Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Get Rid Of Iehompages.com


  • Please log in to reply
5 replies to this topic

#1 JPD

JPD

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 30 October 2006 - 09:55 AM

My parents called me the other day to say that when they started IE they were getting a virus warning come up. I went over yesterday to take a look, the virus warning was coming from iehomepages.com and not AVG. I did some checks and discovered windows update had been turned off and someone had removed zonealarm!!!

The first thing i did was a full system scan with AVG after updating it, it identified one problem and provided the link to the AVG site for the removal tool, which i duly ran. I then ran spybot search and destroy and adaware, updated windows, turned on auto updates for windows and avg and installed zonealarm. Finally i ran AVG, spybot and adaware again - all came up clean.

However i still get internet explorer redirecting to iehompages.com and the "security" alert trying to get me to download what i assume to be some dodgy bit of software. I am now at a loss as to what step i should take next, i am loathed to take it to a computer repair place as i have the confidence to do whats required providing i know what i need to do.

Any help would be appreciated.

Thank you in advance.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:47 AM

Posted 30 October 2006 - 02:22 PM

Hello JPD

What OS (Win XP/2000, etc) are your parents using? If they are using Win XP or 2000, do this.

First, print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download, install and update AVG Anti-Spyware 7.5. DO NOT perform a scan yet.
Print out the and follow the AVG Anti-Spyware Install-Scan Instructions for installing and upating.
DO NOT perform a scan yet.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.

Go here and follow the instructions for using SmitfraudFix. You will have to extract the zip file to you Desktop.
(Click here for information on how to do this if not sure. Win 9x/2000 users click here. If you need an unzipping utility, download 7zip (its free).

After using the tool as instructed, reboot again in "SAFE MODE" and double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Then scan with AVG Anti-Spyware 7.5 per the instructions you printed out and reboot normally.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 JPD

JPD
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 30 October 2006 - 03:37 PM

Sorry forgot to mention OS, they are using win xp home, sp 2.

I have printe dout all the instructions and copied the relevant programs on to a cd, will visit them tomorrow and see if it does the trick :thumbsup:

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:47 AM

Posted 30 October 2006 - 03:44 PM

Ok. While you are at it, also download and save HijackThis 1.99.1. This is a self-extracting version which will automatically install HJT in the proper location if we need to use it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 JPD

JPD
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 01 November 2006 - 09:37 AM

ok all done, here are the reports from smitfraudfix and avg;

SmitFraudFix v2.117

Scan done at 12:01:18.18, 01/11/2006
Run from C:\Documents and Settings\James Davies\Desktop
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:24:38 01/11/2006

+ Scan result:



HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : No action taken.
HKU\S-1-5-21-3813086739-166745521-1182671931-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP533\A0288991.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0289351.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290420.sys -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290421.sys -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290422.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290423.dll -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290424.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290425.dll -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290426.dll -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290427.sys -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290428.dll -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290429.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290430.ini -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290431.dll -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290432.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290433.dll -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290435.dll -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290436.cpl -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290437.dll -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290438.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290440.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290441.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290442.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290443.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290444.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290445.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290446.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290451.dll -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290452.sys -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290502.dll -> Adware.WinAntiVirus : No action taken.
C:\WINDOWS\system32\SpOrder.dll -> Adware.WinAntiVirus : No action taken.
C:\program files\Common Files\Companion Wizard\compwiz.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0290483.exe -> Downloader.Zlob.aew : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP533\A0288918.exe -> Downloader.Zlob.ard : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP533\A0288970.exe -> Downloader.Zlob.ard : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP533\A0288989.exe -> Downloader.Zlob.ard : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP533\A0288998.exe -> Downloader.Zlob.ard : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP533\A0289004.exe -> Downloader.Zlob.ard : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP533\A0289213.exe -> Downloader.Zlob.ard : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP533\A0289265.exe -> Downloader.Zlob.ard : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP533\A0289278.exe -> Downloader.Zlob.ard : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP533\A0289291.exe -> Downloader.Zlob.ard : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0289350.exe -> Downloader.Zlob.ard : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP538\A0292623.exe -> Downloader.Zlob.ard : No action taken.
C:\Documents and Settings\James Davies\Application Data\winantiviruspro2006freeinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP533\A0288992.dll -> Not-A-Virus.Hoax.Win32.Renos.dv : No action taken.
C:\System Volume Information\_restore{E6B01528-7D15-4EAE-A5B6-F30E7AE7D78E}\RP534\A0289349.dll -> Not-A-Virus.Hoax.Win32.Renos.dv : No action taken.


::Report end



Seems to have solved the problem, i deleted all items found by AVG. Should i run any further checks such as hijack this?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:47 AM

Posted 01 November 2006 - 12:14 PM

FYI: If you use AVG Anti-Spyware in the future, do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken" (as it shows in the one you posted), making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.

If the pop up alerts are gone and everything is running fine, the last thing to do is SET A NEW RESTORE POINT to prevent reinfection from an old restore point. Any malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to set a new RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users