• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Hijacked Internet Explorer on XP?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

TommyHolly

Member
Joined
Apr 30, 2003
Location
Chicago
OK I read all the threads here so far. The advice has worked on all my PCs and family's PCs. However, I have a buddy that has a very similar PC with XP n it. He is a PC nOOb and somehow his Internet explorer has a TON of hijacking programs that switch home pages and has pop ups constantly?

Here is the things I tried doing:
1. I ran Norton Antivirus with the most current updates.
2. I installed and updated, then ran "SpyBot" search and destroy.
3. I downloaded, updated, and ran "AdAware 6.0"
4. went to windowsupdate.com and made sure I had the latest patches for XP.
5. Shut down services' Messenger so no pop ups came from that.
6, Downlaoded, updated and ran AVG antivirus just to be sure
7. Went through MSconfig's "Start-up" tab and also removed any non-essential programs in "Add/Remove" programs off the control panel.
8. repeated steps 1-7, 3 times because each time it would find something again.


After all of that he is still having problems with his IE? (I even tried to uninstall IE with the help of a Dell support tech.) The 2 things it is doing is:
1. Homepage constantly changes back to some redirection website.
2. Every time you go to a new page a new pop-up shows up.
After all of that work I did, I can't beleive it still does that. Especially because all of that worked really well on my PC for my (minor in comparison) problems.
 

Silversinksam

Moderator/ Silver Paste Taster©
Joined
Aug 8, 2001
Location
Sunshine State, USA
This may sound stupid, but did you clear the cache and delete the temporary internet files?

This will most likely solve the Homepage reverting to something unwanted after the steps you already did. ;)
 

I.M.O.G.

Glorious Leader
Joined
Nov 12, 2002
Location
Rootstown, OH
Download version 1.59.1 of CWShredder and run it - that is the final update for that program but it would remove all CWS variants made up to 6.28.04.

Download HiJackThis, copy and paste the logfile here please.

For the long version of these instructions, google "malware warfare". (the only real important thing off the top of my head that you missed is that you did not run these in safe mode)
 

don256us

Uber Folding Senior
Joined
Jul 17, 2003
I'm gonna bet that the hijack is living in the system restore. I would try turning that off. Right click 'My Computer' | Properties | System Restore.

Then clean the system again. Hope this helps.
 
OP
TommyHolly

TommyHolly

Member
Joined
Apr 30, 2003
Location
Chicago
Yeah, I did the obvious stuff at first like clearing all the Temporary Internet Files, (Even the Offline ones), Clearing all the cookies, and clearing the SSL State. All that did not work. Then I used System Restore to back up to a earlier date and still didn't work. Then I backed up to the earliest System Restore date I could find and that still didn't work. I then tried to re-install Internet Explorer but that didn't work because basically you can't really effectively do that on XP without messing with too many reg files.

I'll try that CWS shredder that IMOG is talking about. Otherwise, I may soon have to re-install XP to get rid of it.
 

Mr. Chambers

Member
Joined
Feb 25, 2001
Location
Iowa
i didn't see any mention of you running all these applications in safemode - were you?

secondly, did you delete your index.dat files? as well as *manually* clearing out your temp files? look over this thread here and make sure you've done all those things:

http://www.ocforums.com/showthread.php?t=307720&page=1&pp=30

if you have done all those things, in safemode, then please post your hijackthis .log like someone mentioned, you may be able to save yourself a format!
 

I.M.O.G.

Glorious Leader
Joined
Nov 12, 2002
Location
Rootstown, OH
Yes, you are skipping important steps in this progression. Follow the Malware Warfare guide to a T, and make sure you run HIJACKTHIS and post the log here. Once you post that log, we can get you fixed.
 

DDR-PIII

Disabled
Joined
Feb 16, 2002
Location
6p6
you done this as well ?


In IE:

Tools, Internet Options, Programs "Reset Web Settings".

sometimes that works.