Browser hijacked to heretofind.com

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Xorcism, Aug 31, 2004.

  1. Xorcism

    Xorcism Private E-2

    I followed the directions in the sticky post but am still getting these lines in my Hijack This logs and when I check the boxes for them and "fix" them, they come right back:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=0&q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:mad:MSITStore:C:\spe\start.chm::/start.html#


    O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=0&q=
    O13 - WWW Prefix: http://www.heretofind.com/show.php?id=0&q=
    O13 - Home Prefix: http://www.heretofind.com/show.php?id=0&q=
    O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=0&q=
    O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=0&q=

    I'm not sure what to delete; may I post my whole Hijack This log?

    Also, incidentally, Service Pack 2 for Windows XP is repeatedly failing to install for me via Windows Update so I wasn't able to do that step. No idea why that's not working.
     
    Xorcism, Aug 31, 2004
    #1
  2. Xorcism

    Xorcism Private E-2

    Fixed it I guess; I ran Panda Virus Scan and it looks like it was a virus in C:\spe, a folder I thought looked new and suspicious but since it's my dad's computer I wasn't sure at first.
     
    Xorcism, Aug 31, 2004
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds