Help- malware redirecting to iewarning.com

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by corkeye, Nov 5, 2006.

  1. corkeye

    corkeye Private E-2

    Dear Majorgeeks, for the past 24 hours or so i keep getting redirected on my homepage to iewarning.com despite my homepage URL being google. And also i keep getting prompted to download all sorts off antivirus software. Please see scans attached (bit defender, Panda Active Scan, HijackThis)

    Please note, due to time constraints today, I have not had time to complete 6C "Next course of action", in the Read and Run me Porcedure so I did all other procedures listed and have uploaded the hijackthis report which I ran after doing everything else.

    Any help/feedback would be massively appreciated.

    Regards,

    Corkeye
     

    Attached Files:

    Last edited by a moderator: Nov 6, 2006
  2. corkeye

    corkeye Private E-2

    ....almost forgot, heres the runkey and showme bat files that I have run.

    corkeye
     

    Attached Files:

  3. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Please look in Add/Remove Programs for the following and uninstall them if found:

    VidCodecs

    SpywareBot

    Norton OR AVG

    You need to pick ONE and uninstall the other.

    Please make sure the Viewing of Hidden Files & Folders is enabled per the READ ME.

    Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:


    isamonitor.exe

    isamini.exe


    Now scan with HijackThis and check the boxes for the following entries:
    ( Make sure ALL browser windows are closed when you click FIX )

    O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\VidCodecs\isaddon.dll
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot

    Again, make sure ALL browser windows are closed when you click FIX.

    Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

    C:\Program Files\VidCodecs Delete this whole folder if it exist!

    C:\Program Files\SpywareBot Delete this whole folder if it exist!

    Next, run CCleaner to clean up cookies and temp files.

    After you complete the above, REBOOT and proceed with the rest of this fix...

    Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

    • Disable and Re-enable System Restore

    • Turn OFF System Restore to flush any bad Restore Points.

    • Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.
    After you complete the above reboot once more and then scan with HijackThis and attach the new log.

    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.
     
  4. corkeye

    corkeye Private E-2

    Once I'd rebooted after running CCcleaner the peformance had improved and it actually loaded up my homepage that i've set rather than iewarning.

    I uninstalled AVG, for the simple reason that I paid around £30 (60$) for Norton a few weeks ago and so I had to keep it really.

    I couldn't find the spywarebot file, but I deleted bit codecs.

    Things are running brilliantly now, thank you so much. Please find attached new log. And if I need to do anything more, please let me know. Thanks again, your help has been fantastic.
     

    Attached Files:

  5. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Have HJT fix the below entry and your log will be clean.

    After fixing this entry if everything is running ok with no problems then I recommend following this site How to Protect yourself from malware!.

     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds