Browser (IE 7.0) hijacked. Need help.

I'm reasonably computer literate, but not technically savvy. BF knows a helluva lot more than I and we spent 6 hours on this Friday 1/2/09.

Have managed to download (free version of) Ad Aware 2008 and MS Live OneCare, both of which have cleaned up numerous nasties, but IE is still not allowing access to any anti-virus programs or MS Defender.

This is a new computer (08/08) that was SUPPOSED to have anti-virus stuff on it. Obviously it didn't. Any suggestions? Recommendations?


TG, stumped

First turn off system restore.

Then download, install, update and run Super AntiSpyware.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

I have not tried accessing it with the system restore turned off. What happens if I do that?

By the way, even if it doesn't help, THANK YOU very much for responding!



TG

I get the standard "Internet Explorer could not. . . ." blah blah blah.

If you found that service (and you did) you should have disabled it, rebooted and then you should've been able to download the software you were trying to download to fix the problem. Nobody has suggested Malwarebytes Anti-malware but it is also excellent. Let us know what happened.

most people here are quick to recommend third party software,
sometimes there are better solutions than software and most
of the time software don't really solve the problem.

anything anti-spy or anti-virus software. One thing to check is right click on My Computer. Select Device Manager. Go to View, Show hidden devices. Scroll through those hidden (system) devices and see if you find a device called TDSSserv.sys. If you find something with that name disable it. Reboot your computer. You should then be able to download AV and access the necessary software. Make sure you update the definitions!

On edit: The System Restore files are probably infected which is why it was suggested to turn it off. I would turn it off and reboot.

"Terminal Server Device Redirector"

I will try turning off the System Restore and see what happens. Wish me luck!


TG

See if you can access this site:
http://www.funkytoad.com/

If so, download HostsXpert and install it. Run the program and then click the "Restore MS hosts file" button.

You can also try booting into safe mode and then running your virus & spyware scans.

I'll try to reach funky toad and see if that helps.


Edited to add:


Okay, I reached funkytoad.com but I have absolutely no clue what any of that "stuff" means! Can you translate into 'virus-protection-for-dummies'-speak? ;-)


TG

edited to add --

I took a big chance and downloaded HostXpert, did the MS restore thing, and it's still not fixed.


TG

from one of these sites:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

http://siri.geekstogo.com/SmitfraudFix.exe

http://downloads.securitycadets.com/SmitfraudFix.exe

http://www.snapfiles.com/download/dlsmitfraudfix.html

To clean your system:
Reboot your computer in Safe Mode (tap the F8 key about once per second during startup)

Double-click SmitfraudFix.exe

Select 2 and hit Enter to delete infect files.

You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

A reboot may be needed to finish the cleaning process. A report can be found at the root of the system drive, usually at C:\rapport.txt

of course it gave me a reason to use Ubuntu Ultimate Linux full time :)

Now it's 3 Win xp pro & two Linux's (roommate doesn't like change...)

EDIT: I'll bookmark this for later!

your problem is web search, web search can prevent windows IE from
accessing the web by hijacking your browser.

Its a little bit too technical to address this problem, but you
need to go into your registry...

WARNING!

This is where you need to have an idea of what you're doing otherwise
you'll screw up your machine for good.

click on start and go to Run and type regedit...

then click on HKEY CURRENT USER and click on SOFTWARE, then
look for microsoft, then windows and currentVersion....
web search should be there somewhere.

Find it and delete it, then go to uninstall and do
the same thing...

You need tto go through and find web search and delete it from
your register.

Then click on start and Run and type cmd...

type CD\ which takes you into your c: drive
type CHKDSK /F/R enter... then type yes and
then exit.

restart your machine and it will run through and
fixes any error or bad sector.

I don't recommend using third party software, stay
away from them.


NB

Once you get connection to the web go to windows update and
update your security patches, you can go to Microsoft websites and
get there latest security patch and download it, always remember to
do windows update.

Peace!!