe | 07-19-2006 | 15:05:36 | 4.0.4.1 | 16384 | 8c42560c File Overwrite: C:\Program Files\Fichiers communs\uifr\uifra.exe | 07-19-2006 | 15:01:24 | 4.0.4.1 | 17408 | 698c8964 File Overwrite: C:\Program Files\Fichiers communs\uifr\uifrp.exe | 07-19-2006 | 15:16:36 | 4.0.4.1 | 9216 | 1d8dddf8 RegDB Key: Software\Microsoft\Windows\CurrentVersion\Run RegDB Val: C:\Program Files\Fichiers communs\uifr\uifrm.exe RegDB Name: uifr RegDB Root: 1 RegDB Old: C:\PROGRAM FILES\FICHIERS COMMUNS\UIFR\UIFRM.EXE Delete in-use files: On RegDB Key: SOFTWARE\uifr\update RegDB Val: 4.0.4.1 RegDB Name: TSVersion RegDB Root: 2 RegDB Old: 4.0.4.0 RegDB Key: SOFTWARE\uifr RegDB Val: 174396902 RegDB Name: UID RegDB Type: 3 RegDB Root: 2 RegDB Old: 174396902 File Tree: C:\Program Files\Fichiers communs\uifr\uifrd\*.* File Tree: C:\Program Files\Fichiers communs\uifr\*.* File Tree: C:\WINDOWS\uifr\*.* RegDB Tree: SOFTWARE\uifr RegDB Root: 2 RegDB Tree: SOFTWARE\TSA RegDB Root: 2 RegDB Tree: SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TSA RegDB Root: 2 RegDB Tree: SOFTWARE\uifr RegDB Root: 1 > Browser Hijackers on IE > [quoted text clipped - 3 lines] > Can somebody help me to repair this problem. I want to keep the Internet > Explorer as my browser. So How Did I Get Infected Anyway? http://www.wilderssecurity.com/showthread.php?t=27971 Help with Hijackware All MS - MVP Sites. http://aumha.org/a/parasite.htm (http://aumha.org/a/quickfix.htm) http://www.elephantboycomputers.com/page2.html#Removing_Malware (http://mvps.org/winhelp2002/unwanted.htm) (http://inetexplorer.mvps.org/darnit.html) (http://www.mvps.org/sramesh2k/Malware_Defence.htm) Unexplained computer behavior may be caused by deceptive software. http://support.microsoft.com/kb/827315  SignatureFrank Saunders, MS-MVP OE/WM http://www.fjsmjs.com Please reply in newsgroup. Do NOT send email. By the log you posted, it would appear that you've gotten infected by a version of an adware called "Target Saver". See the removal instructions here: http://www.symantec.com/security_response/writeup.jsp?docid=2004-121515-0757-99 But with all the file name variations that an adware program can mutate with, manual removal instructions are hard to keep up-to-date and relevant to a particular infection. Use Ad-Aware, Windows Defender and/or Spybot Search & Destroy to remove it. Windows Defender (beta) http://www.microsoft.com/athome/security/spyware/software/default.mspx Ad-Aware: http://www.lavasoftusa.com/ Spybot: http://www.safer-networking.org/en/index.html Good sites on how to install and use Spybot - http://www.safer-networking.org/en/tutorial/index.html http://tomcoyote.com/SPYBOT/index1.php Also download a winsock repair tool, to have just in case cleaning up anything found breaks it - Winsock repair tools: LSPFix- all versions of Windows http://www.cexx.org/lspfix.zip Winsock2 Fix- Win98, ME http://www.bu.edu/pcsc/internetaccess/winsock2fix.html LavaSoft- all versions of Windows- http://digital-solutions.co.uk/lavasoft/whndnfix.zip More information here: http://www.spywareinfo.com/ http://inetexplorer.mvps.org/tshoot.html http://spywarewarrior.com/sww-help.htm If all the above fails, then the problem could be something new that the spyware cleaners above don't have in their databases yet. In that case.... HijackThis direct download: http://www.spywareinfo.com/~merijn/files/hijackthis.zip Tutorial on how to use HijackThis: http://www.spywareinfo.com/~merijn/htlogtutorial.html Then post it's output log to the forum here for analysis and feedback by the parasite experts: http://forums.spywareinfo.com/ http://aumha.net/viewforum.php?f=30 Or one of the other HijackThis Logs forums listed here: http://www.spywareinfo.com/~merijn/forums.html An alternate resource for all of this and more: http://www.aumha.org/secure.htm SignatureJon R. Kennedy MS MVP/IE Charlotte, NC USA jkennedy2@carolina.rr.com > Browser Hijackers on IE > [quoted text clipped - 132 lines] > RegDB Tree: SOFTWARE\uifr > RegDB Root: 1 |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.