Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
My homepage keeps changing to about:blank I think it maybe a virus, or some sort of spyware. I've run Spybot and Adaware and it was clear.Can somebody help please i'm stuck!
Use hijackthis .
http://www.spywareinfo.com/~merijn/downloads.html
http://mjc1.com/mirror/hjt/===========================================
Filename or a startup entry Search
http://www.kephyr.com/filedb/index.phpOr ,
Listing & description of Startup Entries .
http://www.sysinfo.org/startuplist.php?filter=v&count=&type===================================
Here is the logfile check list .
http://www.help2go.com/article153.html
http://hjt.wizardsofwebsites.com/
http://www.spywareinfo.com/bhos/
http://www.spychecker.com/program/bholist.html
http://www.spywareinfo.com/~merijn/htlogtutorial.html#r
http://www.computercops.biz/postt6393.html
http://www.google.com/search?q=spyware+list=========================================
Open SpyBot and select the "Immunize" icon on the left & Click on Immunize , in the new page .
Permanently running bad download blocker for Internet Explorer .
Select > Block all bad pages silently & click Install .
Then check the box "lock hosts file read-only as protection against hijackers".
0 
Online Virus check ( free )
http://www3.ca.com/virusinfo/virusscan.aspx
http://housecall.antivirus.com/
http://www.coledata.com/virusalert.htm
http://www.cybertechhelp.com/html/misc/av.php
http://www.pandasoftware.es/activescan/activescan-com.asp
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/
http://www.stop-sign.com/
0
The most important program to run is the "CW-Shredder" Download to and run from your desktop, see if it finds and fixes anything. If not download HijackThis and run a scan of your system and we will be able to see what's going on. Copy and paste it in your post.
CW-Shredder
CW Shredder
HiJackThis
0
Nothing was infected according to the CWShredder, I ran HiJack This and this came up?
Logfile of HijackThis v1.97.7
Scan saved at 22:34:22, on 29/02/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\PROGRAM FILES\ASUS\PROBE\ASUSPROB.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\KM9801U\MMHOTKEY.exe
C:\WINDOWS\SYSTEM\INTERNAT.exe
C:\PROGRAM FILES\B'S CLIP\BSCLIP.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.exe
C:\PROGRAM FILES\CCONNECT\CCONNECT.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.exe
C:\PROGRAM FILES\KM9801U\HOKHIDKC.exe
C:\WINDOWS\WEBSHOTS.SCR
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\WINDOWS\TEMP\TD_0003.DIR\HIJACKTHIS.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [KM9801U] C:\PROGRA~1\KM9801U\MMHotKey.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37991.6753009259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
0
Have you locked the home page so it cannot be changed?
Some spyware tools will do this for you, and you can also set a group policy to protect this. Several Tweak tools may also have this ability.
J.
J.
j e r u v y a t y a h o o d o t c o m
0
Whats the homepage change to? Your log doesn't look too bad unless I missed something. Do you want the Google Tool bar?
These two have to go but it has to be more then that.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
0
http://camtech2000.com/Pages/Restrictions.htm
Have you had problems with sites hijacking your Home Page or other Internet Explorer restrictions? IE Restrictions will remove most common restrictions that may have been set by a sleaze web site as well as other methods. I do not guarantee this will remove all types available as there are just too many to put in one program but this will take care of 24 of the most common ones. Of course you can also use it to set any restrictions you'd like to have on your PC.
0
The homepage keeps changing to about:blank, but its not the usual about:blank page its some kind of search engine.
I've got spyware guard installed and I keep getting warnings that something is trying to change my homepage, everytime I start up my PC or IE.
0
This has also been suggested: From within IE, choose Tools, Internet Options, Advanced, Browsing, Uncheck enable thirdparty browser extensions(requires restart). Then reset your homepage.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
