Problem with - Possible browser highJack-

[enriqueskater]

I have run the scan it detects a possible browser High
jack, and selected to be removed, and it tells me it has
been removed. But is still there after i run the scan
again. I t never gets rid of it.

How can this be fix?

 

[Andre Da Costa]

Best recommendation then would be to restart in safe mode and do a deep
scan. On the Scan Page choose Scan Options > Full System Scan. Do this at
least two times until detects something. Also, before you restart in safe
mode, disable System Restore, some trojans and spyware programs are likely
to restore themselves with system snap shots:

Right click My Computer > Properties > System Restore, check the "Disable
System Restore" check box and restart in safe mode.

Restart in safe mode instructions:
www.microsoft.com/resources/documentation/
windows/xp/all/proddocs/en-us/boot_failsafe.mspx

Remember, this is still beta and cannot be judged as a finished shipping
product.

 

[John Feick]

Andre; I tried running the deep scan twice in safe mode
with restore turned off. Anti-spyware caught the
hijacker on the first try in the registry and removed
it. Second time through the scan, Anti-spyware found no
threats. I restarted in normal mode and the about:blank
is back (restore is still turned off). This hijacker
sends me to a bunch of links for nyam-nyam.biz, which, of
course, I do not want. I get kicked into a search using
http://huyavrot.biz/search when I do not want it. Also,
this spyware uses nihuyandex.biz to hijack legitimate
search engines including microsoft MSN. Interestingly,
the AOL search engine is not compromised. Any ideas?
Where can I look for this nasty bug? I would appreciate
any help you can give. John

 

[Andre Da Costa]

Go to Tools > and send in a Suspect SpyReport. In the mean time try this
program:
http://www.ccleaner.com/

 

[Steve Dodson [MSFT]]

Please go to advanced tools and select browser restore.
Many times people are not using the advanced tools for browser hijacks. Let
us know if this is not working so we can address it.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.

 

[plun]

Andre; I tried running the deep scan twice in safe mode
with restore turned off. Anti-spyware caught the
hijacker on the first try in the registry and removed
it. Second time through the scan, Anti-spyware found no
threats. I restarted in normal mode and the about:blank
is back (restore is still turned off). This hijacker
sends me to a bunch of links for nyam-nyam.biz, which, of
course, I do not want. I get kicked into a search using
http://huyavrot.biz/search when I do not want it. Also,
this spyware uses nihuyandex.biz to hijack legitimate
search engines including microsoft MSN. Interestingly,
the AOL search engine is not compromised. Any ideas?
Where can I look for this nasty bug? I would appreciate
any help you can give. John

Hi

- Send a suspected spywarereport about this to MS, menu tools

Then try this:

http://www.besttechie.net/forums/index.php?showtopic=1488

Then go to Aumha for real HijackThis help if above doesnt work.

http://www.aumha.org/a/quickfix.htm

 

[John]

Steve, Thanks for the suggestion. When I use browser
restore it shows me that the hijacker has changed Start
Page and Start Page (all users). Browser restore
reporets that all 22 settings have been restored to the
IE defaults. The first time that I use IE, the homepage
is MSN. The next time I open IE, the start page has been
changed back to about:blank. AntiSpy Deep Scan finds the
registry setting that has been hijacked, but it does not
seem to find the dll that is doing the damage. Any more
ideas you have would be appreciated. thanks, john

-----Original Message-----
Please go to advanced tools and select browser restore.
Many times people are not using the advanced tools for browser hijacks. Let
us know if this is not working so we can address it.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.

Andre; I tried running the deep scan twice in safe mode
with restore turned off. Anti-spyware caught the
hijacker on the first try in the registry and removed
it. Second time through the scan, Anti-spyware found no
threats. I restarted in normal mode and the about:blank
is back (restore is still turned off). This hijacker
sends me to a bunch of links for nyam-nyam.biz, which, of
course, I do not want. I get kicked into a search using
http://huyavrot.biz/search when I do not want it. Also,
this spyware uses nihuyandex.biz to hijack legitimate
search engines including microsoft MSN. Interestingly,
the AOL search engine is not compromised. Any ideas?
Where can I look for this nasty bug? I would appreciate
any help you can give. John

.

 

[John]

Andre, Thanks for your ideas. I downloaded and ran
ccleaner. It did clean up a bunch of stuff on my dard
drive. Unfortunately, this hijacker was not one of the
things that it found. I have tried several times to send
in a SpyReport with no luck. I get a message that says
An error occurred submitting the scan results. Please
check your Internet Proxy settings and try again. Since
I do not use a proxy server (I use CompuServe dialup), I
do not know what settings to change. Thanks for your
time. Any suggestions would be appreciated. john

 

[plun]

Steve, Thanks for the suggestion. When I use browser
restore it shows me that the hijacker has changed Start
Page and Start Page (all users). Browser restore
reporets that all 22 settings have been restored to the
IE defaults. The first time that I use IE, the homepage
is MSN. The next time I open IE, the start page has been
changed back to about:blank. AntiSpy Deep Scan finds the
registry setting that has been hijacked, but it does not
seem to find the dll that is doing the damage. Any more
ideas you have would be appreciated. thanks, john

Try About:Buster

http://www.besttechie.net/forums/index.php?showtopic=1488

Please report back if it works.

 

[John]

-----Original Message-----


Hi

- Send a suspected spywarereport about this to MS, menu tools

Then try this:

http://www.besttechie.net/forums/index.php?showtopic=1488

Then go to Aumha for real HijackThis help if above doesnt work.

http://www.aumha.org/a/quickfix.htm

downloded and ran the software. It seemed to find the
about:blank registry and changed it to google for me.
AntiSpy followed the changes and reported them to me as
expected and allowed me to decide if I wanted the google
change, which I accepted. Unfoutunately, after the first
run of IE, the about:blank was back in the registry. I
used AntiSpy advanced tools to change the settings to the
IE default, and it seemed to work. The next time I used
IE, though, the problem was back. I then downloaded
and ran cwshredder. As soon as I started running
cwshredder, my machine crashed. I got the 'Your system
has just recovered from a serious error' message, went on
line, and sent in the resulting error report to MS. The
MS Online Crash Analysis page told me that I had a device
driver failure; but, it could not tell me which device
had failed. My passport name is the same as my email, so
you are welcome to check it if you think it will do any
good. I am now a little reluctant to run anything else
from aumha.org. Any suggestions would be appreciated.
Thanks for your time, john

 

[Guest]

-----Original Message-----


Try About:Buster

http://www.besttechie.net/forums/index.php?showtopic=1488

Please report back if it works.

posted about 11:35. Thanks again for your ideas. john

 

[plun]

downloded and ran the software. It seemed to find the
about:blank registry and changed it to google for me.
AntiSpy followed the changes and reported them to me as
expected and allowed me to decide if I wanted the google
change, which I accepted. Unfoutunately, after the first
run of IE, the about:blank was back in the registry. I
used AntiSpy advanced tools to change the settings to the
IE default, and it seemed to work. The next time I used
IE, though, the problem was back. I then downloaded
and ran cwshredder. As soon as I started running
cwshredder, my machine crashed. I got the 'Your system
has just recovered from a serious error' message, went on
line, and sent in the resulting error report to MS. The
MS Online Crash Analysis page told me that I had a device
driver failure; but, it could not tell me which device
had failed. My passport name is the same as my email, so
you are welcome to check it if you think it will do any
good. I am now a little reluctant to run anything else
from aumha.org. Any suggestions would be appreciated.
Thanks for your time, john

Hi again

- Have you send any suspected spywarereport to MS about this
? (menu tools)

Then I do believe that Aumha.org is the best place to get
rid of this pest.

But it is really strange that About:Buster didnt catch this
beacuse this
is an standard procedure within all forums dealing with this !?

You also have these wellknown forums using HijackThis logs.

http://www.merijn.org/forums.html