hijaack IE by MSN

Hi,
Please, after an update at MS, no matter what I try, when I launch IE, it goes to msn.com.

Problem is that, in ie.exe, they execute the code bellow:

http://www.microsoft.com/isapi/redir.dll?prd=ie&clcid=0x0416&pver=6.0&ar=home

regarding what is in regustry or whatelse.

Is there a fix anyway?

Thanks

Ricardo

 

Your updating of Windows probably changed the homepage in the default homepage.

1. Open your browser IE.
2. Choose "Tools" in the menu of IE
3. Choose "Internet Options"
4. You will see "Home page", change the Address in the page you want.
5. Click on OK or Apply + OK

 

Hi,
Thanks for your attention,

Please, let me try to explain again. Every time I load IE.exe, it make:
http://www.microsoft.com/isapi/redir.dll?prd=ie&clcid=0x0416&pver=6.0&ar=home,

If I change “home page” like you suggest, in the very after moment, it gets back to the line above.

I used a registry tracer, and saw that when the ie.exe is executed, the values in registry are dynamically changed.

Again, please, is there any solution to this?

Than in advance,
Best regards.
Ricardo

 

IE.EXE is not a legitimate file.
You are infected by this one :
http://www.sophos.com/virusinfo/analyses/w32sdbotvs.html
Don't you have any scanners ?

 

If you can't remove it with any of your scanners or you don't have scanners, than you have to do this :

1. Download HijackThis from this website :
http://www.merijn.org/
2. Unzip it and put it in a separate folder, like C:\HJT
3. Run it and the program will create a HijackThis Log file in this folder.

4. Visit this forum : http://www.spywareinfoforum.com/
5. Register yourself and read the FAQ.

6. Open your HijackThis Log and copy the complete log into a new post under the subforum "Malware Removal" and explain your problem.
7. Wait until a qualified helper will help you.

Good luck.
(Wilders doesn't solve HijackThis Logs anymore)

 

Hi Erik,

First of all, I would like to thank your time and attention with a seasoned hobbyist programmer, like myself.

Some times, we just need some little push toward the right direction, isn’t it?

Like this case, after your suggestions, digging here and there, I found the program “startuplist.exe (http://www.merijin.org)’, and with a little more digging, I discover that loaded in the nth process of Windows is a file ‘iereset.inf’. In one of the last lines, there is the line ‘http://www.microsoft.com/isapi/redir.dll?prd=ie&clcid=0x0416&pver=6.0&ar=home’. Every time you load ‘ie.exe’, this is executed, and dynamically changes the registry.

Of course, it is a trick from MS. What boggles me is that, despite I have installed in my computer ‘Norton antivirus, spybot, hijaackthis, adaware’, none of this programs was capable of figuring out what is going on, and fix it.

Even worse, none of these programs was smart enough to know that somebody changed the ‘inf’ file.

That is the way it is!

Best regards.

Ricardo Machado

 

That is definetly the name of a file used when a user selects Tools\Internet Options\Programs....Reset Web Settings. It is also a file that spyware highjackers write to so that when a user resets IE's default settings the user is then re-infected with their hijacker.

It might pay to take a close look at the enards of that file