Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

Tough problem. Only a genius can solve...

1911 Views 10 Replies 2 Participants Last post by  $teve
Somehow in my surfing I got a bug. It redirects my home page to on open and when I try to see or Otherwise it seems ok. Unfortunately it is also sending out my personal information. See below:

To : [email protected]
Subject : Re: Your details

Attachment(s) removed:

I have used Adaware 6.0. It found some trouble but not the bad one. I tried Spy Sweeper. It found the bad one. I deleted the troubled files but everytime it comes back. [I think it has corrupted my registry.] I used Spybot Search and Destroy. It found the problem and did say the registry was corrupted and supposedly fixed it but the trouble came right back. So.....I need an expert to advise me what I can do. In the meantime I am preparing to wipe the C: drive and reload everything from scratch. But if someone can show me how to kill the bug without spending the entire day reloading all my software from scratch, I would happily bow in whatever direction they come from.
Not open for further replies.
1 - 5 of 11 Posts
Its the sobig and run this tool:

Then do this:
go to , and download 'Hijack This!'.....
Unzip it to its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

If you have anything disabled by MSConfig or any other startup manager, please re-enable it before scanning to post.

See less See more
Run hijackthis again and put a checkmark against these entries....double check
in case you miss anything....
.....then,close all browser and outlook windows and "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:

Go to "tools"/"internet options" and reset your prefered startpage.
Re-boot after and see if all is ok.

Consider installing the following:

SpywareBlaster v 3.0 and SpywareGuard v2.2, to prevent Active-X drive-by installations, as well as provide real-time browser hijacking protection:

IE-SPYAD, a registry file that adds a long list of known "sites" to the Restricted Sites of your Internet Explorer:

See less See more
Did you check and fix the o1 entries?
If you did download and run this......
CoolWebShredder (CWS) from here:
Please make certain that all browser and folder windows are closed before using CWShredder.
Nope Bob.thats fine to have a clean bill of health.

Always a pleasure
Also..........Spybot has an Imunize feature..........this will help prevent any home page changes made by anyone but yourself.
1 - 5 of 11 Posts
Not open for further replies.