Help Am I Hijacked 2

  critt 21:22 04 Mar 2008

Hi All,
I originaly posted this a week or so back and ticked the resolved box because I thought it was, It is not, the problems are back.
When I open IE7 or FF I get extra web pages opening themself.
After some advise on here I downloaded Superantispyware and A-squared, updated them,ran them in safe mode, all appeared to be ok.
Next time at the computer everything back, I've since turned off system restore re run as before re-booted and turned system restore back on but still problems a couple of the URL's are
www em pc on interet com
www celldorado com
I have googled these and the fixes seem complicated, any help advise appreciated.

  VoG II 21:44 04 Mar 2008

Run HJT click here then post your log on the Malware Removal forum click here

Be patient - they are always busy.

  STREETWORK 21:51 04 Mar 2008

Before running any anti-spyware, etc, turn off system restore first. The reason is because some things can reside within the files used by system restore and not get picked up during a scan...

  VoG II 21:53 04 Mar 2008

Nope - always better to have a SR point to restore to, even if infected.

  skidzy 21:59 04 Mar 2008

Best advice is to follow VoG™'s recommendation's.

However you could try this;

Download the SmitfraudFix click here

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows.

Warning : running option #2 on a non infected computer will remove your Desktop background.

If you have already posted a hjt log at MWR and you decide to run the SmitfraudFix...and you still have will need to post a new HJT log at MWR.

  critt 23:44 04 Mar 2008

I ran the Smitfraudfix first to see if it would cure the problem, I had seen this advised on some other sites so thought I would try it.
Unfortunately it did not cure the problem.
I have now posted on the Malware removal forum.
Thanks for the advise.

  Mac70 15:04 05 Mar 2008

What name are you using there?

  critt 16:39 05 Mar 2008

User name tracemate, easy for me to remember my only claim to fame, I invented it.

  critt 16:44 05 Mar 2008

Thread called.
Hijacked, Extra Web Pages Opening on Their Own.
First set of instructions already posted, will start when I get home.

  skidzy 18:11 05 Mar 2008
  Mac70 20:43 05 Mar 2008

km already got it. Youll soon be clean.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Fujitsu Lifebook P727 laptop review

Microsoft Paint set to die after 32 years

Mac power user tips and hidden tricks

Comment désactiver la saisie intuitive et paramétrer votre clavier ?