Homepage and Favorites Hijacked

Discussion in 'Malware Help (A Specialist Will Reply)' started by Ndrik, Jan 13, 2005.

  1. Ndrik

    Ndrik Private E-2

    Help me please! My homepage has been hijacked by www.findeverything. Unwanted favorites are listed. When I try to change the homepage I am not able to. When I delete the favorites, they always come back when I reboot.

    I'm new at trying to fix computer stuff myself.

    My computer has Norton, Ad-aware, Spybot S&D, and HijackThis(just downloaded).

    Please help me solve these problems. Thanks
     
    Ndrik, Jan 13, 2005
    #1
  2. PhilliePhan

    PhilliePhan Guest

    Hi Ndrik,

    Generally, it is a good idea to start with the Cleanup Tutorial HERE:

    READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

    There are only a few of us Volunteers who regularly offer advice in this forum. Running through the above Tutorial will remove a lot of stuff that would otherwise clog a HijackThis Log and save us valuable time.

    Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF (if you have it) and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

    Post back and let us know how you fared. Also, send us a HijackThis Log. Please be sure to follow the instructions below:

    Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
    Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

    Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

    Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

    I’m not around this forum too often these days, but somebody will try to take a look when they get a chance.

    Best luck :)
    PP
     
    PhilliePhan, Jan 13, 2005
    #2
  3. Ndrik

    Ndrik Private E-2

    I followed all of the instructions in "DO NOT POST UNTIL..."
    McAfee AVERT Stinger in normal mode
    CCleaner in normal mode
    All others in safe mode

    My problem with homepage and favorites was not fixed.

    I have attached my HijackThis log.

    Please help me to take the next step.

    Thanks very much
     

    Attached Files:

    Ndrik, Jan 15, 2005
    #3
  4. PhilliePhan

    PhilliePhan Guest

    Hi Ndrik,

    Fix these lines with HijackThis:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.find-more.net/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.find-more.net/index.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.find-more.net/index.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.find-more.net/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-more.net/index.htm

    THEN:
    Please reboot, rescan and attach a fresh log and let us know how things are working. Check back when I can.

    PP :)
     
    PhilliePhan, Jan 15, 2005
    #4
  5. Ndrik

    Ndrik Private E-2

    I scanned with HijackThis.
    I put a check in the boxes you directed.
    I clicked on fix. The 5 items disappeared.
    I rebooted.
    I scanned again with HijackThis.
    As you can see from the attached log, the 5 items are back.

    Please help.

    Thanks
     

    Attached Files:

    Ndrik, Jan 15, 2005
    #5
  6. PhilliePhan

    PhilliePhan Guest

    I'm Sorry! This one is darn sneaky and I almost missed it!!

    Please Run HijackThis and check the boxes for the following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.find-more.net/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.find-more.net/index.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.find-more.net/index.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.find-more.net/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-more.net/index.htm

    O4 - HKCU\..\Run: [mstask] C:\WINDOWS\mstask.exe

    Please make sure ALL Browser Windows (including this one) are Closed when you click FIX.

    NOW, boot to safe mode and DELETE C:\WINDOWS\mstask.exe

    NOTE: Only delete the mstask.exe in the WINDOWS directory!!!

    C:\WINDOWS\SYSTEM\MSTASK.EXE---> This one in the SYSTEM folder is OK

    Reboot and give me a fresh log and tell me how things are working now.

    PP :)
     
    PhilliePhan, Jan 16, 2005
    #6
  7. Ndrik

    Ndrik Private E-2

    Hurray! Hurray! Hurray!

    It's fixed. I've got my homepage and favorites back!

    You're the greatest.

    Thanks Thanks Thanks

    (HijackThis log attached)

    Ndrik
     

    Attached Files:

    Ndrik, Jan 16, 2005
    #7
  8. PhilliePhan

    PhilliePhan Guest

    You're Welcome :)

    That was a tricky one, what with the mstask being a legitimate process in the System Folder! Almost missed it!

    Please take a look at Chaslang's suggestions here: How to Protect yourself from malware!

    Happy Computing!

    PP :)
     
    PhilliePhan, Jan 16, 2005
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds