I was surfing the net, and went to a bad site (cant remember the address). My Avast home ed bells started to ring, and it was giving me the options to delete, or vault etc… I clicked delete, and tried to close the site window, but it kept on staying open and the alarm bells kept ringing. Eventually i got the window to close, and deleted the virus.
I did a virus scan, 0 viruses found, I also did the avast virus/worm cleaner application, again 0 found.
You did NOT have a "virus", but something more serious; should ALWAYS "quarantine" FIRST,
UNLESS you know SPECIFICALLY WHAT it "is". You have now a "Hijacker" and your 1st attempt
at getting rid of it is to use one or more of the programs recommended by "Tech", though I
recommend you start by using the FREE version of "SUPERantispyware" available from :
www.superantispyware.com .
I clicked http://www.superantispyware.com/ and The page cannot be displayed , i typed it into the address bar, and also tried to click it via google. I can’t get to the site.
Can you guys get to the site or is it just my computer?
I can get to a-squared. Free AVG Antispyware, and Spyware Terminator though, which one of these would be the best
Preference, AVG-AS, SuperAntiSpyware, Spyware Terminator, a-squared. The only clause is not to have two resident anti-spyware scanners installed at the same time. AVG-AS is resident for the first 30 days trial, Spyware Terminator is resident always, so that is what you have to check before installing multiple anti-spyware tools.
A boot scan scans before windows is loaded, and usually will pick up infecte files as they are being loaded.
Looking at the picture you posted, 1 file is in the system restore. That is the first file listed. To remove it, turn system restore off, schedule a boot time scan. Note you will lose all restore points.
The other two are probably the ones that are redirecting your browser and preventing you from changing your home page. Locate the files, scan them and if they are infected ,MOVE them to the chest and see if your problem goes away. Make sure that you do the disable system restore first or that file will be resotred to your computor.
Your image would appear to contradict this as one of the files detected is in a temp location.
Covered by oldman.
The c:\System Volume Information folder is a part of the system restore function and as such is protected by windows (so I believe that may still be there), the only way to clean infected _restore points is to disable system restore and reboot. This will clear ALL _restore points. Once you have disabled system restore, reboot, scan your PC again and if clear enable system restore.
Win XP-ME - How to disable System Restore
You will see the an entry or entries like this, which redirect your home page, fix the one relating to good.allxun.com:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
You could also choose a different browser which isn’t as susceptible to these browser hijacks, like firefox or opera or any non IE based clone.
IF Frank's recommendations do NOT result in you being able to "fix" those "01" entries,
I recommend you download "Hoster" from www.funkytoad.com/download/hoster.zip .
After installing that program, I recommend you click the "Restore Microsoft's Original
Hosts File" button .
HijackThis "fix" is NOT the same as "Deleting"; I understand from the Editor of Spyware
Weekly Newsletter that HijackThis's "fix" then allows an antiSPYWARE program to
"quarantine/delete" what it could NOT do BEFORE the HijackThis "fix" !?