Hello, My start page has been hijacked and replace with something else and lots of porn sites open and jams the computer. Basically I can no loner anything on the computer. At the same time there pop ups of the Trojan horse Downloader, Trojan horse dialer and misb.exe. I can’t download anti-spyware, anti-adware or any anti-virus, each time I try to save or open the download I get a message that reads: “Access to the requested device or file is denied”. I also been denied access to all the drives including floppy disk, I get the following message: “Your current security setting prohibits ActiveX controls on this page. As a result, the page may not display correctly”. Can anyone help out there? Thanks. Jimmy

Hi Jimmy, Sounds like you got several serious nastys on your unit. Since evidently you cannot access the internet from your computer, from a different computer, go Here and download HiJack This, and save it to a USB Thumb drive or burn it to a CD. Take those to your compromised computer and install HT off the flash drive (or CD). Close down all open windows so only your desktop is showing, Run HiJack This and save the log to your flash drive. IF you can, post the log, or you may have to do it from your other computer. >tomcoyote.com >spywarewarrior.com >suggestafix.com An expert will be along to help you. Unfortunately, HT logs are not allowed on this forum and are usually deleted by the moderators. http://www.spywareinfo.com/~merijn/downloads.html Give a man a fish and you feed him for a day; Teach a man to fish and you feed him for a lifetime; Then industry pollutes the water and kills all the fish.

I've had similar situation, but little bit less hopeless. Any antivirus i installed with great effort could not remove the trojan. I did the following: 1) Download utility named "ProcessExplorer" from www.sysinternals.com (it's freeware) 2) Download any utility which can manage your startup registry entries (I used Starter from www.webattack.com) 3) Log into Windows in Safe Mode - if u cant have access to folders - examine with right click: Properties->Security->Advanced and Owner tab. Change owner to Administrator. Then grant access to Administrator or any user you want. 4) Open ProcessExplorer and examine if there is a process like "rundll32.exe *.dll" - trojan loads its dll. Kill the process. Go to /winnt/system32, find rundll32.exe - archive it, then delete rundll32.exe (Windows normallly cant start without it but its OK for a moment). 5) Find trojan dll and delete it.If it is not any system folder (like winnt) you can remove any users which have access to the folder, including administrator - this prevents trojan from reading/writing to that folder. Clean manually our Temporary Internet Files Folder and Temp folder (they are at /documents and settings/administrator/local settings(a hidden folder)), remove all users that have access to these folders (preventing anyone from browsing/reading/writing to them including administrator) 6) Start Internet Explorer and be calm :). In ProcessExplorer examine all the dll files which are loaded with IE. Look closely at dlls which dont have comments or are not signed (Normally all windows and other normal programs sign their dlls or include comments - you'll see the difference in ProcessExplorer) - examine their date of creation - if you remember roughly when your computer got infected - you can find what dlls where created at that time. Locate these dlls on disk - archive them all and delete. 7) Start your startup manager program and locate suspicious entries which link to dlls you find or some programs you never installed (there also will be no comments to these entries). Delete these startup entries and then click refresh in your startup manager. If these entries did not reappear - this means you are nearly done :). Extract rundll32.exe to its original location. 8) Restart windows in normal mode and reinstall Internet Explorer and then reset all settings. Run some antispy or antivirus. Must be OK. Note: I described my adventures with Trojan.StartPage - if you have other trojans you can use similar methods. The problem is to locate all core files of trojans - kill their processes and delete these files. Good Luck :) .

Hi Ranchhand, I have managed to run HiJack, now that logs are not allowed on this forum, any idea how I can send it to an expert? Any expert I can send it to directly? Anyone one on this forum with Merijn’s email address? Sorry, I am new. Arasul, I will now read your response. Thanks. Jimmy

Hi! Go to http://pjwalczak.com/spguard/index.php and download StartPageGuard, freeware. StartPage Guard (SPG) protects your PC from cyberscam, by detecting and preventing any unauthorized changes to your internet browser's Start and Search pages. It is also capable of removing automatically most of known "invaders". You can also do like this: Correct your home page to the one you prefer, then immediately do the following: Backup the registry and/or export the following keys: go to Start>Run, type regedit. Navigate to: HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\ Right-click on the Internet Explorer key, choose new>Key, name it Control Panel. Right-click on the Control Panel, chose new>DWORD value, name it Homepage. Right-click on Homepage, choose modify and type in the number 1. This should lock your home page, so no other web site can change it. Then navigate here and verify the homepage is correct: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main look for the Start Page entry Besides here are two links for you: http://www.spywareinfo.com/articles/hijacked/ http://www.fjsmjs.com/IE/homepage.htm /Tompa/