|
-
June 26th, 2004, 06:44 PM
#1
Junior Member
hijacked home page
A friend is running Windows XP. His home page has been hijacked, and nothing we do can get this page off and return him to normal. He's run AdAware, Hijack This, Spybot and Spykiller. He runs Norton AV. I asked him to give me the Source Code of the page, and this is what it is:
Home Search td { color: black; font: 11px Verdana, Arial, Tahoma} A { FONT-SIZE: 12px; FONT-FAMILY: "Trebuchet MS", Verdana; color:#34006D } A:hover { FONT-SIZE: 12px; COLOR: #ff0000; FONT-FAMILY: "Trebuchet MS", Verdana; TEXT-DECORATION: none } .top { Verdana; COLOR: #0; } .head{ font: 14px Verdana, Arial, Tahoma; color: #1000FF; font-weight: bold; } body { background-color: #ffffff;} :-h\"zjtli.3au zW6w|Wz'ouilH''omk_YT_H'A':zB\r\nO /.LHzW6w|WzpGGHzWlTPlB\r\n}\r\n\r\nJu_omcoHoLTFo7__u2M' Tiul.kL1\"./1','6T_1kLui1','Kul.LI','K.Jk_ST','N\"_.1l.uLoKul.LIoxT_J.ST',' \"kYTow1iuLYoVTYY.LI','6k1loNu_Y1','QkJT',' Tiul.kL1\"./o7YJ.ST','/TL.1oTLiu_ITfTLlo/.ii1','&iYT_oVkfuLo6T_1kLui','E_TTo&Li.LToKul.LI',' /.LHzW6w|B\r\nk/TLM To display this page you need a browser with JavaScript support.
How does he remove this and get back to 'normal'?
It may have come as a payload in a download from something called EUniverse. But we can't find the file to delete it.
TIA.
-
June 26th, 2004, 07:10 PM
#2
First off, either import or download new reference files for AdAware and spybot by updating them or retrieving them from their respective sites. Then run those programs in safe mode, including CWShredder from the same site as hijack this, by pressing f8 at the winxp bootup. Update NAV, and run that as well, if you can access the internet. Once you are done with that, update Windows at windowsupdate.microsoft.com, and run housecall.trendmicro.com's free virus scanner because you probably have other malware as well.
If there are still problems, attach the saved Hijack this log to a post and we can check it out.
Reminder :
Don't remove any entries in HJT...
Hijack This does not work with definitions, it simply finds values that could be a hijack. If you simply "Select all, delete" in HJT, you will find yourself without an operable computer.
-
June 26th, 2004, 08:09 PM
#3
Junior Member
Thanks. I'll let ya know how it goes.
-
June 26th, 2004, 08:25 PM
#4
It is quite possible that it was bundled with the other software you mentioned, especially if it was "free'. You probably even aggreed to allow it when you agreed to the ULA presented at the installation of the software you were actually loading.
Soda's advice is good and you should follow it. But also, you might look in your control panel under add/remove programs. Some times they do include an uninstall for some of these there.
Be aware though, the original software you were going after, might not work with the removale of its supporting (financually supporting) software.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
