Windows Redirecting Web Page Hijack

Hello, I have a friend whose computer always redirects any searches or home pages to http: //296f8.ilxt.info/index.php?aid=20009 or http: //www.windowws.cc/hp.htm?id=80 which is basically the same thing.

Since my friend lives so far away from me, I've tried fixing it via just giving instructions and Remote Assistance. Both ways are very slow since my friend is on 56k and I don't really have a clue on what is happening.

It basically, after every reboot or so, changes the home page and any search pages to the above. I've tried to clear out any suspicious and unidentified objects that start up when Windows XP is loaded via "msconfig" and cleared out others with "Hijack This". I had my friend run adaware and a virus scanner but that does not seem to work.

Does anyone know of a sure way to get rid of this or is at least familiar with it without having me having to physically go to my friend's house?

Thank you.

 

I'll tell u, I'm not even going to these pages, I don't know what nasty creepy crawlies are in there, are you sure these pages are safe to put on this thread? Especially if a VIRUS is causing the web browser to redirect there??

 

Sounds more like spyware/adware than a virus to me. Tell him to get a copy of Ad-Aware and/or Spybot Search & Destroy and run them. Then update his virus definitions and run virus scan.

 

Well I did not want you to visit those web pages if you don't want to; and I've gone to them and nothing has happened - just some stupid search engine of their own. I added those links for people who want to know what it is and don't want it in their address bar when they copy/paste or type it in.

I've had my friend run ad-aware plus a plethora of other spyware "searching and elmination" programs but they do not seem to work.

Upon further inspection from logs, it seems that an executable or dynamic link library is reinstating them from each computer reboot. I probably will have to either try to get it to infect my computer and solve it that way so I'll know exactly what to do or make a house call.

I wonder if system restore should be able to clear things up.

Thank you.

 

I had a nasty bugger like this once. It was dug in like a tick and it bounced ad-ware like a little girl. Finally, I booted in safe mode and that gave Ad-Aware the edge it needed to kick butt.

So try that - boot to safe mode, then run ad-aware with the latest up-date.

 

Thanks for the advice, I'll try that first and if that does not work, I will tell my friend to follow this.

The symptoms are very similiar to what my friend's computer has so it would probably be a match.

 

I had that problem

hey mate

i had this problem for a while, (only got rid of it last week), home page changing to search.cc or summot like that on reboot, redirecting google searchs etc.

i searched on the net and found it was a common problem, and found this program, worked for me:

http://www.spychecker.com/program/coolwebshredder.html

sorry cudnt link it but just copy and paste it, hope it solves ur problem

cheers
kitt

 

I had once helped a customer get rid of a hijack, manually took me 1 hour to accomplish.
Trick is to write down the address of the webpage you're being redirected to and then search/delete the registry for instances. Most of these hijackers have some kind of active X or dll that run when you start up IE, search and delete them. You'll need to boot into safe mode to get rid of these system components.
Another thing i often do is change permissions of spyware executables

 

It's spyware, visit the help page link in my sig.. We get so many spyware calls we had to setup a website..

-scoob8000

 

Thanks for the information and help.

My friend managed to remove all traces of the spyware and her computer is working fine now; and she says she is "technologically inept."

 

Firstly diable System Restore - this can re-introduec the nasties after you have cleaned them up.

Then run both Ad-Aware & SpyBot...

Reboot

Run Ad-aware & SpyBot again - to confirm that all is OK.

Re-activate System Restore & reboot again...

 

Download a programme called hi-jack this if spybot or adaware doesn't remove it.