Help Am I Hijacked 2

  critt 21:22 04 Mar 08
Locked

Hi All,
I originaly posted this a week or so back and ticked the resolved box because I thought it was, It is not, the problems are back.
When I open IE7 or FF I get extra web pages opening themself.
After some advise on here I downloaded Superantispyware and A-squared, updated them,ran them in safe mode, all appeared to be ok.
Next time at the computer everything back, I've since turned off system restore re run as before re-booted and turned system restore back on but still problems a couple of the URL's are
www em pc on interet com
www celldorado com
I have googled these and the fixes seem complicated, any help advise appreciated.
Critt

  VoG II 21:44 04 Mar 08

Run HJT click here then post your log on the Malware Removal forum click here

Be patient - they are always busy.

  STREETWORK 21:51 04 Mar 08

Before running any anti-spyware, etc, turn off system restore first. The reason is because some things can reside within the files used by system restore and not get picked up during a scan...

  VoG II 21:53 04 Mar 08

Nope - always better to have a SR point to restore to, even if infected.

  skidzy 21:59 04 Mar 08

Best advice is to follow VoG™'s recommendation's.

However you could try this;

Download the SmitfraudFix click here

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows.


Warning : running option #2 on a non infected computer will remove your Desktop background.

If you have already posted a hjt log at MWR and you decide to run the SmitfraudFix...and you still have problems...you will need to post a new HJT log at MWR.

  critt 23:44 04 Mar 08

Hi,
I ran the Smitfraudfix first to see if it would cure the problem, I had seen this advised on some other sites so thought I would try it.
Unfortunately it did not cure the problem.
I have now posted on the Malware removal forum.
Thanks for the advise.
Critt

  Mac70 15:04 05 Mar 08

What name are you using there?

  critt 16:39 05 Mar 08

Hi,
User name tracemate, easy for me to remember my only claim to fame, I invented it.
Cheers
Gary

  critt 16:44 05 Mar 08

Sorry,
Thread called.
Hijacked, Extra Web Pages Opening on Their Own.
First set of instructions already posted, will start when I get home.
Gary

  skidzy 18:11 05 Mar 08
  Mac70 20:43 05 Mar 08

km already got it. Youll soon be clean.

This thread is now locked and can not be replied to.

Sniper Elite 4 review: Headshotting Nazis has never felt so good

1995-2015: How technology has changed the world in 20 years

The Best Design, Illustration, Animation and VFX Awards of 2017

WWDC 2017 dates: How to get WWDC 2017 tickets, when is WWDC 2017 and more details announced