Then there is this tool from AVG... http://www.avg.com/ww-en/download-tools
The changer popup? How about telling us what it actually says, and what originated it, what pgm it is from..? Every hotmail login...heh... prob M$ trying to change you over to Bing.
Bing. How did they come up with that name? How on Earth? What were they drinking?
gerbil
Industrious Poster
4,209 posts since May 2005
Reputation Points: 239
Solved Threads: 300
Mmm... then I am very likely south of you. Could you do these two things?
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].
{If it will not run in Normal mode try a Safe mode run first, then repeat in Normal mode.. save and present both logs].
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe
-CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
If you do those thnigs it gives us a base to work from. It does sound as if the browser change warning is coming from the malware. So lets have a go at cleaning that out. Once we can see it.. well, most things can be removed easily enough.
gerbil
Industrious Poster
4,209 posts since May 2005
Reputation Points: 239
Solved Threads: 300
Oops. Sorry, Helen, I forgot that the hijackthis download from the site I gave now comes as an installer package which actually installs Hijackthis as a program. It is also still available as an executable [exe file] which does not require installation.
I have accordingly reworded that advice script [meant to do it ages back...]. Note that I have removed the renaming; that was a hangover from when malwares identified hijackthis and prevented it from running.
HiJackThis:
You have a choice of versions, installable program or stand-alone executable; in action they are fundamentally identical.
i] -download hijackthis: http://www.majorgeeks.com/download5554.html or http://www.filehippo.com/download_hijackthis/
-dclick that .msi file to install Hijackthis as a program. Else...
ii] - download the executable file from: http://www.bleepingcomputer.com/files/hijackthis.php
- unzip if necessary; copy hijackthis.exe to a new FOLDER placed either alongside your program files or on your desktop.
Start Hijackthis via the desktop icon or by dclicking hijackthis.exe.
- CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
- click the Scan and Save a Logfile button. Post the log here. It is fine to just add it as text to your post, or you can attach it via the Advanced Editor section.
MBAM should have identified and removed Zwankysearch [zwangisearch] if it was present. But we can check that. They are browser redirectors, sending you via their own website, and include their ads.
gerbil
Industrious Poster
4,209 posts since May 2005
Reputation Points: 239
Solved Threads: 300
Cool, Helen. Your last post has the log that I wished to see [x2.. :) ].
Zwankysearch is no more.
Are you still hoping to uninstall AVG9? Choose the uninstaller/removal tool from here: http://www.avg.com/ww-en/download-tools To stop AVG9 dclick on the Resident Shield icon, then uncheck the Residential Shield Settings and lastly click Save Settings. Then run the removal tool.
I'm not sure you need all those toolbars? You can uninstall the ones you don't want. IMesh... hmmm. And
Your trusted zone should not contain any entries, really. Anything in there can download anything it wants, no checks. You can remove them via the Security Zone in IE, else...
-start hijackthis again, click Scan, in the window that opens place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
O15 - Trusted Zone: http://www.mp3rocketpro.com
O15 - Trusted Zone: *.mymusicinc.com
O15 - Trusted Zone: http://www.news.com.au
O15 - Trusted Zone: http://www.superantispyware.com
There is nothing else showing as bad in the log.
gerbil
Industrious Poster
4,209 posts since May 2005
Reputation Points: 239
Solved Threads: 300
Firstly, your being an administratror. All too often an account will get blitzed and its properties confused. Often the creation of another account [it must be with a different name because Windows encodes account names and buries those codes deeply] and then the copying across of everything under Documents and Settings will solve that problem. But you cannot use the Guest account to create an administrator account, you can only do that with another administrator account, or through the Administrator account.
Seems like you are the only administrator. Okay. When you installed XP it created the default Administrator account, and it is still there, just normally hidden. It was hidden the moment you created your own administrator account. To reveal it during login you can use Safe Mode, and also there create your new administrator account. [If you are the only user then pressing Ctrl-Alt-Del twice just as windows starts in Normal Mode may not get you the screen with Administrator login]. Oh, by default, the Administrator account password is blank, ie press Enter.
You should also be able to do it while logged in normally if your sys still sees you as an administrator. Let's see if it does... go Start, Run, and enter cmd
In the cmd window enter..
net user -you see there all the accounts your machine has; some may surprise you by their existence! Okay, now enter..
net user helen [or whatever your admin account name is]. Near the bottom is Local Group Memberships; you want it to be *Administrators. But anyway, it appears to be corrupt, so....
To create a new administrator account you first create a new user, then enter that account into the administrator's group. So, enter these two commands..
net user sooky /add
net localgroup administrators sooky /add
-and now sooky is an administrator! To get sooky to show either logoff/logon or restart; the new sooky account is created at that moment. Copy over docs and setts files, folders from helen. Delete helen. Give sooky a password..
net user helen * [I mean you to actually type that *. Then, note that as you type the password when requested the cursor will not move].
gerbil
Industrious Poster
4,209 posts since May 2005
Reputation Points: 239
Solved Threads: 300
Another Oops! moment...
Give sooky a password..
net user sooky * [I mean you to actually type that *. Then, note that as you type the password when requested the cursor will not move].
Oh, computer names. Yes, there are several, and it can be confusing. If you go to System Properties via Control Panel,
[or go Start > Run, paste: control sysdm.cpl,,0 ..and press Enter] you will see under Registered to: your? name and organisation name you gave during installation. The number code is the Product ID and relates to your machine and the installation medium type.
You can only change the first two via registry [see below]. Do not change the Product ID.
A couple of tabs to the left you see Computer Name; this is the name by which your computer would be seen if you networked it. You can change that right there.
To change your registered name and organisation name:
...first copy the text in the box to a notepad [format/wordwrap unchecked], alter what is inside the RHS "" to whatever you desire and let the "" remain, and save as fixkey.reg to your desktop; dclick it to run... agree; if it opens in notepad instead rclick the icon [file], choose Merge, else choose Open with, Registry editor....
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]
"RegisteredOrganization"="at home"
"RegisteredOwner"="sooky"
That should do it.
gerbil
Industrious Poster
4,209 posts since May 2005
Reputation Points: 239
Solved Threads: 300
