Hi, I started Internet Explorer today, and my default start page was changed to: http://search-click.com/
Also if I try to browse to my router's address by typing 192.168.1.1 it redirects me to: http://www.lookfor.cc/index.php?pin=


If I type http://192.168.1.1 it works fine. I have ran Spybot S&D and Ad-aware as well as fully updated Norton AV. And found no viruses or spyware. Also I got a sex pop-up today when I accessed AO!
Has anybody encountered this same problem, what is going on?? Maybe new spyware which isn't detected by current progs.


thanks

J

On your S&D, Norton, and Ad-aware, have you done the updates and gotten the very latest definitions?

Try here:

http://forums.techguy.org/t186709/s9f3be37c9bd44ee07b3c0787b044f9a6.html

One word of caution...if you go with Hijackthis, be very careful....it is unforgiving if you accidentally delete the wrong thing.

See my post here: http://www.antionline.com/showthread.php?threadid=249856#post674059 This should do it for you.... You may also want to check your Trusted and Restricted sites list for anything weird in Internet Explorer if you use it (Tools, Internet Options).....Good Luck

You might also try:

http://www.webattack.com/get/hostadmin.html

And check what is in your Windows "hosts" folder............some of the more recent stuff hides there.

Cheers

Exactly nihil, that's what my post I mentioned above had to do with. That is most definately the problem.

Wazz: I have deleted all entries in the "hosts" file except the 127.0.0.1 loopback, but I have still got the same problem, what else can I try?

thanks

Try http://www.merijn.org/downloads.html

Get CWShredder and HijackThis (already suggested). Run CWShredder and then re-boot. If yoy still have a problem, run HijackThis, save the log and post it here.

Good Luck

Ok, I should probably do a little Tut on this but I'm to lazy.....so what I usually do is: 1) Make sure you home page is set to Blank (or something you choose), 2) Check your Allowed/Restricted sites list in the Internet Explorer/Security options, 3) Delete All of your cookies manually, 4) Recheck the Hosts file, 5) Check MSconfig for anything fishy, 6) Do a find in the Registry for http://www.lookfor.cc/index.php?pin= or http://search-click.com/ and 6) Hit the system with an Adware and Spybot scan again with the latest Defs. Hopefully, that will do it....if not we'll try to figure something else out.....Good Luck.

Spybot S&D does not get rid of everything CWShredder is an additional tool. Whilst you are on Merijn's site you might as well get "Startup List" as well :) and check what is autostarting on your machine.

Good luck

As jehnx asked..
On your S&D, Norton, and Ad-aware, have you done the updates and gotten the very latest definitions?

If the Spybot S&d isn't scanning for some 11000+ items then you are not even remotely up2date ..

Not saying the info comming from groovicus, Wazz and nihil is not good it bloody excellent.. just it seems the valid question from jehnx was ignored..


cheers

(hmm I may be in one of my moods..Look Out)

I am posting my hijackthis log file. Spybot, Norton are fully updated.
Please tell me what to delete.

Thanks

U R infected with trojan.startpage virus... Ur Norton 2003 and above should be able to detect it easily....

Now this is a relatively armless trojan the only problem is that it changes the homepage of IE.. and no matter how many times u reset the homepage it keeps on reverting back to the programmed page.....

Although the trojan uses very good stealth technology to hide itself.... I am atleast still unable to delete the virus.. But try installing the SPYWARE GUARD on ur PC.. that will resolve ur homepage problem instantly.......

Hi, I cannot see anything obvious in the log, is it still happening?

Remember you need to run CWshredder and the rest with NO Internet Explorer windows open. Make sure that you have the latest version, it changes weekly, because the spyware changes rapidly :( and becomes more stealthy.

Try http://www.winpatrol .com

Win Patrol ....it shows you startup programs and "IE Helpers" (otherwise known as BHOs) I would be inclined to delete all of them that you are not absolutely certain of. You can always re-install them if something stops working.

Good luck

There's your trojan right there ...close all other browser & explorer windows.....check off:
R3 - URLSearchHook: ViewSource Class - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\Documents and Settings\johnny\Application Data\winshow\winshow.dll

click 'fix checked'...then reboot

after restarting...look in C:\Documents and Settings\johnny\Application Data for the winshow folder & delete it.

Fixed it! boardwalk_angel had the solution. Spyware is getting stealthier everyday!

Thanks to all for your help,

J

wow I went through the log file line by line and skipped the entry that boardwalk angel spotted good work.

Johnymier... could u please elobrate a bit on how u got rid of the virus.. as mentioned earlier I am also infected by the same virus but still I am unable to delete the virus.. although I am able to stop the virus from changing the homepage....

I read boardwalks reply... but I was unable to understand the method to get rid of the virus... request you to kindly help me with the same.

It would be great if u could elobrate on how u went abt to get rid of this virus....

Regards

Kalp

Okay Okay.. I got it... I need to download hijack this software for the purpose........

Thanks.. I shall try the same and let u know if it works for me......

Bye

Yeah..it's easier to spot stuff if the log is copied & pasted into a reply. that's what you should do.. anjali ......

...probably should start your own thread.too., maybe.....

boardwalk.. I have already started a thread named Help.. trojan.startpage virus... under Antivirus forum...

I shall update the thread with the log generated....

In the meantime could u please throw some more light on how to get rid of trojan.startpage virus.....

Regards

Kalpesh

Wow…just found my graduating thesis project at this site, www.privatenavigator.com! Awesome!

use spybot search and destroy...
then cwshredder
then hijackthis....

but like one poster stated be carefull on hijackthis... you could delete the wrong item

most items you can tell whether or not it belongs because the path will be to a program you know you use such as norton ... if you dont know it then do a google search on it and you will quickly find out...

you kinda have spyware like searchnet. Any time you put in a keyword with out the "http" it defaults to the spyware default page. So, for a temporary fix just make sure you type : http://<url>.

if u want to get rid of it w/ Ad-Aware, use the file inside the zip attached. it is from lavasoft.

So sick of these browser/hijack games....