Computer hijacked-homepage changing-favorites added

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by lapaulin323, Apr 16, 2006.

  1. lapaulin323

    lapaulin323 Private E-2

    OK. My hompepage changes on it's own to some Gopher search site, a whole bunch of sites are added to my favorite places and now, random porn web pages keep opening on my computer for no reason. I have run Norton, TrojanHunter, Spyware Doctor, Ad-aware, Spy-bot, & Hijack This. I have a Gateway Intel Pentium 4 laptop, with Microsoft Windows XP Home Edition 2002. It has 1.60 GHz, 256 mb RAM. I use Internet Explorer as my browser, Verizon DSL and a wireless chip to connect to the internet. I'm not sure if this is all the information you need but I certainly hope so. This is my Hijack This log:

    EDIT: inline log removed and attached

    Please help me. I am sure that some of these need to be deleted but I don't know which ones and I am eager to rid my computer of this annoying hijack.

    Thanks to anyone who helps me,

    Laura
     

    Attached Files:

    Last edited by a moderator: Apr 16, 2006
    lapaulin323, Apr 16, 2006
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi and welcome, please run through our first steps guide as these remove and list whats the root cause of your problem,


    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis


    When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
    • Bitdefender
    • Panda Scan
    • HijackThis
     
    DavidGP, Apr 16, 2006
    #2
  3. lapaulin323

    lapaulin323 Private E-2

    Computer Hijacked-Ready to Scream

    I really hope someone can help me. I did everything on the Read & Run Me First Sticky and my homepage is still changing, favorites are added to my list when the computer isn't even on and porn websites keep just appearing on my screen. I am about ready to throw the computer out a window. I am attaching the bitdefender log and the hijackthis log. I couldn't get to the log for Panda. For some reason I could only see half of the screen for that one. I did run a scan though, it came up with a few things, only I couldn't get a log.

    If anyone can help me I will be so grateful!
     

    Attached Files:

    lapaulin323, Apr 30, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Computer Hijacked-Ready to Scream

    Please do not post multiple threads for the same problems. You already had a thread strarted where Halo fiirst gave you instructions. I'm merging you back to that thread.

    I don't think so because that is impossible! ;)

    Please install HijackThis where step 7 of the READ ME requests. You have it installed exactly where step 7 indicates not to install it.

    Are your copies of SpywareDoctor and CounterSpy paid versions of free trials? Did you have problems trying to install Windows Defender?

    Are the below your expected search pages?
    1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
     
    Last edited: Apr 30, 2006
    chaslang, Apr 30, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Computer Hijacked-Ready to Scream

    Make sure viewing of hidden files is enabled (per the tutorial).
    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {313338EB-523F-B660-072D-D236280015BE} - C:\Program Files\inscdm\lqwyqrncrk.dll (file missing)
    O2 - BHO: ohb - {E8888041-B24A-4B0B-911B-12B018E43F21} - C:\WINDOWS\system32\rlmtcs.dll

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete    :
    C:\Program Files\inscdm <--- the whole folder if found
    C:\WINDOWS\system32\rlmtcs.dll

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
    Now run Ccleaner (installed while running the READ ME FIRST)    .

    Now we need to Reset Web Settings:
    1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
    Now reboot in normal mode and post a new HJT log.

    Make sure you tell me how things are working now.

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, Apr 30, 2006
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds