The situation is this:
Every time IE is opened, the home page is set to about:blank, but it’s not blank. The page is a search page that takes on Microsoft logos in order to “officiate” itself. You can tell it’s not microsoft because the quick search-links on the bottom contain stuff like “viagra”, “breast enlargment”, “online dating”, and the like.
Random executible files are opened. I used ProcView to kill the processes and delete them, but they keep coming back every restart.
Speaking of restarts, every time I do that and open IE some porn links get added to my favourites folder. The /windows/ and /windows/system/ folders contain newly created executible files (I can tell they’re new by their “Date modified” property)
Spybot S&D turns up changed registry values under the category “Deep blue nuker” or something like that. It can remove them when I run the computer on Safe Mode, but the next restarts spawns them again.
If anyone can specifically diagnose this threat, or has any tools specifically designed for this threat, or any tools better than Spybot S&D, Ad-aware, and Hijack This, I’m all ears (or eyes, whatever).
You might have a CoolWebSearch variant. Try CWShredder.
There are forums where people specifically just sit there and help you remove spyware/malware (for free). I don’t have the URLs, but I came across them last time I tried removing a quite insidious worm. Do a Google search and you’ll come across them (just search for HijackThis will probably do the trick).
I have the exact same problem Cless, nothing I try works. My dad had the same problem and couldn’t do a thing, he even payed for some software but it didn’t work. In the end he just formatted his whole laptop, at the moment I’m holding off from that cause I really don’t want to, but I might have to if I can’t get rid of it all.
You need to run all your programs in safe mode.
You need to downgrade and remove IE. Seriously. ActiveX is what got you into this, and there is no fucking reason to be using IE anymore. I don’t care if you like it, i don’t care if you have a vendetta against FireFox, it doesn’t fucking matter. IE is a hazard anymore. Go to Start > Control Panel > Add or Remove Programs > Add or Remove Windows Components > Internet Explorer. You can’t remove it, just downgrade it so far that spyware can’t use it effectively.
You pretty much need to do everything anyone tells you to do about spyware in safe mode. The reason is that in normal mode, the spyware could have something running even as you are deleting it. Since it was running, it could not be deleted, and is free to re-install the spyware.
You need to run CWS shredder.
You need to check your firstboot folder. This is the folder of executables that runs every time windows is booted. Delete anything that isn’t legit from this folder. This folder is largely unneccessary anyway. This folder is located at: C:\Documents and Settings[your username or all users]\Start Menu\Programs\Startup.
If possible, you need to (in safe mode) go through your registry and look for ANYTHING related to these programs. The issue is that even after you’ve cleaned, and even if you’ve done it in safe mode, the registry could have been edited to have the programs re-install themselves. You edit your registry by going to “run” on the start menu, and typing “regedit”. Then, go to “My Computer:HKEY_LOCAL_USER:SOFTWARE”. Remove keys that belong to spyware programs.
Google anything you are unsure of.
Usually when an infestation is this bad, you need to format. =\ Even if you get the machine back to a workable state, it will never run the same.
I absolutely hate Firefox and refuse to use it, and if you decide to make IE unusable (assuming you’re using xp) just go into add and remove programs, set programs access and defaults, custom, and remove the check next to Internet explorer. My reccomendations are running:
It’s Firefox, by the way, not FireFox.
HH: If you hate it, maybe you should look into installing a couple of extensions that would mirror the behaviour you’re looking for. Firefox is almost literally infinitely customizable.
I don’t think you have to entirely uninstall or remove IE, just not use it as your main browser.
I’m not so tech-knowledge-free as to not run Spybot, Adaware, Hijack this, and do a registry/msconfig start up check in safe mode first However, following you guys’ advice, I also did a CWShredder check. Looks like it is caused by a CWS trojan, but I still can’t remove it. I know I don’t have to use IE, but it’s really annoying to have IE put porn links in my favourites every time I restart and to have to keep denying a couple of programs permission to access the internet through my firewall every time I restart. Nothing really changes except the aforementioned porn links, random programs, and IE and Windows Explorer become a little slower once in a while.
If I remove IE, can I reinstall it easily?
Also, is there a Autologin plugin for Firefox?
Xelo, I love you forever, but I have to edit your post to correct the link.
<h1>CWS = PWNED</h1>