Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked home page - Bitable.com


  • Please log in to reply
12 replies to this topic

#1 bomber1712

bomber1712

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:10:46 AM

Posted 12 October 2014 - 09:47 PM

HI all.  I have a computer running Win 8.1.  I found and cleaned several issues using MBAM, ADW Cleaner, JRT, ESET.  I have run all of the scans more than once and they are now showing no infections.

 

The one problem remaining is that the IE11 home page is bitable.com.  I have changed it to att.net in the "Internet Options", but each time I open IE11, it tries to go to bitable.com.  I did a full reset of IE11, as well.

 

I am afraid I am dealing with a more advanced infection than I am capable of cleaning.  That, or I am missing something on the home page reset.

 

Any help would be appreciated.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:46 AM

Posted 13 October 2014 - 06:52 AM

Try this...close IE and run CCleaner. Then delete the short cut to IE on your Task Bar. Create a new short cut for IE. 

Let us know if that works.

 

Use CCleaner to cleanup the caches, temporary files, cookies, etc. Pay attention while installing and UNcheck offers of toolbars...especially Yahoo.

No need to use the Registry Cleaning Tool and it has the potential to cause a problem if used.

CCleaner - PC Optimization and Cleaning - Free Download

 

EDIT: Delete short cut and/ or icons on your desktop for IE.

 

If the above doesn't solve the problem, use the program below.

Shortcut Cleaner Download

Shortcut Cleaner is a utility that will scan your computer for Windows shortcuts that have been hijacked by unwanted or malicious software.  When Shortcut Cleaner finds bad shortcuts, it will automatically clean them so that they do not open unwanted programs.

When run, Shortcut Cleaner will scan various locations on your computer for Windows shortcuts.  When a shortcut is detected it will check properties for a possible hijacking. If one is detected, it will automatically clean the shortcut so that it no longer opens the offending program or  web site. When the Shortcut Cleaner has finished scanning your hard drive it will create a log file on your desktop called sc-cleaner.txt and then display it.  This log file will contains a list of all the shortcuts that were detected and cleaned.

As of version 1.2.3, Shortcut Cleaner will also clean hijacked Registry entries associated with known hijackers.


Edited by buddy215, 13 October 2014 - 07:04 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:10:46 AM

Posted 13 October 2014 - 09:41 AM

Thanks for the reply!  I ran CCleaner, again and Shortcut Cleaner.  Unfortunately, I am still getting bitable.com as my home page. 

 

I ran Eset overnight, again, just to be sure.  It found no malicious items.  I'm just stumped! 

 

Any and all suggestions are appreciated!



#4 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:46 AM

Posted 13 October 2014 - 09:55 AM

Shortcut Cleaner produces a log on your desktop. Please post the log.

 

Deleting the shortcut and replacing the shortcut/ Icon worked on other computers. There may be something new.

 

I think it best you do this: (but would still like to see the Shortcut Cleaner log)

Create a DDS log by following the instruction #6 at Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Logs

 

Post the DDS log in a new topic at Virus, Trojan, Spyware, and Malware Removal Logs

 

Once you have posted the new topic describing the problem along with the DDS log, do not bump

the new topic. Wait for a response. Not sure how long it will be...maybe even days...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:10:46 AM

Posted 13 October 2014 - 10:41 AM

Here is the log:

 

Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 http://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 8.1
Program started at: 10/13/2014 10:36:57 AM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Lori\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Lori\Desktop

0 bad shortcuts found.

Program finished at: 10/13/2014 10:36:57 AM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)

 

I will create a new topic with the DDS logs.



#6 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:10:46 AM

Posted 13 October 2014 - 10:50 AM

I am trying to follow the instructions to post a new topic.  I downloaded the DDS.com to my desktop and double clicked to run.  I get an error message:

 

DDS is not meant to run in "Compatibility Mode". The program shall now exit. 

 

Any suggestions?



#7 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:46 AM

Posted 13 October 2014 - 11:03 AM

Post the text from your opening post here along with stating you can't create a DDS log in the new Topic. The crew there

will tell you what to do in their response.

 

Just to be clear...not to beat a dead horse...but did you first try to delete the Icon/ shortcut for IE from your desktop

and then creating a new one?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:10:46 AM

Posted 13 October 2014 - 11:11 AM

Um, sorry, but sometimes beating a dead horse is the solution to the problem!  I created a new shortcut on the desktop and now I have a working shortcut!

 

I was also able to get the DDS to run through CMD with admin rights.

 

The one thing that still bothers me, however, is if I use the "Search" tool in Win 8 to run IE, it will open with bitable.com.



#9 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:46 AM

Posted 13 October 2014 - 11:32 AM

I don't use 8...but if you mean like it was in Win7 where you could click on start and see a list of often used programs...

can't you just right click on that and remove it? Then possibly create it again later or never.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:10:46 AM

Posted 13 October 2014 - 12:00 PM

I did that and it seems to have done the trick, thanks! Computer seems fine, now, but I'm still a little nervous that this thing is still on the computer, but hidden.

 

Any scans or tools you would suggest or should I just move on, knowing that Eset, mbam, et al are clean?



#11 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:46 AM

Posted 13 October 2014 - 12:25 PM

I would say move on....of course, if it comes back you can do the same procedures and post the DDS log in the proper forum.

Happy surfin'!

 

EDIT:  Empty the recycle bin!!


Edited by buddy215, 13 October 2014 - 12:29 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:10:46 AM

Posted 13 October 2014 - 12:44 PM

That sounds like a great plan.  Thanks for all of your help!



#13 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:46 AM

Posted 13 October 2014 - 12:52 PM

You're welcome!


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users