1. Hey Guest Did you know you can win an Honor 10 phone worth ₹33,000 and an additional ₹70,000 in paytm vouchers, just by replying to some threads and taking part in the discussions happening in the Honor Hub?

    What are you waiting for? Start commenting and start winning! Remember to read the instructions posted here.

    Dismiss Notice

unwanted home page

Discussion in 'QnA (read only)' started by bsb, Aug 31, 2004.

Thread Status:
Not open for further replies.
  1. bsb

    bsb New Member

    Joined:
    Nov 22, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    0
    Hi!
    I am using Windows XP on a P-4. I have got two problems with my browser (IE 6), which started after I opened one spam by mistake. Well, the problem 1 my home page has been changed. Everytime, I switch on, I set to yahoo.com but as soon as I restart, it is same again.

    2nd - I have got a few unwanted links as my favourites. I delete them everytime but as soon as I restart they appear again.

    Will some one help me to rectify the above problems.

    Thanks.

    BSB
     
  2. mariner

    mariner New Member

    Joined:
    Dec 21, 2003
    Messages:
    522
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    mumbai
  3. lajs

    lajs New Member

    Joined:
    Jul 17, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    0
    best apply the available security patches for ie 6 in the net
     
  4. mariner

    mariner New Member

    Joined:
    Dec 21, 2003
    Messages:
    522
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    mumbai
  5. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    Please post your HijackThis Logfile for better assesment of your problem.
     
  6. lywyre

    lywyre Active Member

    Joined:
    Aug 18, 2004
    Messages:
    1,217
    Likes Received:
    4
    Trophy Points:
    38
    Location:
    Chennai/Vellore, TN
    Download Autoruns.exe from www.sysinternals.com

    Boot into safemode and and run Autoruns.exe: remove unwanted executable from startup.
    Remove all unwanted programs in Add/Remove programs.
    Delete twain.dll and twain_32.dll in the Windows folder.

    Also check there are no unwanted .dll files in your c:\windows\System32 folder. To do this list your files in 'details' view and sort by date. Delete all the .dll and tmp files created after you visited that 'spam site'.

    Delete unwanted plugins in the "downloaded programs files". (Delete all except shockwave and java and quicktime).

    Emtpy you Temp folder (Type %temp% in the address bar).

    Hope this solves you problem.
    To avoid further such issues, stop using IE.
     
  7. aadipa

    aadipa New Member

    Joined:
    Feb 12, 2004
    Messages:
    997
    Likes Received:
    2
    Trophy Points:
    0
    Location:
    Palghar, Mumbai
    Best way .......
    Post ur HijackThis Log file.....
     
  8. OP
    OP
    bsb

    bsb New Member

    Joined:
    Nov 22, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    0
    unwanted homepage

    Hi! Thanks to all who responded.

    Well, 'ad aware SE' and ' Spybot SD' could not solve the problem. However, by running these programmes, I came to know that I may have more problems than I can see.

    Secondly, I ran 'Hijackthis'. The logfile is reproduced below.
    Logfile of HijackThis v1.98.2
    Scan saved at 1:28:39 AM, on 9/2/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\spoolsv.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Windows\Cpqdiag\Cpqdfwag.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Contract\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://up-search.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://up-search.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://up-search.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://up-search.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://up-search.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://up-search.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://up-search.com/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://up-search.com/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://up-search.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://up-search.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://up-search.com/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://up-search.com/index.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://up-search.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://up-search.com/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://up-search.com/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://up-search.com/search.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.205.122.80:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.205.*.*;<local>
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [winupd] C:\Windows\System32\winupd.exe
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.31.79.101/winsearchie32.chm::/winsearchie32.exe
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mumbai.ongcl.com
    O17 - HKLM\Software\..\Telephony: DomainName = mumbai.ongcl.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EE93C8B8-C329-4C20-AC17-9A6E663D96C7}: NameServer = 203.94.227.70 203.94.243.70
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mumbai.ongcl.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mumbai.ongcl.com


    I get a home page www.up-search.com. Although I tried to remove all references to this page through 'highjackthis' but as soon as I restart my computer, it appears again. The links added to 'favourites' folder still exist there.

    Hope you will help me to solve my problem without reformatting the hard disk.

    Thanks again.
     
  9. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    Re: unwanted homepage

    To proceed with your HijackThis log, Run HijackThis again and put a CheckMark next to these entries and Click on Fix Checked.
    Please make sure that all Internet Explorer and Windows Explorer windows are closed.
     
  10. OP
    OP
    bsb

    bsb New Member

    Joined:
    Nov 22, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    0
    at last!!!!

    Problem solved. Thanks a lot. :D

    By the way, how serious was it? Do u think the hijacker could have copied down my passwords etc.?
     
Thread Status:
Not open for further replies.

Share This Page