MTM2.com

As my title says, my IE was hijacked (humoursly while i wasnt even using it as my default browser.).

The story goes, i fired up IE to u se its FTP abilities (Cause Avant sucks at FTP) and boom, i was under attack

Tea Timer stopped like 100's of Registry entries, and 4 new processes showed up, each restarting the other.

And lastly, a trojan.nebler showed up, but i didnt find this for a while till notron found it and couldnt fix it.



I've since removed the spyware (easy cause it didnt get my registry) and the virus (which was tough cause no OS could delete it, even linux, always said access denied, so i put it thru spybots shredder)

I did a virus scann and found 2 more viruses dropped off.


So im all cleaned up save for one thing


Internet explorer




Ok you know how viruses like to take over your browser and load some fake windows security page to make u download fake antivirus software to suposedly fix it, i got one of those, and its stuck.

How it goes.


It seems to have taken over my homepage, but not as you might think. I have set my homepage to google (and it accepts it) and google does load, but the instant it gets to "downloading" something redirects it to that fake security page. This only happens when the "Home" command is triggered. The page it loads appears to be located locally. I tried pinging the address... not found..... and it loads the page if i say work offline.


I have tried using windows search to search for text that was on that fake page,m including the address itself. nothing.... I have also searched the registry... nothing.... So my last guess is the iexplore.exe file itself is comprimised.

I thought maybe a reinstall of IE might fix it, afterall, thats how u did it in windows 9x.


But to my suprise (not really), XP doesnt have the simple way of choose IE from the add remove programs list, clicking uninstall, and choosing the reinstall option.


I tried MS's website and a few others, I cant find my version of IE

IE 6 SP2

Closest is SP1. WHich of course i cant isntall cause it complains its an older version.


Does anyone know a place to downloada fresh version of my version of IE? or have some other solution to fix this?


I dont know the spywares name, it didnt get far enough b4 i was alrdy in safe mode putting the shredder on the files that started up.

I dunno what your problem is but I have two things to suggest looking into, BHOs and the hosts file.

If you start up Spybot Search and Destroy in advanced mode and look in the tools section under BHOs you should see any Browser Helper Objects that may be installed.

There is also a section devoted to the hosts file. The hosts file (research it online) is a simple text file in your Windows folder that can be used to redirect web addresses (like, you type google and end up at zoogle).

Ok, ill try that when i get home, and this hosts file, i never tried setting my homepage to something else and seeing if it works. I just always use google.ca

Thanks wint, it was the BHO thing.


and thank you spybot, some day if i every make some money, im gonna donate lol.

Cool. I agree with all you've said about Spybot Search and Destroy by the way, the author is right near the top of my genius appreciation list and I recommend his software wholeheartedly, it's precisely the sort of free software that free software should be and any compensation that's been sent his way is most appropriate. With that said my Spybot hasn't been updated in about two years and I doubt I fire it up (casually) once in ten months (or anything else like it. I'm bulletproof, baby). However, I have to mention another utility by the same author that I have installed and use almost daily:

Filealyzer
http://www.safer-networking.org/en/filealyzer

It does all sorts of great stuff related to file previews and analysis, after it's installed you just right-click any file to view it. I can't give it a full review just now but it gets my highest approval rating for useful and well behaved free programs. I use it to check file properties (even as far as checksums and and signatures), preview files (safe html viewing), see version info, see import/export dependencies (DLLs), quick hex dumps and text string searches (quickly see a model's raw files), etc.

Note: Just yesterday I was <a href=http://news.com.com/Microsoft+buys+Windows+utility+software+maker/2100-1016_3-6095376.html target=mark>reading</a> about another fellow on my genius appreciation list who also makes <a href=http://www.sysinternals.com target=free>brilliant free software</a>. It's the guy who's famous for uncovering the Sony rootkit thing - he and his company have been absorbed into Microsoft. (My favorite tool of his being Process Explorer.)

Yeah i use file anaylizer as well. Nice for checking exe's.