Virus - browser hijack

[jstewart335]

I'm trying to fix up an XP system that was attacked by a virus... the virus
was installed via an .xml file, that pretended to be an installation of the
program "Winrar".

I've run AVG virus scan, Spybot S&D, CCleaner, and manually cleaned the
startup registry entries.

As far as i can tell, the only problem left is during internet browsing...
I can get to web pages, but when i point to any search engines, i'm directed
to a page that is in eastern text.. (Chinese, i think).
This occurs in both IE7, and Mozilla Firefox3. I have tried re-installing
Firefox with no luck.

Any help would be appreciated.
thanks

 

[The Real Truth MVP]

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://pcbutts1.com/downloads/tools/tools.htm

 

[W****n S***********g]

I'm trying to fix up an XP system that was attacked by a virus... the
virus
was installed via an .xml file, that pretended to be an installation of
the
program "Winrar".

I've run AVG virus scan, Spybot S&D, CCleaner, and manually cleaned the
startup registry entries.

As far as i can tell, the only problem left is during internet browsing...
I can get to web pages, but when i point to any search engines, i'm
directed
to a page that is in eastern text.. (Chinese, i think).
This occurs in both IE7, and Mozilla Firefox3. I have tried re-installing
Firefox with no luck.

Any help would be appreciated.
thanks

Also, check your host file for entrys of the web sites that you are trying
to get to. ??

 

[Mick Murphy]

Run Malwarebytes, Spybot Search & destroy, and AVG, in SAfe Mode to remove
problems remaining.

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.

 

[nass]

I'm trying to fix up an XP system that was attacked by a virus... the virus
was installed via an .xml file, that pretended to be an installation of the
program "Winrar".

I've run AVG virus scan, Spybot S&D, CCleaner, and manually cleaned the
startup registry entries.

As far as i can tell, the only problem left is during internet browsing...
I can get to web pages, but when i point to any search engines, i'm directed
to a page that is in eastern text.. (Chinese, i think).
This occurs in both IE7, and Mozilla Firefox3. I have tried re-installing
Firefox with no luck.

Any help would be appreciated.
thanks

Then you have a bad BHO/Hooks installed on your browser and you need to
remove them by running a through scan.

Run a thorough scan by doing the following steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Download and Update both SuperAntispyware and Malwarebytes then run a
complete scan - Free
http://www.superantispyware.com/superantispywarefreevspro.html
http://www.malwarebytes.org/rr-update/rr-free-setup.exe
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Comodo BOClean : Anti-Malware Version 4.27
http://www.comodo.com/boclean/boclean.html

If you wish to send me your Hijackthis log I will be happy to help you
further or send to one of many forums on the internet!
Download Hijackthis and send me the log.
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
my address is : to_you_ross(at remove this and repalce with the
obvious)yahoo.co.uk ( _ is underscore)

HTH,
nass

 

[jstewart335]

Thanks for the info. The help is much appreciated.