cancel
Showing results for 
Search instead for 
Did you mean: 

Win XP Control Panel, Internet Options

penneck
Grafter
Posts: 660
Thanks: 8
Registered: 03-08-2007

Win XP Control Panel, Internet Options

Just lately when I open Internet Explorer, it goes straight to a dubious web site. I tried to reset the default to Google by opening "Control Panel" and selecting "Internet Options". This showed the dubious site address, so I changed it to "www.google.co.uk". I used "Apply" and then "OK". When the "Internet Options" window has closed (but "Control Panel" still open) I reopened "Internet Options" and that dubious address was back.

AVG7, Spybot and AdAware haven't protected me.

Suggestions please to how to get rid of this dubious address permanently.

Thanks in advance
7 REPLIES
MysteryFCM
Grafter
Posts: 528
Registered: 30-08-2007

Win XP Control Panel, Internet Options

Can you do two things for me please.....

1. Download and install Ewido - www.ewido.net

After installation, re-start your computer then run Ewido's updater, followed by a full system scan.

2. Download and run HiJack This - http://archive.mysteryfcm.co.uk/security/antispyware/hijack_this/hijackthis.exe

After downloaded, loadup HiJack This and allow it to run a full system scan with report (with a report is important!).

Once HiJack This has finished the report (it will present it to you in a Notepad window), post both the Ewido and HiJack This report here.
penneck
Grafter
Posts: 660
Thanks: 8
Registered: 03-08-2007

Win XP Control Panel, Internet Options

Steve,

Have done as you suggested. How do I get the report files to you? I'm fairly inexperienced on using these forums, so dont know how to send them via this. However, I do know how to send e-mails with attachments so I could use that. Should I send it to you at whatever the www place you mention on your post?

Thanks

Graham
MysteryFCM
Grafter
Posts: 528
Registered: 30-08-2007

Win XP Control Panel, Internet Options

You can send them to me at the address below Smiley

pnf_files AT it-mate.co.uk

Replace AT with @

Or alternatively, post their contents here Smiley
shellsong
Grafter
Posts: 2,191
Registered: 03-08-2007

Win XP Control Panel, Internet Options

Hi Graham

You could always paste it in here as a "Quote"-- if Steve isn't around I expect someone else could probably help Wink
MysteryFCM
Grafter
Posts: 528
Registered: 30-08-2007

Win XP Control Panel, Internet Options

According to your Ewido log, your system is currently infected with ISTBar. This is relatively simple to get rid of, so the first step is to run Ewido's updater, then run a full system scan. Ewido will detect ISTBar and offer to remove it for you. Allow it to do so.

Once Ewido has finished, launch HiJack This and place a tick next to each of the following, then click "Fix Checked".

Quote
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www. xdpornmovies.com/ to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =


*Link in above deliberately disabled to prevent accidental clickity action

Next, we need to block xdpornmovies.com from being accessed in future. To do this, go to Start > Run and type the following, then press return.

%systemroot%\system32\drivers\etc

Double click the file named "HOSTS" and select to open it with Notepad. Then add the following at the bottom of the file;

127.0.0.1 xdpornmovies.com

Once added, save and close the file, then right click it and select "Properties". Place a tick in the "Read Only" box, and click Apply > OK.

Once finished, download the Symantec ISTBar removal tool (FxISTBar.exe) from the URL below (if Ewido has removed it correctly, it should tell you your system does not have this infection), then re-start your computer.

http://archive.mysteryfcm.co.uk/?f=Security/Antispyware/Removal_Tools

DD: http://archive.mysteryfcm.co.uk/security/antispyware/removal_tools/fxistbar.exe

Once the computer has re-started, launch HiJack This again and post a fresh log - along with a fresh Ewido report.
N/A

post subject

spyware blaster/spyware guard. ie6 problems solved
MysteryFCM
Grafter
Posts: 528
Registered: 30-08-2007

Win XP Control Panel, Internet Options

Yep, and the fart can be prevented with a cork ........ :roll: