Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection that slow down my internet connection


  • Please log in to reply
7 replies to this topic

#1 Pat(rick)

Pat(rick)

  • Members
  • 477 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:05:05 PM

Posted 28 November 2011 - 03:55 PM

Hello, my parents were using the computer and I don't know what they install and now the internet connection is slow.

I can't even get on Google.com
Looks like the page was been redirected.

I scanned with Avast and nothing is detected. With MBAM, it detected around 30 infections and I will post the log below:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8251

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/28/2011 3:41:28 PM
mbam-log-2011-11-28 (15-41-28).txt

Scan type: Quick scan
Objects scanned: 194663
Time elapsed: 1 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 30

Memory Processes Infected:
c:\program files\registry helper\registryhelperservice.exe (Rogue.RegistryHelper) -> 1796 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Registry Helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RegistryHelper.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Registry Helper Service (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry Helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\registry helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\registry helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\Desktop\registry helper.lnk (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\advisorletters.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\background.jpg (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\delete_invalid_entries_grey.jpg (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\errorfound.wav (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\header.gif (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\help.chm (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\iehandler.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\letter.htm (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\letter1.htm (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\letter2.htm (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\letter3.htm (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\letter4.htm (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\letter5.htm (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\logo.jpg (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\print_16.gif (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\registry helper screen saver setup.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\registry helper.url (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\registryhelper.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\registryhelperbundle.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\registryhelperservice.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\registryhelpersetupcb.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\registryhelpersetuptr.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\registryhelperuninstaller.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\Starter.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\uninst.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\program files\registry helper\vbrun60sp5.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\registry helper\registry helper help.lnk (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\registry helper\registry helper.lnk (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\registry helper\visit our website.lnk (Rogue.RegistryHelper) -> Quarantined and deleted successfully.



I suspect there are still infections because the internet connection is very slow.

Edited by Pat(rick), 28 November 2011 - 03:56 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:05 PM

Posted 28 November 2011 - 03:56 PM

Can you perform a complete scan?

#3 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 477 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:05:05 PM

Posted 28 November 2011 - 08:53 PM

Hello this is the full scan log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8251

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/28/2011 5:05:15 PM
mbam-log-2011-11-28 (17-05-15).txt

Scan type: Full scan (A:\|C:\|D:\|F:\|)
Objects scanned: 261431
Time elapsed: 1 hour(s), 2 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


nvm.. i think everything is back to normal.

Edited by Pat(rick), 29 November 2011 - 07:03 PM.


#4 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 477 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:05:05 PM

Posted 30 November 2011 - 12:56 AM

No No I was wrong, everything is not back to normal. I found another issue.

I scanned with SUPERantispyware in complete scan but it still didnt fix the issue. When opening a new tab, it redirects me to my.freeze.com!

This is the scan log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/29/2011 at 11:47 PM

Application Version : 5.0.1136

Core Rules Database Version : 7995
Trace Rules Database Version: 5807

Scan type : Complete Scan
Total Scan Time : 00:32:31

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 552
Memory threats detected : 0
Registry items scanned : 37656
Registry threats detected : 0
File items scanned : 29111
File threats detected : 122

Adware.Tracking Cookie
C:\Documents and Settings\Patrick\Cookies\J12S969Y.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\Patrick\Cookies\QL5F30SM.txt [ /banners2.battleon.com ]
C:\Documents and Settings\Patrick\Cookies\GHV8QWI5.txt [ /www.riverbelle.com ]
C:\Documents and Settings\Patrick\Cookies\FZ9D0Z1V.txt [ /dmtracker.com ]
C:\Documents and Settings\Patrick\Cookies\UOA3GTY5.txt [ /ads.adk2.com ]
C:\Documents and Settings\Patrick\Cookies\OFXFZUPE.txt [ /sales.liveperson.net ]
C:\Documents and Settings\Patrick\Cookies\A9SXIGBM.txt [ /riverbelle.com ]
C:\Documents and Settings\Patrick\Cookies\NRJ2FWAC.txt [ /casalemedia.com ]
C:\Documents and Settings\Patrick\Cookies\AQZXA957.txt [ /dealfind.com ]
C:\Documents and Settings\Patrick\Cookies\2IDBFUVT.txt [ /media-mgmt.armorgames.com ]
C:\Documents and Settings\Patrick\Cookies\RANLLRRS.txt [ /kontera.com ]
C:\Documents and Settings\Patrick\Cookies\B6D9SQ9W.txt [ /mm.chitika.net ]
C:\Documents and Settings\Patrick\Cookies\XA0RIM8G.txt [ /c.gigcount.com ]
C:\Documents and Settings\Patrick\Cookies\Q0A64232.txt [ /adserver.adreactor.com ]
C:\Documents and Settings\Patrick\Cookies\NISBHFPK.txt [ /server.cpmstar.com ]
C:\Documents and Settings\Patrick\Cookies\6DX8RX68.txt [ /banners.dragonfable.com ]
C:\Documents and Settings\Patrick\Cookies\S2BYQ9XY.txt [ /ads.monster.com ]
C:\Documents and Settings\Patrick\Cookies\T20SBYFB.txt [ /adcentriconline.com ]
C:\Documents and Settings\Patrick\Cookies\P92AOM8L.txt [ /legolas-media.com ]
C:\Documents and Settings\Patrick\Cookies\VHNLXS6A.txt [ /media6degrees.com ]
C:\Documents and Settings\Patrick\Cookies\S41CS9M1.txt [ /banners.battleon.com ]
C:\Documents and Settings\Patrick\Cookies\6JEUU5A8.txt [ /banner.grandreefcasino.com ]
C:\Documents and Settings\Patrick\Cookies\PH3BFAE3.txt [ /invitemedia.com ]
C:\Documents and Settings\Patrick\Cookies\LH0ADQF0.txt [ /rts.pgmediaserve.com ]
C:\Documents and Settings\Patrick\Cookies\1CYIDBTL.txt [ /www.partypoker.com ]
C:\Documents and Settings\Patrick\Cookies\1XU8Z33C.txt [ /yieldmanager.net ]
C:\Documents and Settings\Patrick\Cookies\NLQG1SL1.txt [ /networldmedia.net ]
C:\Documents and Settings\Patrick\Cookies\0BI7Y5F9.txt [ /adknowledge.com ]
C:\Documents and Settings\Patrick\Cookies\S1Y38HMB.txt [ /tracking.hostgator.com ]
C:\Documents and Settings\Patrick\Cookies\P0UZRO89.txt [ /mediabrandsww.com ]
C:\Documents and Settings\Patrick\Cookies\2YOA1ABI.txt [ /ad-indicator.com ]
C:\Documents and Settings\Patrick\Cookies\7DRD83PH.txt [ /adserver.twitpic.com ]
C:\Documents and Settings\Patrick\Cookies\844KII9O.txt [ /aqstats.com ]
C:\Documents and Settings\Patrick\Cookies\W3WGJTR5.txt [ /ads.ookla.com ]
C:\Documents and Settings\Patrick\Cookies\LU8BHQT4.txt [ /mediafire.com ]
C:\Documents and Settings\Patrick\Cookies\1AMVXUX3.txt [ /ads.ad4game.com ]
C:\Documents and Settings\Patrick\Cookies\DYLGQQCA.txt [ /realmedia.co.kr ]
C:\Documents and Settings\Patrick\Cookies\5KZJNVVU.txt [ /ads.networldmedia.net ]
C:\Documents and Settings\Patrick\Cookies\N5Y7FI3O.txt [ /ar.atwola.com ]
C:\Documents and Settings\Patrick\Cookies\0UJR7218.txt [ /accounts.google.com ]
C:\Documents and Settings\Patrick\Cookies\1WNIC5FH.txt [ /questionpro.com ]
C:\Documents and Settings\Patrick\Cookies\JIJI7YJO.txt [ /yadro.ru ]
C:\Documents and Settings\Patrick\Cookies\1566RVH5.txt [ /rogersmedia.com ]
C:\Documents and Settings\Patrick\Cookies\UN4FU7F5.txt [ /atdmt.com ]
C:\Documents and Settings\Patrick\Cookies\B7FB1LDM.txt [ /at.atwola.com ]
C:\Documents and Settings\Patrick\Cookies\XRO5WNNL.txt [ /pointclicktrack.com ]
C:\Documents and Settings\Patrick\Cookies\JGYWGYRJ.txt [ /content2.kitnmedia.com ]
C:\Documents and Settings\Patrick\Cookies\AQ7ZVJJO.txt [ /a.websponsors.com ]
C:\Documents and Settings\Patrick\Cookies\DGWZZTSM.txt [ /revsci.net ]
C:\Documents and Settings\Patrick\Cookies\XXMUKS8L.txt [ /bellcan.adbureau.net ]
C:\Documents and Settings\Patrick\Cookies\DPXYMIJP.txt [ /ads.networldmedia.net ]
C:\Documents and Settings\Patrick\Cookies\LNBSUS3F.txt [ /ads.carocean.co.uk ]
C:\Documents and Settings\Patrick\Cookies\3VOM5GZI.txt [ /vitamine.networldmedia.net ]
C:\Documents and Settings\Patrick\Cookies\XMDEUGGN.txt [ /clickboothlnk.com ]
C:\Documents and Settings\Patrick\Cookies\P4KIGGOG.txt [ /liveperson.net ]
C:\Documents and Settings\Patrick\Cookies\QF3U0EX1.txt [ /partypoker.com ]
C:\Documents and Settings\Patrick\Cookies\IEW94S9W.txt [ /realmedia.com ]
C:\Documents and Settings\Patrick\Cookies\LTIZV1PS.txt [ /ad.piximedia.com ]
C:\Documents and Settings\Patrick\Cookies\BWOEP25S.txt [ /lucidmedia.com ]
C:\Documents and Settings\Patrick\Cookies\2NRUZFX9.txt [ /in.getclicky.com ]
C:\Documents and Settings\Patrick\Cookies\GNALZGUH.txt [ /virtualteen.org ]
C:\Documents and Settings\Patrick\Cookies\UM3R1SCB.txt [ /ads.crossmedia.co.kr ]
C:\Documents and Settings\Patrick\Cookies\LG523DEA.txt [ /horyzon-media.com ]
C:\Documents and Settings\Patrick\Cookies\0O5C3J2A.txt [ /richmedia.yahoo.com ]
C:\Documents and Settings\Patrick\Cookies\EAYEM20D.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\Patrick\Cookies\HNUF8GCZ.txt [ /anrtx.tacoda.net ]
C:\Documents and Settings\Patrick\Cookies\W2IZELHK.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\Patrick\Cookies\A9RWCO51.txt [ /statcounter.com ]
C:\Documents and Settings\Patrick\Cookies\D8RZN1RS.txt [ /interclick.com ]
C:\Documents and Settings\Patrick\Cookies\TYOSSIYL.txt [ /path-tracker.com ]
C:\Documents and Settings\Patrick\Cookies\8ONLNGEY.txt [ /v11media.com ]
C:\Documents and Settings\Patrick\Cookies\SP78Z2V8.txt [ /www.path-tracker.com ]
C:\Documents and Settings\Patrick\Cookies\2YWB8QDV.txt [ /xiti.com ]
C:\Documents and Settings\Patrick\Cookies\9VG4DUWN.txt [ /adxpose.com ]
C:\Documents and Settings\Patrick\Cookies\5N033P7T.txt [ /questionpro.com ]
C:\Documents and Settings\Patrick\Cookies\WNP1VM4V.txt [ /weborama.fr ]
C:\Documents and Settings\Patrick\Cookies\M9F2KONW.txt [ /www.virtualteen.org ]
C:\Documents and Settings\Patrick\Cookies\CJBD8NMD.txt [ /viewablemedia.net ]
C:\Documents and Settings\Patrick\Cookies\8HHV3LT7.txt [ /a.websponsors.com ]
C:\Documents and Settings\Patrick\Cookies\ECOYQ2BR.txt [ /cnam.solution.weborama.fr ]
C:\Documents and Settings\Patrick\Cookies\TYN7049U.txt [ /adserver.futura-sciences.com ]
C:\Documents and Settings\Patrick\Cookies\Y1U7PTUA.txt [ /stats.justhost.com ]
C:\Documents and Settings\Patrick\Cookies\ZP37JBTS.txt [ /ad.jmg.com ]
C:\Documents and Settings\Patrick\Cookies\PDTLTQZI.txt [ /media303.com ]
C:\Documents and Settings\Patrick\Cookies\9R47LB37.txt [ /collective-media.net ]
C:\Documents and Settings\Patrick\Cookies\UEVN2HBA.txt [ /ads.pgatour.com ]
C:\Documents and Settings\Patrick\Cookies\9TY3I0U7.txt [ /bouyguestelecom.solution.weborama.fr ]
C:\Documents and Settings\Patrick\Cookies\LSRM4MPU.txt [ /liveperson.net ]
C:\Documents and Settings\Patrick\Cookies\JRWEPRA1.txt [ /ad.wsod.com ]
C:\Documents and Settings\Patrick\Cookies\VM01LOVZ.txt [ /doubleclick.net ]
C:\Documents and Settings\Patrick\Cookies\PM602RF3.txt [ /banners.mechquest.com ]
C:\Documents and Settings\Patrick\Cookies\9FKHYF58.txt [ /boursoramabanque.solution.weborama.fr ]
C:\Documents and Settings\Patrick\Cookies\2259AKFI.txt [ /dc.tremormedia.com ]
C:\Documents and Settings\Patrick\Cookies\23LZJDVC.txt [ /adtech.de ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\LWBAVJZY.txt [ Cookie:guest@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\B75FKCBK.txt [ Cookie:guest@sympatico.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\3GOOA67P.txt [ Cookie:guest@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\7K0SPYWZ.txt [ Cookie:guest@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\X14NIALW.txt [ Cookie:guest@adcentriconline.com/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\GI9C3CDH.txt [ Cookie:guest@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\0XXIHFMM.txt [ Cookie:guest@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\RVKDGPKC.txt [ Cookie:guest@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\D8EGQ2G9.txt [ Cookie:guest@h.atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\VEVU6D3N.txt [ Cookie:guest@c.atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\5IC1R4HF.txt [ Cookie:guest@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\GUEST\Cookies\C19BYE9U.txt [ Cookie:guest@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\PATRICK\Cookies\IWBCBP9C.txt [ Cookie:patrick@lifestyle.ca.msn.com/love-sex-relationships/ ]
C:\DOCUMENTS AND SETTINGS\PATRICK\Cookies\OS7Q6X2I.txt [ Cookie:patrick@www.google.com/accounts ]
C:\DOCUMENTS AND SETTINGS\PATRICK\Cookies\7KI8NF29.txt [ Cookie:patrick@msn.com/love-sex-relationships/ ]
C:\DOCUMENTS AND SETTINGS\PATRICK\Cookies\LK2874OQ.txt [ Cookie:patrick@adsonar.com/adserving ]
.nhl.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PDSW9Q9M.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PDSW9Q9M.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PDSW9Q9M.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PDSW9Q9M.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PDSW9Q9M.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PDSW9Q9M.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PDSW9Q9M.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GUEST\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PDSW9Q9M.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\PATRICK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\PATRICK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\PATRICK\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Heur.Agent/Gen-FakeIE
C:\WINDOWS\IE7UPDATES\KB958215-IE7\IEXPLORE.EXE




In IE, when I open a new tab, i got this address:
http://my.freeze.com/NA_newtab_i_IE.html?fr=freeze&type=W3i_NA,173,0_0,Tab%20Search,20111149,16979,0,6,0

This is what I got Like in this video at 0:45

The only difference is IT IS NOT in my Add&Remove programs. I can't remove the NetAssistant!


I did a full scan with Avast and nothing is found.


Nvm... I found the solution. The tab was just hijacked.

Edited by Pat(rick), 30 November 2011 - 01:28 AM.


#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:05 PM

Posted 30 November 2011 - 03:03 PM

Hijacked with what?

#6 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 477 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:05:05 PM

Posted 30 November 2011 - 04:06 PM

with a my.freeze.com software, but MBAM detected it and removed it. For the hijacked tab page, i just followed microsoft solution and replace the freeze.com link to res://ieframe.dll/tabswelcome.htm in the regedit

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:05 PM

Posted 30 November 2011 - 04:11 PM

Thanks for posting the solution.

#8 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 477 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:05:05 PM

Posted 30 November 2011 - 04:49 PM

I think I will quote the solution here for whoever has the same issue as me

DISCLAIMER:

Modifying REGISTRY settings incorrectly can cause serious problems that may prevent your computer from booting properly. Microsoft cannot guarantee that any problems resulting from the configuring of REGISTRY settings can be solved. Modifications of these settings are at your own risk.

1. Click Start

2. In ‘Start Search’ type regedit, press Enter (provide administrative credentials if prompted)

3. Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

4. Right-click Tabs, then click Modify…

5. Change the “Value data:” to:

res://ieframe.dll/tabswelcome.htm

6. Click OK

Now go back into Internet Explorer and make sure that under Tabs settings and under the category “When a new tab is opened, open:” you have it set for “The new tab page”.



This should resolve the issue. Get back to us with your results so that we can further assist you if need be.

Brian
Microsoft Answers Support Engineer
Visit our Microsoft Answers Feedback Forum and let us know what you think.

By Brian-Support Engineer




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users