Help needed with "iehomepages" hijack

Discussion in 'Malware Help (A Specialist Will Reply)' started by VincentVV, Oct 26, 2006.

  1. VincentVV

    VincentVV Private E-2

    Hi there.

    I have Malware problems with a friend's new computer - and I hope you can help me solve them.

    The computer's homepage has been set to www.google.com in Internet Options, yet on clicking Internet Explorer I am faced with iehomepages.com. There is lots on this page about SpyWare removal etc. etc.

    To give you a background on what has happened so far, the computer is only a week old but my friend (who is a novice user and has little understanding of Spy/Malware threats) reports that it has become very slow and he cannot remove this bogus home page. He has also unwittingly clicked on the various adverts claiming to 'remove spyware from his computer' (and in doing so has of course installed several malicious programs). He has also installed and used LimeWire. He has a trial version of Norton Anti Virus running, which has popped up several times with virus warnings (not sure if these have been rectified as of yet). Also, a ballon pops up from the bottom right set of icons warning that 'dangerous Malware is attacking the computer - click here to fix' (I have only exited the balloon, not clicked on it since I assume the program it is coming from is bogus).

    In my attempts to sort it all out for him, I have installed and run SpyBot Search and Destroy, with several results. I have allowed this program to fix some plainly obvious Spy/Malware, though decided to leave some entries alone for the time being since they were prefixed with 'Microsoft..' and I did not want to remove anything that could be important (before doing anything I made a backup of the registry too). I have also removed LimeWire from the computer.

    The iehomepages.com remains.

    His HiJackThis (1.99.1) log file is attached.

    I only have limited access to my friend's computer, but I can with several visits follow your instructions to help remove these threats he has instantly fallen victim to. I'm a bit of a novice myself, but am learning from the various attacks I've had and how they are solved.

    Look forward to your assistance.

    Thank you in advance
     

    Attached Files:

    Last edited by a moderator: Oct 27, 2006
    VincentVV, Oct 26, 2006
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Welcome to Majorgeeks!

    As that PC is most likely now not only infected with one malware but with the clicking of many of the poups it will no doubt have many malware infections so best to download all the needed applications and copy to CD or USB pen, print out the guide and then next time at your friends, run through all the steps, then post in this thread the requested logs, from their one of our resident malware experts will look over the logs and post some further instructions to remove what they find,


    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy - ONLY IF you were not able to run Windows Defender
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
    DavidGP, Oct 27, 2006
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds