IE Taken over

  ened 14:26 16 May 2006

My Father, who I am going to visit tomorrow, has a situation where whenever he opens Internet Explorer the screen is taken over by some kind of warning that his machine is infected (I am giving all the information he provided but have not seen it for myself).

When he clicks to close it ,it then tries to make him buy something (presumably aimed at getting rid of the 'infection') and will not allow him to continue.

He has run Spybot, Adaware and AVG as well as some others which he could not recall. They all show a clean bill of health.

There is no Restore point available.

He has tried Searching the machine but says this comes up blank as well.

Any help on this before tonight would be a big help as I am off to see him at the crack of dawn and would like to be able to rescue him.

  johndrew 14:57 16 May 2006

Sounds a bit like a hijacker from your description so...

I would advise HijackThis (usually on the PCA cover disk) and you can get help automatically click here by pasting the logfile output or click here, its in English and German, or click here.

I have never used Ewido but seen it recommended on this forum click here.

Or you could download the Trend Micro cleanup engine click here and the latest pattern file click here and use this; I find it good if long winded.

I would also suggest you ensure your father has a firewall (MS SP2 or Kerio click here or Zone Alarm on the PCA disk) and either MS AntiSpyware or its replacement Defender.

You could also download A2 Free click here and run this.

Hope this helps, best of luck.

  ened 15:00 16 May 2006

Hi johndrew

I very much doubt he has tried HijackThis and am mailing the link to him.

Incidentally it has infected Firefox as well now. Earlier he was using it and it was okay.

  ened 17:19 16 May 2006

Something's come up and it is looking as though I can't get over there myself.

I have never used HiJack This. Will he find it easy to use and are there any pitfalls?

  johndrew 19:44 16 May 2006

He may be better to submit the output to a human rather than the automatic system if he feels a bit wary. I have used the auto system with no problems but I have seen reports on the forums of people having difficulties where HJT fails to identify a program correctly and recommends removal unnecessarily. Having said that, if the system gets clean he can always repair the odd program.

Perhaps he should try one of the free scans such as Ewido. These seem to be good and safe for anyone; I was very green when I used one ( I can`t remember which it was) and it helped me.

If he has MS AntiSpyware/Defender, That is very good and cleans a lot of nasties safely.

When you say he has run AdAware, Spybot and AVG, presumably they are up to date? What version of Firefox has he? There was an update recently to patch a weakness.

  johndrew 19:56 16 May 2006

Also this is good click here Just found the link in my Bookmarks!!

  ened 16:44 17 May 2006

Well I have been over there and tried almost everything which has been suggested here.

It is a web page which has set itself as the Home page and nothing I tried would remove it for good.

In actual fact after the initial page it disappears and does not appear to affect the running of his machine.

So he is going to bear with it until I can get back to re-install XP and format the drive.

I don't like to admit defeat but I didn't have all afternoon and needed to be getting back.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

What to do if you're affected by the Intel Foreshadow flaw

This new tool dramatically improves workflow between designers and developers

iMac at 20: 10 iMac facts and history in pictures

Les meilleurs VPN gratuits (2018)