Links to Yahoo Mail? WTF!!!!!!!!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by schneider, Aug 24, 2005.

  1. schneider

    schneider Private E-2

    Every link I click opens up a window for Yahoo Mail? Any suggestions?
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

  3. schneider

    schneider Private E-2

    Nope, kinda strange cuz other links in this forum take me to Ymail as well as links on outside websites. But, again, your link did NOT take me to YMail.
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay run the steps in that link and the also do the below:

    Download HOSTER and then follow the below steps.
    • Unzip Hoster to a convenient folder such as C:\Hoster
    • Run Hoster.exe, click Restore Original Hosts and then click OK.
    • Click the X to exit the program
     
  5. schneider

    schneider Private E-2

    whewwwwwwwwww, ok, i've done all this. Clicking links still take me to Yahoo Mail.

    wait, I should tell ya that during the first procedure I rebooted in safe mode and ran Bitdefender, but I couldn't access the web again to run stinger or RAV (both recommended) so I had to reboot in Normal mode to run these two.
    then I proceded with the rest.
     
    Last edited: Aug 24, 2005
  6. schneider

    schneider Private E-2

    Here is the HiJackThis Log:
     

    Attached Files:

  7. schneider

    schneider Private E-2

    sorry, I know you instructed that. I thought I did that. I'm a novice. Could you plz clarify "extraction" (don't kill me, this is new)? I double click the exe file and it opens Winzip. What next?
     
  8. schneider

    schneider Private E-2

    ok wait, cancel that.........

    I've done that.

    Can I just drag the exe file over to the newly created HJT folder? Or do I just have NO clue what I'm talking about?
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No it is not in the ZIP file. It is just fine as it is.

    HijackThis.zip is a file.
    C:\Program Files\HiJack\hijackthis is a folder. It is just unnecessary to have it in a second subfolder but it is okay.
     
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I don't see any real problems in your HJT log to indicate why links would all be directed to Yahoo Mail. But let's do the below:

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).


    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)


    Personally I do not believe in putting anything in the Trusted Zone unless it is absolutely necessary (normally it is not). And then it must be something you cannot live without. So the below two are up to you.
    O15 - Trusted Zone: *.ameritrade.com
    O15 - Trusted Zone: *.ameritrade.streamer.com

    Now we need to Reset Web Settings:
    1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
  11. schneider

    schneider Private E-2

    1/2 way there. I ran HijackThis and fixed the selections (after closing ALL browsers). But trying to Reset Web Settings, I right click the IE icon, select Properties, but there is no "programs" tab.

    I've got Win2k if it matters.

    wait, if I skip the rght clicking of the IE icon and do step 3 (the control panel Inet options) then I have the programs tab. I'll do that and let U know how it works.
     
    Last edited: Aug 24, 2005
  12. schneider

    schneider Private E-2

    hey guys, before I go any further, let me just say THANKS for the Help!!!!!! U don't have to do it, and it is much appreciated.

    OK, I followed all the steps and it looks like it is working (yeahhhhhhhhh), I tried one link and it worked.

    Here is the HiJackThis Log:
     

    Attached Files:

  13. schneider

    schneider Private E-2

    ok, sounds good! Looks like this problem is fixed and the thread is over. Thanks again.

    now onto those dang DSO exploit that won't go away......argh!!!!
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you have all of your Windows Updates, the DSO Exploit items are more than likely not a problem.

    Either fix them using Spybot 1.4 or do it manually with regedit if Spybot does not fix them.

    Other than that you should now check out the below thread to help keep your system clean. The first step in the below thread will take you to Windows Update to be sure you have all updates:

    How to Protect yourself from malware!
     
  15. schneider

    schneider Private E-2

    Looks like I'm doing all the necessary steps (via the link), except I don't run FireFox and I haven't changed step 6 "adjust Active X settings."

    I don't see the DSO's listed in the Registry. I find one that is close, change the value to 3 but the DSO still shows up with Spybot.

    Let's talk a moment about the Msoft Updates. I wasn't that good with updates, then a few months ago I started checking more often (1-2 x a month). but my last update has given me trouble. I've tried a few more times since then and again now, same thing.
    1. I chech for updates 2. Msoft checks my system for needed updates. 3. I select the "express" button for updates 4. Msoft tells me I need to install the latest version on some components 5. then it says updates were unsucessful.

    it tells me it couldn't update some validation tool. Which, I believe, just chacks to see if my OS is "legit" or not. But, from what I understand, even if your OS is not "legit" Msoft still allows security updates.

    So, I don't know if I'm current with updates because I can't do anything else after I get the Update Failure notice. I think everything is current, but it won't let me do anything cuz it keeps trying to load this validation tool.

    Oh yeah, it also tells me to check my update history. I do and there is no record of the failed attempts.

    Below is the text from Msoft update:

    "Software Upgrade for Some Windows Components Required

    To use Microsoft Update, you must first install the latest version of some Windows components. This will allow your computer to work with these new features on the site:


    More updates: Get updates for Windows and for popular Microsoft programs such as Microsoft Office in one place.
    Faster updates: The latest Microsoft Systems Installer (MSI) improves the way updates are installed, delivering updates in the smallest possible packages in the shortest amount of time.
    Easier navigation: Now you can find updates by priority or by product while helpful links and important messages help ensure you are installing all high-priority updates for your computer.

    Details

    Windows Genuine Advantage Validation Tool (KB892130)
    0 KB , 0 minutes (Downloaded; ready to install)
    The Windows Genuine Advantage Validation Tool enables you to verify that your copy of Microsoft Windows is genuine. The tool validates your Windows installation by checking Windows Product Identification and Product Activation status. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed.


    Total: 0 KB , 0 minutes (Downloaded; ready to install)


    Download and Install Now

    Windows Genuine Advantage Validation Tool (KB892130)

    Failed Updates
    For help installing an update successfully, see the solution under each problem description.


    Problem: End User License Agreement (EULA) Not Accepted
    Solution: Check for updates again and wait while you install updates. You will be asked to accept the EULA before any updates with a EULA can be installed.

    Problem: Not Enough Disk Space
    Solution: To make more space available, run the Disk Cleanup tool or uninstall any programs that you don’t use. For directions, see Help and Support on your computer.

    Problem: Automatic Updates is currently installing updates
    Solution: Please wait until Automatic Updates is complete and then check your update history. At that time, if the update has failed to install, you can try installing it from the website.
    Note: To view Automatic Updates progress, click the updating icon in your System Tray.

    Problem: Please check your update history for a description.

    Windows Genuine Advantage Validation Tool (KB892130) "
     
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Is your copy of Windows legit? If not, get a valid license. But I do not believe they are that fussy with Windows 2000 copies.

    Problems with using Windows update should be discussed in the Software Forum. You could also try enabling automatic updates (sometimes works). Other things to try, disable firewall and antivirus applications and do updates (I don't like doing this but it does work sometimes). I have seen Norton stuff cause problems with Windows Updates. I know you are not using Norton but similar issues could occure.
     
    Last edited: Aug 24, 2005
  17. schneider

    schneider Private E-2

    cool, i'll look into that and get over to the software forum.

    Anything else on the DSO Exploits? I attached the Spybot log in this thread, if ya have time to take a look. I don't see either of these in the registry.

    http://forums.majorgeeks.com/showthread.php?t=70737
     
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If Spybot is reporting them, the registry keys must exist. Make sure you are looking for them properly and in the correct registry key path. But this discussion belongs in your other thread.
     
  19. schneider

    schneider Private E-2

    yep, sorry. this thread is over. The link to Yahoo mail problem was fixed. thanks again for the help.
     
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds