firefox hijacked by fire search

Welcome to Major Geeks!

Please remove C:\Documents and Settings\Janet\Desktop\MGtools.exe from your Desktop. This is not where we asked you to put it.

Are you sure that in FireFox that your Home Page is set to what you actually want? Take a look and see. Click on Tools > Options > Main tab

Accoring to your logs, you do not have a Home Page even setup for IE so it will just goto the default.

Is the below folder something you created?

Code:

"C:\Documents and Settings\All Users\Application Data\"
README~1      23 Feb 2008              "Readme Live Axis Tons"

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java(TM) 6 Update 3

Now we need to use ComboFix delete a file and collect some info on others.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

File::
C:\WINDOWS\system32\SystemV.dll

DirLook::
C:\Documents and Settings\All Users\Application Data\Readme Live Axis Tons
FileLook::
C:\WINDOWS\system32\CNQ4805C.DLL
C:\WINDOWS\system32\CNQ4805L.DLL
C:\WINDOWS\system32\CNQ4805O.DLL
C:\WINDOWS\system32\CNQ4805I.DLL

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Then I suggest that you delete the below folder since it is empty anyway:

C:\Documents and Settings\All Users\Application Data\Readme Live Axis Tons

You may want to try uninstalling it, then reboot (do not skip the reboot), and then reinstall. And see it there is any change in the behavior.


Your logs are clean.

If you are not having any other malware problems, it is time to do our final steps:

2. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN
   • Now type combofix /u in the runbox and click OK.
   • Note: The space between the X and the /U, it must be there.
3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
6. If you are running Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
7. After doing the above, you should work thru the below link:

 

You're welcome. Surf safely!