Homepage Hijack, difficulty w/ hijack this

I'm suffering with a "Homepage Hijack" I have run Ad aware, Spybot S&D, Clean my PC, I have Norton also running......... I downloaded hijack this and have had difficulity with opening it so I can run it and see if it destroys this pest.......... but........ My PC always freezes up when trying to unzip the file??????? I'm not a waay saavy computer user, I would really appreciate any help?? If there is a way for anybody to contact me, I could sure use the help from one of you all knowing computer guru's.......

If you're in So. range Co., Ca....... I'll pay to have this problem fixed, I'm out of patience...... it's been a week now!@!....... The varmint that has ahold of me is this http://213.159.117.132/redir.php don't go there.... once it gets ahold of you........ it doesn't let go.........
If anybody has had this and has successfully deleted it, please let me know how you did it??
Being ever so humble.......... John M.

 

Perhaps your version of HijackThis is corrupt. Try downloading it again.

 

Thanks very much Radiofool......... The download worked..unzipped....... and a log of what Hijack This found.... Now I need to find somebody to say which should be deleted......
Also... I ran CWshredder... with success........CWS found the problem as far as I can tell...... the hijacker has not re-established itself as my default page.... and it has been past it's normal time of a minute or less...... I wish I found this site last weekend!!!
This is Great, many thanks to you......
John M.

 

Go ahead and post the log here and we'll take a look at it.

 

Your link takes you to Cool Web Search you need to run CWShreder which you can get here: http://www.majorgeeks.com/download4086.html

 

I saved my hijackthis log and i don't know which ones to delete. I have a pretty good idea from all I've read, but I am so afraid of deleting a needed file. I'd really appreciate the help!!!

 

So sorry. This forum works a bit different from the others in which I have been involved. I'll seek help elsewhere. Again, I apologize for posting to the wrong thread.
Thanks,
Kerri

 

Re: problem solved:Homepage Hijack

Hey all, i recently had this problem also and after 3 days of searching, i finally found out how to solve it, well, one way that is. i tired everything from ad aware to spybot to virus scans to hijack this, non of which had any positive results. i tried deleting the hijacked startpage, searchpage, in registry but upon opening internet explorer, the values were reset and my homepage yet again returned to being hijacked. heres how i found to solve it.

try this as a last resort, deleting unknown .dll files may cause your computer to mess up. i found the help for this scattered out in a forum on another place , had to dig around for a bit but i thought id post it here to help some of you all out in my own words. read this first and see what happens then before you do anything visit http://forums.whatpc.co.uk/thread.jsp?forum=11&thread=46813&message=286093
to make sure you arent doing things wrong, hope it helps

step one:
got to start, run, and type in regedit. next go to the menu bar and click on edit, then click find and type startpage. if you have anything like what i had it should be something like res:\%43%43.. a whole bunh of that stuff, any ways right click it and select modify, then copy the selected text (all the res: percent stuff)

step 2:
go to this site http://www.simplelogic.com/Developer/URLDecode.asp and paste what you have just selected and select the clean data button. now at the top of the window you will see your results decoded, this is the .dll file that is hiding on your computer changing your homepage and giveg you hell. once you locate the .dll file in your c:\windows\system 32 folder, you must delete the bad .dll file. it probably wont work so reboot into safe mode (restart and press f8 while booting) and try to delete it in there. If that doesnt work get this file, http://downloads.subratam.org/DllCompare.exe , it makes it so that you can delete the protected file by adding a right click option and will delete the file on the next reboot. (to use, find the file you want to delete, and right click on it then youll see what to do.)

step 3:
i dont know if this was needed but after deleting the bad .dll file, i went back into regedit and deleted the startpage, searchpage, and the about:blank one, just to be on the safe side. when i rebooted, i fired up internet explorer and low and behold problem solved. so i hope this fixes your problems.

 

Re: Homepage Hijack, MILITARY TAKEOVER!

Hello Veritas. Yesterday I read your post and found it helpful in dealing with the same problem you had. Initially I was impressed with the http://www.military.com site, which is associated with moster.com, enough to make it my home page for Internet Explorer. However, when I scanned my pc with Microsoft Antispyware, it pointed to the site as a potential threat. NO MATTER WHAT I DID, including every procedure laid out in this forum given by Major Attitude, to reset to my default home page, military.com took over on startup. When in my anger I blocked the site because of the violation, my entire internet connection was messed up. I was forced to unblock the site to bring things back to normal. The only problem now is me being obligated to military.com without free will is not right. I visited the web site daily and would have been perfectly fine book-marking the site as one of my favorites. NOT ANYMORE!!!

My Windows XP SP2 will not allow me to paste data values from the registry to simplelogic.com. I right click and click modify which opens the edit binary value box. It will allow me to select the value and copy but when I right click to paste it, the option is not given. Is there any other way to identify that WICKED, CONTROLLING, blankidy blank blank military .dll?

 

Hijackers are annoying, eh?

Keep in mind that most peoples HJT logs, when clean, arent more than half a page long usually. If yours is longer than that then it's probably loaded. There is a good analyzer at http://www.hijackthis.de/en . You can post your log there and it'll tell you what to erase.

There's also a generic guide on ........

Edit by chaslang: Links removed. We already have guides on Majorgeeks you do not need to go someplace else. Please familiarize yourself with our sticky threads.