IE Homepage hijacked/popups even in firefox

I take it you have already tried to change you home page back to one of your choosing?


steps by Chaslang

but as you use both browsers do all steps.


then if you still have the problem, follow the guide below;

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis


When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis

.

 

as I have just noticed our resident Malware expert asking for this log in another similar Hijack as yours with perfectedsecurity.com I would also now suggest running this as well as the others, or as much as you can, do remember to tell us which procedures couldnt be run and for what reason.

run a SpywareQuake removal procedure and attach the log here.

Run this --->>> SpywareQuake Removal Procedure

 

You must save the fixquake.reg file to the Desktop of the same user account that you are going to boot in safe mode to or you will not see the file. An alternative is to just save it to c:\fixquake.reg where you can find it later by running Windows Explore from any account. It does not matter whether you find SpywareQuake in Add/Remove programs! Just complete all steps and attach the smitfiles.txt log when finished.

Either way complete ALL the steps Halo gave to you in message # 2.

 

You did not attach the smitfiles.txt log and you need to complete all the steps that Halo gave you and attach the requested logs. No you did not run Panda! Try again but run Bitdefender first and save the log as requested.

We cannot help you if you cannot follow our directions. We have not gotten to the point of fixing your issue with sstasmon.dll because you have not done what we have asked yet.

 

Why didn't you let CounterSpy fix everything it found? It appears that you told it to ignore everything and it found a load of baddies.

Many of your problems you got from running all the P2P programs you installed and are downloading with. Like Limewire, Kazaa, eDonkey!

HijackThis.exe should only be running one time! You had it running twice and you forgot to exit browsers before running it.

Let's get an installed programs list from HijackThis too!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

Do you use that eBay Toolbar? It appears to be broken.

 

Goto Add/Remove programs and uninstall the below? The Best Offers one will probably try to connect to their website. Allow it, but I doubt it will work. We may need to remove it later with other steps.
eBay Toolbar
The Best Offers

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. it to your Desktop. We will use it later after a reboot into safe mode.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hp52ED.tmp (file missing)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (file missing)
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\PROGRAM FILES\TBONBin <-- the whole folder
C:\PROGRAM FILES\RXToolBar <-- the whole folder
c:\program files\need2find <-- the whole folder
c:\program files\WebSearch Toolbar <-- the whole folder
c:\program files\eDonkey2000 <-- the whole folder
c:\program files\Kazaa <-- the whole folder
C:\WINDOWS\SYSTEM32\interf.tlb
C:\WINDOWS\SYSTEM32\MYDLL.dll
C:\WINDOWS\NDNuninstall6_98.exe
C:\WINDOWS\NDNuninstall7_14.exe
C:\WINDOWS\NDNuninstall7_22.exe
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

If you installed the CounterSpy Trial program from Majorgeeks, just uninstall it now.

You should not be trying to run msconfig to control startups anyway. See step 7 of the READ ME and make sure that you have used msconfig to set Normal Startup.

I have updated the SpywareQuake procedure with a new registry patch and another file to delete. Please re-run SpywareQuake Removal Procedure

Do you want FireFox to be your default browser?

 

Please run the below tool which runs very quickly and attach the runkeys.txt log.

Using GetRunKey

 

Is the security alert you are getting now the one from the Windows OS?

 

Well you need to reinstall a real firewall ASAP because the one in Windows is not very good. Try ZoneAlarmFree.

You may have to uinstall AVG, reboot and reinstall. Make sure you have the latest version already downloaded before uninstalling. Get it here: AVG Free Edition

 

What????

 

Do you still have the below stuff from Symantec installed? If so, uninstall it.

O23 - Service: Deepsight Extractor (DeepsightExtractor) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
O23 - Service: DeepSight Extractor Service for NPF03 (ExtractorServiceNPF03) - Unknown owner - C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF03.exe
O23 - Service: DeepSight Extractor Service for NPF04 (ExtractorServiceNPF04) - Unknown owner - C:\Program Files\Symantec\DeepSight

Attach a new HJT log and let's get an installed programs list from HijackThis too!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

Another option for the Windows Security popup is to simply tell Security Center you will mange it yourself. There is normally an option box to check for this.

 

Did you at any point in time have more than one anitvirus application installed at the same time?

What version of AVG do you have installed? Also give the below link a read and let me know if any of the info in it applies and helps:

http://forum.grisoft.cz/freeforum/read.php?7,22553,23070

 

Did you have ZoneLabs antivirus or just the firewall. It is multiple antiviruses that I'm concerned with not a firewall and an AV.

Yes I know that but I want to know the version number!

That was what I was suiggesting in my previous message.

Yes! That is in step 0 of the READ & RUN ME.

 

According to your HJT log all you have installed is ZoneAlarm firewall not ZoneAlarm with AV. The only antivirus I see is AVG.

I think you should just go to Windows Security Center and tell it you will monitor the Antivirus application yourself. Since you know you have one installed, there is something in Windows that is confused. Possible due to having a variety of antivirus applications installed and uninstalled at different points in time.

 

Okay! If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

You're welcome. Surf safely!

 

Okay.....just don't swim with the sharks unless you are in the cage (which is the How to protect thread guidelines).