rickeysays
Had this question 8
Question
rickeysays asked on
| 67949 views

My Internet Explorer has been hijacked by a virus

I got a virus that hijacked my IE, so every time I tried to go anywhere it would take me to it's fake site,trying to sell me it's "virus protection". (The irony never get's old. It's like when gangsters used to sell "protection")  I was able to neutralize the virus with my spyware (wish it would have caught it before it got in) but now my IE can't get online. I just get that "cannot display the webpage" screen. But my Firefox works fine. So what did the virus do to IE, and how can I fix it? 
Vincenzo Di Russo
Found this helpful 6
Answer
Vincenzo Di Russo replied on
1. Follow to the letter all the directions in this thread: How to get rid of malware
    1a. You may have to use a non-infected computer for any downloads specified below, until your malware is removed. Use a USB Pen drive or burn to CD or other means to carry the necessary utilities to the infected computer and copy to the Desktop.
    1b. Microsoft® Windows® Malicious Software Removal Tool download here off-line.

2. If still no joy you can find Microsoft MVPs and other trained analysts at the following help sites:
Aumha.org
Atribune.org
SpywareHammer
BleepingComputer
Safer-Networking

3. If you need more help with virus-related issues, contact Microsoft Product Support Services.

Visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy.  If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates. 

For support outside the United States and Canada, visit the Product Support Services Web page.

 

4. If you need more assistance for the virus/worm post to the Microsoft Newsgroup - Security - Viruses.
Via your newsreader:
news://msnews.microsoft.com/microsoft.public.security.virus
Via Web:
http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?dg=microsoft.public.security.virus

 

Hope this helps,


Vincenzo Di Russo
Microsoft® MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003.
Moderator in the Microsoft Answers Forums Italy
My MVP Profile: https://mvp.support.microsoft.com/profile/Vincenzo
Vincenzo Di Russo - Microsoft® MVP Windows Internet Explorer, Windows & Security Expert ~ since 2003
PA Bear MS MVP
Found this helpful 3
Answer
PA Bear MS MVP replied on

You have much more work to do.

NB: If you had no anti-virus application installed or the subscription had expired *when the machine first got infected* and/or your subscription has since expired and/or the machine's not been kept fully-patched at Windows Update, don't waste your time with any of the below: Format & reinstall Windows.  A Repair Install will NOT help!

Available via the Consumer Security Support home page: https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually: http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan!  You may need to download the MSRT on a non-infected machine, then transfer MRT.EXE to the infected machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!) in Safe Mode with Networking, if need be: http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead: http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now run a thorough check for hijackware, including posting requested logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

Checking for/Help with Hijackware:
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Chances are you will need to seek expert assistance in http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, http://www.spywarewarrior.com/viewforum.php?f=5, http://www.dslreports.com/forum/cleanup, http://www.bluetack.co.uk/forums/index.php, http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.


~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
~Robear Dyer (PA Bear)
MS MVP-Windows Client (Security, Update Services, IE & Mail) since 2002
Vincenzo Di Russo
Found this helpful 6
Answer
Vincenzo Di Russo replied on
1. Follow to the letter all the directions in this thread: How to get rid of malware
    1a. You may have to use a non-infected computer for any downloads specified below, until your malware is removed. Use a USB Pen drive or burn to CD or other means to carry the necessary utilities to the infected computer and copy to the Desktop.
    1b. Microsoft® Windows® Malicious Software Removal Tool download here off-line.

2. If still no joy you can find Microsoft MVPs and other trained analysts at the following help sites:
Aumha.org
Atribune.org
SpywareHammer
BleepingComputer
Safer-Networking

3. If you need more help with virus-related issues, contact Microsoft Product Support Services.

Visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy.  If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates. 

For support outside the United States and Canada, visit the Product Support Services Web page.

 

4. If you need more assistance for the virus/worm post to the Microsoft Newsgroup - Security - Viruses.
Via your newsreader:
news://msnews.microsoft.com/microsoft.public.security.virus
Via Web:
http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?dg=microsoft.public.security.virus

 

Hope this helps,


Vincenzo Di Russo
Microsoft® MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003.
Moderator in the Microsoft Answers Forums Italy
My MVP Profile: https://mvp.support.microsoft.com/profile/Vincenzo
Vincenzo Di Russo - Microsoft® MVP Windows Internet Explorer, Windows & Security Expert ~ since 2003
PA Bear MS MVP
Found this helpful 3
Answer
PA Bear MS MVP replied on

You have much more work to do.

NB: If you had no anti-virus application installed or the subscription had expired *when the machine first got infected* and/or your subscription has since expired and/or the machine's not been kept fully-patched at Windows Update, don't waste your time with any of the below: Format & reinstall Windows.  A Repair Install will NOT help!

Available via the Consumer Security Support home page: https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually: http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan!  You may need to download the MSRT on a non-infected machine, then transfer MRT.EXE to the infected machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!) in Safe Mode with Networking, if need be: http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead: http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now run a thorough check for hijackware, including posting requested logs in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

Checking for/Help with Hijackware:
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Chances are you will need to seek expert assistance in http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, http://www.spywarewarrior.com/viewforum.php?f=5, http://www.dslreports.com/forum/cleanup, http://www.bluetack.co.uk/forums/index.php, http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.


~Robear Dyer (PA Bear) ~ MS MVP (IE, Mail, Security, Windows & Update Services) since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft
~Robear Dyer (PA Bear)
MS MVP-Windows Client (Security, Update Services, IE & Mail) since 2002
KAREN00000000000000
Found this helpful 0
KAREN00000000000000 replied on

Reply

VIRUS | MALWARE REDIRECTS ;

examples;

ht tp://a0g7ya1i0.com/XXXXXXXXXXXXXXXXXXX

ht tp://plxlestatservlce.com/XXXXXXXXXXXXXXXXXXXXXXX

ht tp://bondloans.com/key/?qs=5dcfd9cbd3451

 

YOU ARE NOW AT THE BOTTOM OF THE "  BLACK HOLE  "

SADLY LIKE MANY THAT FOLLOW.

 

the searches to this spot on what "MAY" be a virus,  I too have followed all of the NUMEROUS like 100's alll over the place.  

HEADS UP to others,  after checking all the links  (installed numerous sugestions).   NO SOLUTION

 

I BELIEVE YOU MAY FIND .... links upon links with just suggestions,      CUT AND PAST OF THE SAME LINK, with  NO SOLUTIONS.

 

 

KAREN

sol !!!!!

 

 


ScottNewland
Found this helpful 0
ScottNewland replied on

Reply

Hi Vincenzo

Thanks for sending this over - I have carried out all items as you suggested but still cannot search at all on the internet.

I have created a log file form HijackThis and shall now post to see if anyone can help me fix this.

Thanks again

Scott

SallyBruno
Found this helpful 0
SallyBruno replied on

Reply

When I downloaded the malicious software tool and saved it to my USB to download to my infected computer it said it was uncompatable.  Something about check my bits and download again. I don't understand what I now need to do. Please help me go to the next step so I can get rid of this darn virus and us IE again.  Thank you
PhilipAsmith
Found this helpful 0
PhilipAsmith replied on
reboot system into safe mode. Once in safe mode do a system restore to a date before the virus appeared.  Restoring in safe mode is the only way this virus will allow you to do a system restore.
medeiom1
Found this helpful 0
medeiom1 replied on

I see this has been a few years, but you may find it interesting that I too had the same problem. Unfortunately, antivirus software can not always fix this IE issue.

 

However, I found a fix and it works by preventing malicious malware from changing IE homepage directing it to a malicious site. 

 

The fix..

 

1. Registry tweak under

HKEY_CURRENT_USERS\Software\Policies\Microsoft\Internet Explorer\HomePage

and setting its value to 1 (this prevents users from changing the Home page).

 

2. Enabling the "Disable Internet Explorer Homepage change" under Group Policy

 

This seemed to work as I am now directed to Bing.com

 

 

PA Bear MS MVP
Found this helpful 1
PA Bear MS MVP replied on

Reply

Trust me, a Bad Guy can change that GPO in seconds!
~Robear Dyer (PA Bear)
MS MVP-Windows Client (Security, Update Services, IE & Mail) since 2002
Hoppie_953
Found this helpful 0
Hoppie_953 replied on

Reply

Hi Vincenzo,

I went to get the address to take to my other computer when it opened up then reverted back to general Microsoft site. when I came back to try a second time and catch it - the download link was not there anymore.

FYI for anyone who has been hijacked or has a virus/malware.

I will try this site from another laptop.

Regards,
Hoppie
PA Bear MS MVP
Found this helpful 0
PA Bear MS MVP replied on

Reply

To avoid confusion & duplication of effort, please post any/all further follow-up in replies to your original thread => http://answers.microsoft.com/en-us/windows/forum/windows_7-security/internet-explorer-hijacked/f97171f4-7ff1-4632-8d52-88144264707b (23 October 2013)

 

Thank you.

 

That being said...

 

Possibly related => http://www.bleepingcomputer.com/virus-removal/remove-trustdefender

 

Enzo's links were good when he posted them over three (3) years ago! I can recommend the following Malware Removal forums today:

 

   • MalwareBytes' Anti-Malware
     http://forums.malwarebytes.org/index.php?showforum=7

 

   • Bleepingcomputer.com
     http://www.bleepingcomputer.com/forums/forum22.html

 

   • DSL Reports: Security Cleanup
     http://www.dslreports.com/forum/cleanup

 

   • SpywareHammer: Malware Removal
      http://spywarehammer.com/simplemachinesforum/index.php?board=10.0

 

   • Spyware Warrior: Help with spyware removal
      http://www.spywarewarrior.com/viewforum.php?f=5

~Robear Dyer (PA Bear)
MS MVP-Windows Client (Security, Update Services, IE & Mail) since 2002