0

New malware pretends to be an antivirus program , infiltrates your system. Started in Oct 2010.
Does not let you launch anything... Had to go to safemode...

Deleted tick off all weird strings from MSconfig startup (i.e. IJHHLUVDLTA)
deleted all "antivirus actions" values from regedit...including weird strings in Startupreg folder area.

All seem ok now except when we type in www.hotmail.com urlfrom IE8 we get re-directed to ..You guessed it Antivirus Action setup page.Tried from Firefox... all ok
IE8 appears to be corrupted. I attempted IE8 re-install...no cahnge...Can uninstall IE8 in XP ...

Went back to IE8 and got into Hotmail via Live mail URL.

I would like to know how to cleanup the poisonned Hotmail URL within IE8

Any ideas

tx
Gilles

3
Contributors
2
Replies
3
Views
6 Years
Discussion Span
Last Post by jholland1964
0

Did you check your proxy settings for IE? Tools > Internet Options > Connections > Lan Settings.

The only box that should be checked is Automatically detect settings unless you have a proxy setup for some reason.

Make sure you got all of these registry entries:

HKEY_CURRENT_USER\Software\[SET OF RANDOM CHARACTERS]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:33921"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]yhsn.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]yhsn.exe"

Focus on the entries that deal with IE, you may have missed them.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.