home page got hijacked!!

marty k · Jul 19, 2005

How can I get rid of start page line as listed on my regedit? I tried to modify, no good, delete, no good, rename still it will not stay changed. Here is my "hijack this log", if anyone can help me I would greatly appreciate it. Thanks, marty.

Edit by chaslang: Unrequested inline log removed

chaslang · Jul 18, 2005

Please read the announcement and sticky threads. HJT logs should only be posted when requested and then they must be attachments to your message. Please run the steps below.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem, boot into normal mode and make sure you follow these directions exactly as written:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

Are you referring to these lines:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocsv.dll/API32.htm#ID=347;065D
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com/start.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocsv.dll/asst.htm

You need to get to Windows Update later (when finished fixing problems) you are out of date. Look at your IE version: Explorer v5.50 (5.50.4134.0600)

marty k · Jul 19, 2005

I tried each of the 4 steps you gave me in the last thread. Kill2me found a Look2me virus and removed it if it was there?? About:Buster took 3 times to download because of "database corrupt or missing" message. The BitDefender found trojans and i copied a log of them. One was C:\WINDOWS\SYSTEM32\svcnt.exe it could not be disinfected or deleted. My DSL will not allow me to connect to the internet while in the safe mode. The line item that will not delete is res://C:\\windows\system32\shdocsv.dll/api32.htm#id=347;065d In the registry it is the start page that will not let me change to anything else. The start page has links to get "special software to resolve the problem". The link shows as javascript:redirector.dll?securityID=817093-ms05-011&privacyAPI32=x292 Any more information you need I will gladly try to get it. Thanks, Marty

marty k · Jul 19, 2005

something new with me now my browser has changed to netscape from IE.

chaslang · Jul 19, 2005

Please complete what I gave you in my first message.

Log in or Sign up

home page got hijacked!!

marty k Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

marty k Private E-2

marty k Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member