My computer browser IE6 has been HIJACKED!!

hi im prek,
i hope you guys here can solve my misery....i was surfing my on my
ie6 and it was hijacked by a pornographic site....ever since that everytime i start my IE..a pop up will appear and directing the browser to 540.scmg.net...
i dont deal with warez stuff and porn....im a newbie and not a computer expert...i hope you guys can help me 'step-by-step' thank you....

i have got the following prog:
hijackthis1.99
zonealarm
mcafeestinger
spywareblaster
ccleaner
adware-se

 

Hi Prek,

Generally, it is a good idea to start with the Cleanup Tutorial HERE:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

There are only a few of us Volunteers who regularly offer advice in this forum. Running through the above Tutorial will remove a lot of stuff that would otherwise clog a HijackThis Log and save us valuable time.

Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF (if you have it) and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I’m not around this forum too often these days, but somebody will try to take a look when they get a chance.

Best luck
PP

 

Maybe you should try another browser. Mozilla Firefox.


http://www.majorgeeks.com/download2248.html

 

How does that solve the current problem?

 

hi thanks for helpin me up,
great my dial-up dialer hasn't been infected anymore,but still whenever i start my IE6 there will be a pop-up that directs to 50.scmg.net....i have tried your virus removal READ ME step by step.....dont seem to work,during safe mode my com cant log on to the net.....im scanning now on the net,but not in safe mode.....

 

hi hello,
this is my hijackthis log while running in safe mode,enabled hidden files and folders and system restore off.




Logfile of HijackThis v1.99.0
Scan saved at 11:25:43 AM, on 1/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


which one is the infected or malicious files i need to fix...what todo next
i have got firefox installed....pls reply asap thank you :->

 

Hi Prek,

The next time you scan with HijackThis, please scan in Normal Windows Boot and ATTACH the log as per the instructions in my 1st post.

Also, DAP is considered Adware, but its removal is up to you.


Please print out these instructions so that you can operate with All Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now scan with HijackThis and Check the Boxes for the following:

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if it should remain:

C:\WINDOWS\System32\vbsys2.dll

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log.

There may be more malware on your machine - A normal boot log will tell us more. I will try to check back when time permits.

Best luck
PP

 

hey hi phillie,
thanks for helpin me out!!!! it works i followed everything you said
i done it step by step,and now EVERYTHING IS OK!!! THERES NOMORE
POP-UPS ANYMORE!!! here's the hijacklog in normal windows


Logfile of HijackThis v1.99.0
Scan saved at 7:36:49 PM, on 1/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


your advice and step by step guidance really helps me....thousands of thanks for YOU PHILLIE....love you, any advices for me in the future so that this probs wont occur...i really owe you alot PHILLIE THANKS!!!THANKS!!!!

 

You're Welcome! Happy to help

Your HJT log looks good. Please take a peek at Chaslang's suggestions: How to Protect yourself from malware!

Happy Computing!

PP