Help! I logged into the internet this morning and got a bogus home page! When I started working with programs on the nett that I use every day it ran very slow! I ran a virus scan and three files were infected and they were "temp" internet files so I deleted them. Now the internet runs very very slow! Please help!

Hi Lionel, hi everyone, What was this virus? Deleting infected files is not sufficient! go to Symantec web site to download an antidote! Have a good day, Gérard from Paris, France

I agree! You should always use the recommended virus removal instructions. Just deleting files rarely gets rid of the problem completely.

This previous posting might help: 149156 Derek

Hi Lionel, bill, Derek, hi everyone, Good memory Derek! I read the thread some days ago but didn't remember it when I was reading Lionel's question! ... look still very young! ;-) Have a good day, Gérard from Paris, France

Got it too. Was able to remove it. Clean your win.ini for info32.exe command. Make sure you also clean the registry for info32.exe and ytdfs. Run HijackThis and clean the files. This should remove the info32.exe error and correct the hijacked browser. I ended up cleaning all of the files that showed up. Granted I have to reset some of my startups but it is a small price to pay to remove this. Use the find feature in the registery editor as this thing hides itself all over the place. The way that I checked to make sure that it removed the hijacking of the browser is to reset the home page, set the system date one day ahead and then reboot then check Internet Explorer. If it comes back to what you set it to, then it should be fixed. I did a bit of searching on some of the stuff that showed up. I found the following on dotster.com whois. luckysearch.com is registered thru a reseller joker.com I have had problems with other hijackings coming thru that reseller before. The info that I found thru Mcafee pointed to BackDoor-DB.cfg but the removal instructions were really lacking. Just wanting to say thanks to all the people that have recommended HijackThis. The my log results from HijackThis are as follows. (sorry for the length added to the post but may help) Logfile of HijackThis v1.97.3 Scan saved at 8:48:25 PM, on 10/15/03 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.00 (5.00.2919.6304) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.exe C:\WINDOWS\SYSTEM\AOLFIX.exe C:\WINDOWS\SYSTEM\MDM.exe C:\PROGRAM FILES\WS_FTP PRO\FTPSCHED.exe C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.exe C:\WINDOWS\SYSTEM\MSG32.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RPCSS.exe C:\WINDOWS\EXPLORER.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\WINDOWS\SYSTEM\HPSYSDRV.exe C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.exe C:\WINDOWS\SYSTEM\USBMMKBD.exe C:\PROGRAM FILES\DIRECTCD\DIRECTCD.exe C:\PROGRAM FILES\WS_FTP PRO\FTPQUEUE.exe C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.exe C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.exe C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.exe C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.exe C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.exe C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.exe C:\WINDOWS\RunDLL.exe C:\HP INTERNET\SURFBOARD\SURFBRD.exe C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.exe C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.exe C:\WINDOWS\SYSTEM\DDHELP.exe C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\WINDOWS\SYSTEM\SPOOL32.exe C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.exe C:\WINDOWS\SYSTEM\PSTORES.exe C:\PROGRAM FILES\NTS\ENTERNET 300\APP\ENTERNET.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://acc.count-all.com/--/?ydtfs (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://acc.count-all.com/---/?ydtfs (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://acc.count-all.com/--/?ydtfs (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acc.count-all.com/-/?ydtfs about:blank (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acc.count-all.com/-/?ydtfs (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://acc.count-all.com/--/?ydtfs (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://acc.count-all.com/---/?ydtfs (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?ydtfs (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acc.count-all.com/-/?ydtfs about:blank (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://acc.count-all.com/--/?ydtfs (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://acc.count-all.com/--/?ydtfs (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?ydtfs (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://acc.count-all.com/---/?ydtfs (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com; R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?ydtfs (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?ydtfs (obfuscated) F1 - win.ini: load=C:\OPLIMIT\ocraware.exe O1 - Hosts: 3510794918 auto.search.msn.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiKey] Atitask.exe O4 - HKLM\..\Run: [InstallAurealDemos] C:\windows\temp\InstallAurealDemos.js //b O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.exe O4 - HKLM\..\Run: [ftpqueue] C:\PROGRAM FILES\WS_FTP PRO\ftpqueue.exe -tray O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.exe" /checktask O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime O4 - HKLM\..\Run: [Tapicfg.exe] \tapicfg.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.exe O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run O4 - HKLM\..\RunServices: [AolFix] C:\windows\system\AolFix.exe O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.exe O4 - HKLM\..\RunServices: [ftpqueue] C:\PROGRAM FILES\WS_FTP PRO\FTPSCHED.exe O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.exe /RUNSERVICES O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet O4 - Startup: HP Internet Center.lnk = C:\HP Internet\Surfboard\Surfbrd.exe O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: Updates from HP.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\OFFICE\1033\PHDINTL.DLL/phdContext.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Real.com (HKLM) O9 - Extra button: Net2Phone (HKLM) O9 - Extra 'Tools' menuitem: Net2Phone (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll O12 - Plugin for .rmf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPBeatSP.dll O12 - Plugin for .ASP: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,73/mcinsctl.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://a19.g.akamai.net/7/19/7125/4007/ftp.coupons.com/r3120/cpbrxpie.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = alpha2.csd.uwm.edu O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 65.43.17.14 O19 - User stylesheet: C:\WINDOWS\Web\win.def O19 - User stylesheet: C:\WINDOWS\default.css (HKLM) I hope this helps. May the Lords of Karma smack the originator of this annoyance severely on the backside and drag him/her thru fields of sharp tacks. Rebecca

Hi Rebecca, hi everyone, Thank you for posting! think it will help other visitors! Have a good day, Gérard from Paris, France