Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: greenhatch on March 25, 2006, 02:36:29 PM
-
I have a strange problem and I suspect there is a simple solution but I have little knowledge of internet matters. I am unable to read Myspace.com blog pages in Internet Explorer without the page being immediately taken over by a Winfixer page which IE blocks as an 'error detected'. I am not able to go back to the blog page without it repeating. I am aware that Winfixer is an insidious piece of malware but I do not think my computer has the malware on it, as no other site page springs up the same problem. I have scanned with Avast, Ewido, Windows Defender, Spybot and Adaware. My restricted sites and blocked cookies include Winfixer.com as blocked. Yet still the same problem.
Incidentally I can access the blog page in Firefox!
-
Well it does sound like there is some form of browser hijack of IE (which may well not be detected by AV style programs, but I would have thought AdAware or Spybot would have found it). I suggest the best tool for the job being HiJackThis to give an indication of what is running on your system.
Also useful as a diagnostic tool - Download HiJackThis.zip (http://www.spywareinfo.com/~merijn/files/hijackthis.zip) - HJT Information HiJackThis Tutorial 1 (http://www.bleepingcomputer.com/forums/tutorial42.html) or HiJackThis Tutorial 2 (http://www.tomcoyote.org/hjt/#introduction)
For an on-line analysis - HiJackThis Log file - On-line Analysis (http://hijackthis.de/index.php) OR HiJackThis Log file - On-line Analysis 2 (http://hjt.iamnotageek.com/)
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
A google search for 'Winfixer removal' without the quotes returns many hits, exercise care some programs purporting to remove winfixer are rogue/suspect programs in their own right), here are just two:
http://www.help2go.com/Tutorials/Spyware_Information/Winfixer_Removal.html
http://www.bleepingcomputer.com/forums/topic18610.html
-
I had googled extensively for Winfixer remedies and read up also on a Vundo removal fix but bearing in mind it is just the one site page out of hundreds I surf, I'm loathe to run it. I took advice from what I have read on HijackThis that it is not ideal for inexperienced users like me to get in to. As I said before, I can access/read the blog page ok in Firefox just not in IE; and no other site pages are affected at all including the rest of Myspace.
-
***
Running HJT should do no harm. You have to actually "tell" it to fix problems that are found. So, run it, copy the results, close the program without fixing anything, and then post the results at one of the links David supplied above. The first on-line analysis link is at the HJT home site.
***
-
Okay, thankyou both. I have just run HijackThis and retained a log and I will ask at the other forum if a remedy is apparent from the log.
-
This sounds like a problem I also had:
http://forum.avast.com/index.php?topic=19806.0
-
This sounds like a problem I also had:
http://forum.avast.com/index.php?topic=19806.0
I saw that last week when my little problem first cropped up but it looks like you cleared your difficulty by scanning. Five different programs couldn't solve mine.
-
:) Hi Greenhatch ( & other interested persons )
For Winfixer & other Virtumonde-type infections, it is best
to follow the advise on antiSPYWARE Expert Atribune's site
http://www.atribune.org/content/view/24/2/ .