IE opens on its own with sms rington site

  • Thread starter Thread starter jb
  • Start date Start date
J

jb

Hi.
Today I have done several virus scans, Anti spy scan, enabled latest McAfee
firewall, enabled add blocker on my sons pc , yet the internet browser
keeps suddenly opening up with this ringtone site. and you can't just click
the close x at the top, coz there's also a grey window with a message and an
ok button which I won't touch, I have to click the X to close and very
quickly the X on the browser to get rid of it. Then it comes back 15 minutes
later.
Also when going to either Windows Update site or Office update site, the
browser crashes.
I can't get there through Help & Support either.(OS XP)
Please help
J
 
Hi jb :-)

You have a hijacker or other malware on your system. Download, install and
run the programs below in Safe Mode with Hidden Files enabled. This will
remove the nasty you have and any others it may have let in the back door.
Some malware can replicate itself repeatedly if not removed properly, so
even if you have already run some programs, run them again according to the
information below. Follow all instructions carefully:

First, Clear the TIF's and empty the recycle bin:
http://www.mvps.org/winhelp2002/delcache.htm

If so, then do the following:

WARNING>>>> Backup all documents and files before removing any spyware!!

How to properly scan for scumware (read first, if possible)
http://aumha.org/forum/viewtopic.php?t=5878

Download and install BHODemon from
http://www.definitivesolutions.com/bhodemon.htm
Your problem may be caused by a bad BHO.

Most importantly, download install and run CWShredder here
http://www.majorgeeks.com/download3019.html
and About Buster, which searches for hidden .dlls that recreate the malware.
http://www.majorgeeks.com/download4289.html
Then visit these two sites to test for parasites and help basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm
and
Quick-Fix Protocol.
http://aumha.org/a/quickfix.php
Basically, throw everything here at your "infection".

Then download, install and immediately update these two programs before
running:

AdAware SE - Update immediately after installing
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
AdAware Tutorial -
http://www.bleepingcomputer.com/forums/index.php?showtutorial=48
SpyBot S &D - Update immediately after installing
http://www.majorgeeks.com/download2471.html
SpyBot S&D Tutorial -
http://www.bleepingcomputer.com/forums/index.php?showtutorial=43
Microsoft Windows Antispyware Program (Beta)
http://www.microsoft.com/athome/security/spyware/software/default.mspx

Next, do an Online scan here (if possible) -
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure that you choose "fix" or "clean".

Download pocket killbox from
http://www.thespykiller.co.uk/files/killbox.exe
and put it on the desktop where you can find it easily

Download, install, and run HiJackThis - it is one of the most important
tools to help clean your system of scumware. Follow the instructions
carefully:

How to download and install HiJackThis: (it does not need to be updated)
http://www.bleepingcomputer.com/forums/topict309.html

Please DO NOT post your log to this newsgroup. It is important that you go
to one of the HiJackThis Support Forums below and allow the experts there
to analyze it for youPlease DO NOT post your log to this newsgroup. It is
important that you go to one of the HiJackThis Support Forums below and
allow the experts there to analyze it for you.::
AumHa HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30
or Bleeping Computer Forum
http://www.bleepingcomputer.com/forums/forum22.html
to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.
(Note: You will have to Register before posting on these Forums. Please
follow all posting instructions carefully to avoid having your log deleted
or ignored.)

Also, please post a link to the forum where you post your HJT log back to
this thread so that we can follow your progress there.

CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.

You should also get a copy of WINSOCKXPFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also... From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)
or Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip

How to Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

How to Show Hidden Files
http://snipurl.com/6rl8

Hope this helps :-)

Jan :)
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
 
Thank you !!!
I'll give it a go
J

Jan Il said:
Hi jb :-)

You have a hijacker or other malware on your system. Download, install
and run the programs below in Safe Mode with Hidden Files enabled. This
will remove the nasty you have and any others it may have let in the back
door. Some malware can replicate itself repeatedly if not removed
properly, so even if you have already run some programs, run them again
according to the information below. Follow all instructions carefully:

First, Clear the TIF's and empty the recycle bin:
http://www.mvps.org/winhelp2002/delcache.htm

If so, then do the following:

WARNING>>>> Backup all documents and files before removing any spyware!!

How to properly scan for scumware (read first, if possible)
http://aumha.org/forum/viewtopic.php?t=5878

Download and install BHODemon from
http://www.definitivesolutions.com/bhodemon.htm
Your problem may be caused by a bad BHO.

Most importantly, download install and run CWShredder here
http://www.majorgeeks.com/download3019.html
and About Buster, which searches for hidden .dlls that recreate the
malware.
http://www.majorgeeks.com/download4289.html
Then visit these two sites to test for parasites and help basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm
and
Quick-Fix Protocol.
http://aumha.org/a/quickfix.php
Basically, throw everything here at your "infection".

Then download, install and immediately update these two programs before
running:

AdAware SE - Update immediately after installing
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
AdAware Tutorial -
http://www.bleepingcomputer.com/forums/index.php?showtutorial=48
SpyBot S &D - Update immediately after installing
http://www.majorgeeks.com/download2471.html
SpyBot S&D Tutorial -
http://www.bleepingcomputer.com/forums/index.php?showtutorial=43
Microsoft Windows Antispyware Program (Beta)
http://www.microsoft.com/athome/security/spyware/software/default.mspx

Next, do an Online scan here (if possible) -
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure that you choose "fix" or "clean".

Download pocket killbox from
http://www.thespykiller.co.uk/files/killbox.exe
and put it on the desktop where you can find it easily

Download, install, and run HiJackThis - it is one of the most important
tools to help clean your system of scumware. Follow the instructions
carefully:

How to download and install HiJackThis: (it does not need to be updated)
http://www.bleepingcomputer.com/forums/topict309.html

Please DO NOT post your log to this newsgroup. It is important that you
go
to one of the HiJackThis Support Forums below and allow the experts there
to analyze it for youPlease DO NOT post your log to this newsgroup. It is
important that you go to one of the HiJackThis Support Forums below and
allow the experts there to analyze it for you.::
AumHa HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30
or Bleeping Computer Forum
http://www.bleepingcomputer.com/forums/forum22.html
to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.
(Note: You will have to Register before posting on these Forums. Please
follow all posting instructions carefully to avoid having your log deleted
or ignored.)

Also, please post a link to the forum where you post your HJT log back to
this thread so that we can follow your progress there.

CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may
kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.

You should also get a copy of WINSOCKXPFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also... From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)
or Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip

How to Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

How to Show Hidden Files
http://snipurl.com/6rl8

Hope this helps :-)

Jan :)
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
Click to expand...
 
Another good product is CCleaner.exe - google it. It'll help delete temporary
internet files etc. Great way to clean up. There's also CWShredder too.
Also, don't forget Microsoft's Anti-spyware software. It's a free download
and quite a nice little spyware program. Usually though I'll run 3-4
antispyware applications to make sure that I get rid of as much as possible.
There seems to be very few that catch everything. Sunbelt's CounterSpy is a
good antispyware program but it's not free.
 
Deleted everything in the Temporary files and practically stripped the whole
pc.
I did a scan in safe mode. No virus found. Did 2 scans with Ad-Aware, got
rid of 36 objects but still one of the website keeps popping up. I even
looked at the registry to see if I could find anything with the URL but
couldn't
I shall carry on with all the advice but the question now is, WHY have
antivirus, Firewall etcetc, if you have to go through all this palaver???
I'm very bluuuuu
 
Hi jb :-)
I shall carry on with all the advice but the question now is, WHY have
antivirus, Firewall etcetc, if you have to go through all this palaver???
I'm very bluuuuu
Click to expand...

Well...that is because there are like...a bazillion types of scumware and
their variants, and new ones about every day, and there are only a handful
in comparison of the scumware fighter programs. Antivirus programs, while
having expanded their definitions to some extent, are still basically virus
detectors and removers. Some can detect, but, not remove some types of
things. Then there are the adware programs, such as AdAware, that detect
and remove mostly just adware, although, do get a few other types of nasties
if you know how to configure them properly or use the add-ins. Then there is
SpyBot and other such spyware programs that deal mostly with...you guessed
it...spyware. Then there is the various Trojan finders/removers, the
various hijacker finders/removers such as CWShredder, and then there is
HiJackThis, which is sort of a tattletale of many other types of junk and
stuff, and lets you delete it. It is a shame that there is not at this time
a one shot program that will detect and remove every type of scumware, so
that is why it is a multi-tasked process to clean your machine.
Plus....remember....even on the securest machine, there are forms of
scumware out there even as we speak, that no one really knows about, so
there are no current definitions to deter or protect against them.

There are several methods. Take a look at the information here for
recommendations of how to better protect your machine from the Internet, and
your incoming e-mails.

Protect your PC:
http://www.microsoft.com/athome/security/protect/default.mspx
http://www.pcworld.com/reviews/article/0,aid,97430,00.asp
http://www.pcpitstop.com/antivirus/AVirusNotes.asp
http://users.telenet.be/Helpless/ENGfightforasafeinternet/menu/preve.html
http://aumha.org/a/parasite.htm

Jan :)
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
 
Back
Top