1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

removing security update home page

Discussion in 'Malware and Virus Removal Archive' started by sjcecchi, 2006/05/14.

  1. 2006/05/14
    sjcecchi

    sjcecchi Inactive Thread Starter

    Joined:
    2006/05/14
    Messages:
    2
    Likes Received:
    0
    My homepage has been hijacked. :mad: I cannot seem to rename my homepage...it is constantly set to securityupdate.com. I have just run the SmitFraudFix utility and have generated this log file. What do I do next and what should I be deleting ?

    SmitFraudFix v2.44

    Scan done at 19:53:33.98, 14/05/2006
    Run from C:\Documents and Settings\Steve_Joanne\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\atmclk.exe FOUND !
    C:\WINDOWS\system32\dcomcfg.exe FOUND !
    C:\WINDOWS\system32\hp????.tmp FOUND !
    C:\WINDOWS\system32\ld????.tmp FOUND !
    C:\WINDOWS\system32\ot.ico FOUND !
    C:\WINDOWS\system32\regperf.exe FOUND !
    C:\WINDOWS\system32\simpole.tlb FOUND !
    C:\WINDOWS\system32\stdole3.tlb FOUND !
    C:\WINDOWS\system32\ts.ico FOUND !
    C:\WINDOWS\system32\1024\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Steve_Joanne\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\STEVE_~1\FAVORI~1

    C:\DOCUME~1\STEVE_~1\FAVORI~1\Antivirus Test Online.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source "=" "
    "SubscribedURL "=" "
    "FriendlyName "= "Desktop Uninstall "

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source "= "About:Home "
    "SubscribedURL "= "About:Home "
    "FriendlyName "= "My Current Home Page "

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{64ba30a2-811a-4597-b0af-d551128be340} "= "AppManager "

    [HKEY_CLASSES_ROOT\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
    @= "C:\WINDOWS\system32\appmagr.dll "

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
    @= "C:\WINDOWS\system32\appmagr.dll "


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    sjcecchi,
    #1
  2. 2006/05/14
    sjcecchi

    sjcecchi Inactive Thread Starter

    Joined:
    2006/05/14
    Messages:
    2
    Likes Received:
    0
    Thank You !

    I followed the same procedure and I have my homepage back ! Thanks Peter:)
     
    sjcecchi,
    #2


  3. to hide this advert.

  4. 2006/05/15
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    sjcecchi - Welcome to the Board :)

    Glad to hear that you managed to remove the infection - you may like to post a HijackThis log for a final check up.
     
    PeteC,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...