Hijacked browser

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Harley Girl, Jan 4, 2005.

  1. Harley Girl

    Harley Girl Private E-2

    Hi
    I have been trying to get rid of a hijack that HijackThis will not remove.
    When I open explorer my favorites are not correct either. Plus a new search bar.
    Inclosed is the log file.
    Hope you can help
    HG :rolleyes:
     

    Attached Files:

    Harley Girl, Jan 4, 2005
    #1
  2. Quinndrew5

    Quinndrew5 Corporal

    Quinndrew5, Jan 4, 2005
    #2
  3. PhilliePhan

    PhilliePhan Guest

    Hi HG,

    Quinndrew is right to recommend a spin through the Cleanup Tutorial. However, your HJT Log looks fairly clean. You should fix the following with HJT:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jvwgetftwqq.com/iCus_K4Fa3p3mAph95cefQvJaP5hiVt4ck64gpnC_X41GKRyV0PP5d/kl5twVmpb.cgi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    and then reset your WebSettings.

    ALSO: Do you recognize this?

    O4 - HKCU\..\Run: [dead bind] C:\DOCUME~1\Owner\APPLIC~1\PLATFO~1\Style Bias.exe

    If not, perhaps you ought to remove that entry as well and then Delete the related file or folder. You should check to see what this folder is PLATFO~1 (Full Name, etc...) and if you need it.

    PP :)
     
    PhilliePhan, Jan 4, 2005
    #3
  4. Harley Girl

    Harley Girl Private E-2

    Do you mean to get rid of all three of the first three things you listed?
    So far things are back to normal after running the Adware and other things on the list but they may come back if they are in the registry because they did before and my other adware did not find them but after I installed the new one it did.
    Harley Girl
     
    Harley Girl, Jan 5, 2005
    #4
  5. PhilliePhan

    PhilliePhan Guest

    Remove these three entries using HijackThis:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jvwgetftwqq.com/iCus_K4F...d/kl5twVmpb.cgi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    I still wonder about this one:
    O4 - HKCU\..\Run: [dead bind] C:\DOCUME~1\Owner\APPLIC~1\PLATFO~1\Style Bias.exe

    If you don't know what it is, then it should be removed as well and the corresponding file deleted.

    PP :)
     
    PhilliePhan, Jan 5, 2005
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds