• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Shike

Browser hijack

2 posts in this topic

It got me... and I've been trying to get rid of it for the last 5 days!

 

Ran Ad-aware6 (using custom settings suggested), Spybot1.3, About:Buster1.7 and even Spyware Eliminator3.0. Can anyone advise? Thanks in advance.

 

Here's the log from HijackThis:

 

Logfile of HijackThis v1.98.0

Scan saved at 6:08:46 PM, on 7/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Aluria Software\ASE\ASEserv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\WINDOWS\System32\dxb.exe

C:\WINDOWS\System32\win32snd.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\System32\wumdasti.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\Program Files\Aluria Software\EPS\eps.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\odjiwjf.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe

C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\ALGAE\My Documents\My Downloads\TSHOOT\HIJACKDIS\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ALGAE\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ALGAE\LOCALS~1\Temp\sp.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ALGAE\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ALGAE\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ALGAE\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ALGAE\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {39795B6B-6B36-41EB-B56D-BB4206EFDEBA} - C:\WINDOWS\System32\amaimb.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [Window5 Update] dxb.exe

O4 - HKLM\..\Run: [Win32 Sound Config] win32snd.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [Microsoft Updates] wumdasti.exe

O4 - HKLM\..\Run: [Microsoft Update] SCVHOSTXP.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Aluria's Pop-Up Stopper] C:\Program Files\Aluria Software\EPS\eps.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Microsoft Sinsup] odjiwjf.exe

O4 - HKLM\..\RunServices: [Microsoft Update] SCVHOSTXP.exe

O4 - HKLM\..\RunServices: [Window5 Update] dxb.exe

O4 - HKLM\..\RunServices: [Win32 Sound Config] win32snd.exe

O4 - HKLM\..\RunServices: [Microsoft Updates] wumdasti.exe

O4 - HKLM\..\RunServices: [Microsoft Sinsup] odjiwjf.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Window5 Update] dxb.exe

O4 - HKCU\..\Run: [Win32 Sound Config] win32snd.exe

O4 - HKCU\..\Run: [Microsoft Updates] wumdasti.exe

O4 - HKCU\..\Run: [Microsoft Sinsup] odjiwjf.exe

O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Personal Coach.lnk = ?

O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html

O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe

O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://my.msn.com

O14 - IERESET.INF: MS_START_PAGE_URL=http://my.msn.com

O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactive Training\O10C\mitm0026.cab

O18 - Filter: text/html - {9154E96A-25F0-44E1-8EDC-7E0C26849AC6} - C:\WINDOWS\System32\amaimb.dll

O18 - Filter: text/plain - {9154E96A-25F0-44E1-8EDC-7E0C26849AC6} - C:\WINDOWS\System32\amaimb.dll

 

Log from About:Buster (run at safe mode):

 

-- Scan 1 --------

About:Buster Version 1.27

Attempted Clean Of Temp folder.

Pages Reset... Done!

 

-- Scan 2 --------

About:Buster Version 1.27

Attempted Clean Of Temp folder.

Pages Reset... Done!

Share this post


Link to post
Share on other sites

I was able to get rid of this hijacker. I followed several instructions.

 

1) I set Ad-Aware custom scan based on these instructions: http://forums.spywareinfo.com/index.php?showtopic=11150

 

2) I re-installed Spybot S&D 1.3 and set Teatimer on and silent pop up blocking.

 

3) I made sure I had the most recent releases of 'Hijack This', 'About:Buster' and 'CWShredder' AWA the most current virus definitions for NAV.

 

4) I went into the registry and exported it as a backup then scanned for the 'about:blank' and '...sp.html' values. I deleted each registry value. I turned off system restore which flushed all restore points.

 

5) I booted into safe mode then ran the following in this order:

 

a) Norton AV full scan (no findings)

b) Ad-Aware (found 9 entries all relating to possible hijackings; I had it all fixed)

c) Spybot (no findings)

 

6) I re-started PC and booted into safe mode again and ran the following in this order:

 

a) Hijack This scan and fixed all the entries relating to '...SP.HTML' and '...About:Blank'

 

b) About:Buster (no findings)

 

c) CWShredder which fixed my IE startpage entries.

 

I re-started and booted into normal mode. I checked the properties of the IE icon to see what my startpage was... it was what I wanted.

 

I launched IE and played around a little. Spybot Teatimer prompted for permission to allow or deny change to registry followed by change to startpage. I denied both.

 

I closed IE and used Ad-Aware to scan. It found 4 entries related to possible hijacking. I had them deleted. Spybot reported DSO exploit which I ignored. Ran Hijack This and again fixed entries relating to 'About:Blank' and '...sp.html'.

 

I launched IE again which went to my preffered startpage. Closed it down and launched again. It didn't go to About:Blank.

 

After observing that the 'About:Blank' hijack occured again under my wifes logon... I took the same steps described above under her profile.

 

All these things I did last Thursday (07.15.04). About:Blank hasn't occured again. Spybot Teatimer prompts us once in a while about changes (not related to About:Blank) which we deny.

 

By Saturday night, I felt confident enough to create a restore point.

 

I hope this helps others get passed the 'About:Blank' hijack.

 

Aloha.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0