http://parsecity.blogfa.com/ redirect virus?

January 25, 2011 at 07:57:07
Specs: Windows 7
Hello,
I am having an extremely annoying issue with this site http://parsecity.blogfa.com/. It keeps injecting itself as the homepage for my users. If I change the homepage back to something else, it will be fine until the user logs out and logs back in. Then it is back to that site. Considering my users don't read or speak Persian it is really stupid. I have tried completely formatting a machine and installing a clean version of XP. Everything goes fine for about a day or so and then the site comes back as the homepage of all browsers. There is nothing on the internet about this site being a virus but I can't understand why it keeps happening over and over. Can anyone help?

See More: http://parsecity.blogfa.com/ redirect virus?

Report •

#1
February 8, 2011 at 05:02:38
Anybody?

Report •

#2
February 8, 2011 at 07:34:37
try installing winpatrol and lock the file types
http://www.winpatrol.com/download.html
Did you re-install from the hidden partition or from installation discs?
This next link will help you give us better answers
http://www.computing.net/howtos/sho...
Good luck

You are probably not getting replies because you haven't given out enough information and don't forget, we all help out for free ;-)

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#3
February 8, 2011 at 07:57:55
Sorry about that, first-timer here :S

Ok, I installed from installation discs (ones specifically for Dell systems). Deleted all partitions before I began. We are using McAfee VirusScan 8.7i which does not detect anything. I've also tried MalwareBytes, SuperAntiSpyware, and StopZilla to get rid of this problem. None have completely worked. The closest I came was with StopZilla which at least allows me to block the change to the homepage. SuperAntiSpyware will alert me that my homepage is being changed with an option to block it, but even if I tell it to block the change it still changes.

We've also tried to block all traffic from that site at the firewall level but even though users can't get to the page, the change to the homepage still occurs.

I will install winpatrol and see if I can see anything unusual there. Problem is I don't know what to block as far as files go at the moment.


Report •

Related Solutions

#4
February 8, 2011 at 08:04:37
No problem. I would get rid of Stopzilla, that could be causing some of your problems. McAfee is also not as good as many free AV's. If you uninstall it use the remover from the website:
http://service.mcafee.com/FAQDocume...
Then I would suggest Avast Free
http://www.filehippo.com/download_a...
Also run these 2 fully working 30 day trials and fix all they find:
1- Trojan remover
http://www.simplysup.com/tremover/d...
2- Hitman Pro
http://www.surfright.nl/en/downloads/

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#5
February 8, 2011 at 08:09:27
Yeah, the only problem is its our corporate AV. And that comes from head office. So we have to use McAfee. I know, I hate it too...

Report •

#6
February 8, 2011 at 08:22:35
no problem, in that case, use the other cleaners I suggested.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#7
February 8, 2011 at 11:40:23
Alright I was able to get rid of it! Thank you very much. It was a little trickier than just running those programs though. For anyone else who may experience this I'll post what I did to get rid of it. I installed winpatrol and it was able to show me which processes where from that trojan. After that, I just found the paths to the executables. It wasn't as easy as deleting them however; I had to boot into safe mode with command prompt only then delete these files:

C:\WINDOWS\smss.exe
(You may want to go to this directory and issue the command del smss* as there are some hidden files with the same name and weird extensions.)

C:\WINDOWS\system32\remind.exe
C:\WINDOWS\UtilitySound\SoundMax.exe
C:\WINDOWS\Web\OfficeUpdate.exe

After I deleted all those files, the problem disappeared.

Again, thanks so much for the help! Cheers.


Report •

#8
February 8, 2011 at 11:55:39
Thanks for posting back! Glad to be of help to you.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#9
February 23, 2011 at 04:50:53
Well if you have a solution. Please let me know because the problem keeps coming back. And now it seems to be disabling our Anti-Virus. Please post a link to the fix.

Report •

#10
February 24, 2011 at 01:34:42
Please send a mail to my email address. after i'll send anti virus for fix this problem. and do it. drag your pointer on the icon of my computer. if you see my site in tooltiptext, you have to get anti virus from me for fix this problem.
E-Mail: Explorer.mr06@Gmail.com

Report •

Ask Question