PDA

View Full Version : http://www.msn.com/



Lurking
17-10-2008, 10:38 AM
Don't want the above as my home page. Have tried all of the known methods to change it but it still defaults to msn.

There are three users on this pc with Admin. title. The other two default to Google which is what I want.

Speedy what does it appear as in HJT so it can be deleted?

Also what would happen to the programs of the other two users if they were deleted?

Thanks for your kind efforts sorting this replacement pc.

Lurking.

Ps. NEC powermate, XP SP3.

lurks.

Speedy Gonzales
17-10-2008, 10:45 AM
By the looks of it, it could be a browser hijacker thats doing it.

Do a scan with malwarebytes below / post a log from this computer

Lurking
17-10-2008, 12:06 PM
Thanks Speedy, here is log:

Malwarebytes' Anti-Malware 1.28
Database version: 1276
Windows 5.1.2600 Service Pack 3

10/17/2008 12:42:56 PM
mbam-log-2008-10-17 (12-42-44).txt

Scan type: Quick Scan
Objects scanned: 57716
Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\adflr.adswpr (Spyware.Banker) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\ErrorExpert_setup.exe (Rogue.ErrorExpertSetup) -> No action taken.

Lurks.

Speedy Gonzales
17-10-2008, 12:31 PM
Did you remove the entry it detected?

HKEY_CLASSES_ROOT\adflr.adswpr (Spyware.Banker)

It looks like this belongs to a keylogger

I mean the HJT log not the malwarebytes log

Lurking
17-10-2008, 01:11 PM
Waiting for you to use which proram to delete it with.

Lurks.

Morgenmuffel
17-10-2008, 01:14 PM
What browser are you using, and How exactly are you trying to set the home page.

I only ask because i have dealt with a number of Firefox/Netscape users, who try to set their homepage using the "Internet options" in the control panel (which will only set the homepage for Internet Explorer), stupid I know but I have seen some extremely bright people caught by it

Speedy Gonzales
17-10-2008, 01:19 PM
You can remove it in malwarebytes. Bottom right click on it. After you do a scan.

Then select that entry then remove it

Lurking
17-10-2008, 03:54 PM
Thanks Speedy, have deleted it and running another scan.

Nigel, IE 7 browser. Firefox is on one the other user's though.

Interesting to note here, am back on an IBM with 320mb ram and running at 400mhz and quite frankly, it leaves the 2.9mhz 1gig ram machine for dead.

Too many users and all running different programs no doubt must have some affect on the NEC.

Lurking.