Re: browser hijacker (I think)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

| Hi All
| My friend's WinXP SP1 machine has Microsoft Anti-Spyware Beta (latest
| updates), AVG 7.0 free (latest updates) and the built-in firewall on, but
| has been infested with some kind of virus/trojan that does the following:
| 1) Always tries to bounce their browser to
| 2) Shows bogus pages in their browser asking them to send login details such
| as Tiscali, etc
| 3) Fills their hosts file with hundreds of crap web sites
| I've MS Anti-Spywared it, AdAware-d it, SpyBot-ed it, AVG 7-d it,
| CoolWebShredded it, looked in the Add/Remove Progs and the MSConfig startup
| list, but I can't get rid of the above problem.
| When I did a HijackThis it found and deleted the offending abosearch
| entries, but then when you restart back they come.
| If possible, could you please let me know of a solution.
| Many thanks.
| Regards Mac


Please consider Cross-Posting ( as I have done in this reply ) instead of
Mult-Posting to
pertinent News Groups.  It also helps to then set a follow-up to one of those
News Groups as
I have set the followup-to;  alt.privacy.spyware ,
This way all replies go to one News Group most apropos to the problem and you
don't separate
answers to the one problem in all different places.

You did not mention the version of Ad-aware and SpyBot.  If you have Ad-aware SE
v1.05 and
SpyBot S&D v1.3 already, ignore the parts about downloading them, just apply the
way of executing them.

Please read the following Microsft URL on "How to perform a clean boot in
Windows XP"

Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

BHODemon --

1)    Download the following three items...

         Trend Sysclean Package

         Latest Trend signature files.

         Ad-aware SE (free personal version v1.05) /


         SpyBot Search and Destroy (v1.3)

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example;

Extract the contents of the ZIP file and place the contents in the same
directory as

2)     Update Ad-aware with the latest definitions.
3)     If you are using WinME or WinXP, disable System Restore
4)     Reboot your PC into Safe Mode and shutdown as many applications as
5)     Using SpyBot S&D, Trend Sysclean and Ad-aware, perform a Full Scan of your
        platform and clean/delete any infectors/parasites found.
        (a few cycles may be needed)
6)     Restart your PC and perform a "final" Full Scan of your platform using
both the
        Trend Sysclean utility and Adaware
7)     If you are using WinME or WinXP,Re-enable System Restore and re-apply any
        System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8)     Reboot your PC.
9)     Execute BHODemon and see if there are any malware Browser Helper Objeccts.
9)     If you are using WinME or WinXP, create a new Restore point

* * Please report back your results * *


Site Timeline