According to the path, the folder would be located on the c:\ drive
Open windows explorer and click on the c:\ , then look in the right hand panel for the folder named suspect. Right click select delete, answer ys to any warning.
PS is there anyway other than what we did to get my old home page back?
Yes, go to your home page. After it is loaded, at the top of internet explorer, click tools, internet options. You will see a section for homepage, click use current.
c:\systemvolume information_restore{DDE3EB95-4B24-44D8-AD
win32:agent-ROU[trj]
What about this one… its not a suspect one like the others were… is this anything?
Susie
I did find a suspect file and this what it is
T-4494360-LimeWireWin4.16.1.exe
dated 1-30-2008
That’s a system restore point that can be removed by using the instructions previously posted when I gave you the clean up routine. Do that part at least.
In windows explorer go to this folder
C:\WINDOWS\SYSTEM32\DRIVERS\ETC
In the right hand panel locate this file, note: it will not have an extention. right click it, open it with notepad. Please post the contents here.
hosts
Delete the entire suspect folder, please.
I must have done something wrong… I was following your directions about the java , i thought i had done it all right but when i click on my file to download it to the computer after i completed all the steps you gave me about the java… well i get a message saying
Windows cannot open this File:Windows needs to now what file created it… did i get rid of more than i was suspose to … im sorry…
Susie 
You downloaded the file and saved it to your desktop?
is this the file you downloaded?
jre-6u5-windows-i586-p.exe
There should have been 1 instance of java in add/remove and one folder to delete.
In something totally unrelated to your java problem.
http://forum.avast.com/index.php?topic=32877.msg274860#msg274860
Okay, doing a bit of dumpster diving, I can confirm DavidR did have you make a folder called suspect, so you could test some files at virustotal. These are the same files/folder that avast just found when you did the last scan. So this would make them old detectins. The folder should have been removed, or excluded from avast’s on demand scan. You did though, exclude them from on access scanning.
Going by that, I would say those files are not causing your current problem.
Upon reflection, if your home page was being hijacked,since you have SAS set to warn you, you should have recieved a warning. So against my better judgement, a little testing was iin order. The site that you are having open is WindowsLive, formally the hotmail sign in page.
Why when you open a browser, you sometimes end up there, I don’t know. I don’t think any self rspecting trojan would redirect you there.
Do you have any other way of launching internet explorer? Desktop icon, taskbar icon? etc.
Hi…ok now that I have totally been the pest of the day here is where it stands as of now… I did do all the things you had asked me to do in Reply #9 on: Yesterday at 04:59:31 PM », I now did find the correct Java to run from my desktop… sorry for the alarm i was looking at the wrong thing… somehow i could not see the java but i finally did! so i think im all square on that…now as for my home page, I did do as you suggested i opened my home page and went to tools/internet options and did tell it to use current. It seems since that time its been using my old home page. :). I also did find the 1 suspect file in C:\ as you had told me and i deleted it. so i am up to speed all except of this…
"In windows explorer go to this folder
C:\WINDOWS\SYSTEM32\DRIVERS\ETC
In the right hand panel locate this file, note: it will not have an extention. right click it, open it with notepad. Please post the contents here.
hosts"
Ive done everything you asked except this above. Do you still need me to do that… ? I will if i need to.
Maybe things are fine and i am just panicing for nothing once again. Sorry Ive been such a bother.
As always I do thank you for your time and all of the help you so give me.
Thanks
Susie
No, don’t worry about the hosts file for now, let’s see what happens.
Everything seems to be ok … thank you so much again and ty for your patience with me!
Bigg Hugs
Susie
No problem. Glad it worked for you. Take care.
Everything seems be fine except for the fact that my homepage keeps changing to the Windows Live ID sign in page… it just seems to do it and Im not sure why… but if you feel thats not something i need to be concerned with I won’t be and ill just deal with it.
Thanks
Susie
The next time you open a browser and it takes you to the sign in page, check in that browser, in internet options to see what your homepage is set to. If you have your homepage locked in SAS, then that’s the only place you can change it. SAS should also warn you of the attempted change.
Click this link and tell me if this is your homepage.
http://sympatico.msn.ca/default.aspx
That’s where I end up when I use the link you provided as your home page.
Hi… actually what I always had as a home page until just the other day is this link http://www.msn.com/. Now that is what it is using again… so im just confused why from hour to hour it seems to change… I did go into SAS and I thought i set it to this home page and I also went to internet options and I sure thought I set it there too… If you don’t think this is anything I need to worry about I won’t… I just found it a little strange is all. Thanks for you help…I know you have lots a bigger issues you need to help people with…
Thanks as always
Susie
The link you just posted is a bit different then the one you posted before. The previous link had a redirect in it, that why I ended up at the sympatico page that I posted the link to.
I did go to SAS and followed your directions this what they had as my home page, http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome, which is the one i have used forever
This what you said was your home page. As I said that takes me to
http://sympatico.msn.ca/default.aspx
Which is Msn Canada. We may end up on different site because we are indifferent countries.
Are you sure that in both internet options and SAS that this link appears?
with nothing else behind it? Remember to change your home page, you must do it from SAS or uncheck the boxes, change your home page, recheck the boxes.
I’m thinking a faulty redirect .
Let’s try a little experiment.
I honestly don’t know where that address came from… as far as I know ive never used that address not on purpose anyway… I went into SAS and into my tools, internet options and have made sure the http://www.msn.com/ address is in there again!.. So far so good…I just can’t figure out how it all got changed to begin with. But… now that i made changes again lets hope it all holds!!!
Your the best
Thank you,
Susie
You may well have had the other address as a homepage before.
This address http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome I believe is a generic MSN home page link. Dependiing on where you are in the world, clicking on it will take you to the home page for your part of the world.
I think what may have happened to you, for some reason, it couldn’t be determined where you were, or the server just screwed up and sent you to the Windows Live sign in.
Maybe someone here on the forum from Europe, Asia, S America, etc could try and confirm this.
Anyway, with what you are now using, you should end up on your homepage each time. ;D
When ever I click on http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome , I get redirected to http://home.mobile.msn.com/en-us/default.aspx >:( ???
This is with my computer! My cellphone doesn’t have a internet browser, it’s not internet capable! It’s a pay as you go. Some pay as you go cell phones can brows the web, but not mine.
Hi rdmaloyjr
Does it look like a msn homepage? Like I said I end up on a sympatico.msn home page. Try the link http://sympatico.msn.ca/default.aspx
Don’t worry it’s save. Ant similarities?
Hi oldman,
It looks like a msn home page. Msn thinks I’m a cellphone user, but with http://sympatico.msn.ca/default.aspx, msn thinks I’m someone else.
I posted in this thread because I think it is msn that is messing up not some spyware or malware on sasysusie’s computer.