browser still hijacked

  covers 13:33 04 Jul 2004
Locked

Sorru to repeat aposting but got no reply to the last.
Now also tried all those progs that Fruit Bat kindly mentioned. None worked. Noticed that spybot 'got stuck' on 'adGoblin'. Searched in registry - lo & behold there it was along with others. removed manually. Then found by accident in 'add/remove' (in control panel)2 programs 'Search Extender' & 'Shopping Wizard' that wouldn't delete and pointed to 'looking-for.cc/uninstall/SearchExtender(ShoppingWizard).htm' 404 page. Found 'looking-for' in registry. Manually deleted. Why didn't any spyware detect any of this? Has it gone? No it hasn't! help!!

  rawprawn 13:48 04 Jul 2004

Turn off System Restore, Reboot in safe mode, and delete it again

  rawprawn 13:51 04 Jul 2004

Check msconfig first and untick it if it's in there. (By the way I meant delete it in add or remove programs in my first post.) Thats if it's still there,

  VoG II 14:18 04 Jul 2004

Please post a HJT log click here

  BackSlash 22:24 04 Jul 2004

Argh!!! I've got the same thing! The trouble is, I wasn't there when the virus started, and when the AVG window popped up prompting to run AVG scan, my mum just closed it!!

Now my IE has been hi-jacked, and everytime i delete viruses with AVG, and delete spyware with AdAware, they reappear after using IE.

What can i do?

Here is my HJT log :

  BackSlash 22:25 04 Jul 2004

Logfile of HijackThis v1.97.7
Scan saved at 22:15:15, on 04/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: <nobr><a class="iAs" style="border-bottom:darkgreen 1px solid;text-decoration:underline;color:darkgreen;background-color:transparent;" href="#" onclick="return kwC();" target="_blank" oncontextmenu="return false;" onmouseover="kwE(event,22563);" onmouseout="kwL(event);" onmousemove="kwM(22563);">Internet</a></nobr> Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Drivers\SAP\FD.exe
C:\WINDOWS\System32\HotFixQ0306270.exe
C:\Program Files\Sony\FingerprintMV\FPManager.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\FG\FG.exe

  BackSlash 22:26 04 Jul 2004

Logfile of HijackThis v1.97.7
Scan saved at 22:15:15, on 04/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: <nobr><a class="iAs" style="border-bottom:darkgreen 1px solid;text-decoration:underline;color:darkgreen;background-color:transparent;" href="#" onclick="return kwC();" target="_blank" oncontextmenu="return false;" onmouseover="kwE(event,22563);" onmouseout="kwL(event);" onmousemove="kwM(22563);">Internet</a></nobr> Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Drivers\SAP\FD.exe
C:\WINDOWS\System32\HotFixQ0306270.exe
C:\Program Files\Sony\FingerprintMV\FPManager.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\FG\FG.exe

  Nellie2 08:05 05 Jul 2004

I suggest you both turn off system restore, do an online virus scan click here and if you are still having problems then post a hijack log here but you will find you will probably need to post it in two parts :(

  SirGalahad2004 10:02 05 Jul 2004

had same rpoblem yesterday . after failing in all attempts to clear virus . decided to reformat ..

  MrGeesBigCircus 10:21 05 Jul 2004

I had this for the past week, and finally just got rid of it. The damn thing finally stopped my internet connection, so had to borrow a friends to download required software. No messy manual regediting, just used these programs:

Antivirus software
Ad-Aware 6
HijackThis!
CoolWebShredder
AboutBuster

1. Run a full sweep with your antivirus software (I used AVG) and get rid of everything it finds.

2. Configure Ad-Aware to scan absolutely every nook and cranny of your system. If you aren't sure I'd just turn every scanning option on in the advanced settings. Perform a scan and again clear everything it finds.

3. Run HijackThis! and delete anything that looks malicious. There should be a number of items on the list starting R0, R1, R2 etc. Fix all of these and any other item that doesn't look like it should be there. *BE SURE TO MAKE A BACKUP JUST IN CASE!*

4. Run CoolWebShredder, making sure you close all Explorer windows before you do a scan.

5. Finally run AboutBuster to tidy up any malicious .dll's, .exe's and registry entries.

Restart your system without opening Explorer, and you should now be okay. I'd run a virus scan again just to make sure.

I'm no technical whiz so I apologise if anyone thinks any information is not accurate, so please feel free to correct me.

  MrGeesBigCircus 10:26 05 Jul 2004

Forgot to mention - to remove "Home Search Assistant" and its friends, us UninstallPro and force-remove them after doing the above.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

Indie publisher Canongate’s top 10 book covers of 2017

New iMac Pro release date, UK price & specs rumours

Tablettes Amazon Fire : quel modèle choisir ?