iehomepages.com Virus

Discussion in 'malware problems & news' started by dino, Oct 27, 2006.

Thread Status:
Not open for further replies.
  1. dino

    dino Registered Member

    Joined:
    Oct 27, 2006
    Posts:
    1
    I been trying to remove this from the website and seems to me nobody knows how to eliminate this virus. I will really apreciate some help or steeps to follow.
    Dino
     
    dino, Oct 27, 2006
    #1
  2. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    So this is your website and it got infected? If you know where it resides send it to www.virustotal.com and see what scanners detect it? That's all i can really suggest unless you post a hijackthis log somewhere. (Not here though)
     
    btman, Oct 27, 2006
    #2
  3. ItalianStallion135

    ItalianStallion135 Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    1
    i think i might have a similar problem as you. every time i open IE iehomepages.com pops up and i cant figure out how 2 get rid of it.
     
    ItalianStallion135, Oct 29, 2006
    #3
  4. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    98031
    It is just an adware type site, click cancel to get rid of the popup.

    Code:
    [whois.estdomains.com]
Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com

Domain Name: IEHOMEPAGES.COM 

Registrant:
    ----
    Philip Harrison        (ph@isecuritypage.com)
    Hverfisgotu 53
    Reykjavik
    ,101
    IS
    Tel. +354.6591565

Creation Date: 13-Oct-2006  
Expiration Date: 13-Oct-2007

Domain servers in listed order:
    ns2.iehomepages.com
    ns1.iehomepages.com


Administrative Contact:
    ----
    Philip Harrison        (ph@isecuritypage.com)
    Hverfisgotu 53
    Reykjavik
    ,101
    IS
    Tel. +354.6591565

Technical Contact:
    ----
    Philip Harrison        (ph@isecuritypage.com)
    Hverfisgotu 53
    Reykjavik
    ,101
    IS
    Tel. +354.6591565

Billing Contact:
    ----
    Philip Harrison        (ph@isecuritypage.com)
    Hverfisgotu 53
    Reykjavik
    ,101
    IS
    Tel. +354.6591565

Status:ACTIVE
     
    dan_maran, Oct 29, 2006
    #4
  5. MaKR

    MaKR Registered Member

    Joined:
    Nov 13, 2006
    Posts:
    1
    Spybot Search & Destroy has been notified and is working on a solution. Until then I have manual instructions from SS&D for removal followed by some extra information that may be useful.

    Delete Files
    ================================================
    C:\WINDOWS\Downloaded Program Files\objectCubeInstall.ocx
    C:\Program Files\TrueCodec\isaddon.dll
    C:\Program Files\Quote.com\ContinuumClient\WiseUpdt.exe
    C:\Program Files\Quote.com\QCharts\WiseUpdt.exe
    C:\Program Files\Paltalk\pnetaware.exe

    Inside SS&D
    ================================================
    Please delete the following Active X file:
    {5F05A225-0F66-43DE-89E4-6FFD589C4F01}
    Open Spybot in the advanced mode via the menu item mode, go to 'tools'->'Active X'.
    Then mark the entry and remove it.

    Please delete the following BHO:
    {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d}
    Open Spybot in the advanced mode via the menu item mode, go to 'tools'->'BHO's'.
    Then mark the entry and remove it.

    Please delete the following Startup Entries:
    C:\Program Files\Quote.com\ContinuumClient\WiseUpdt.exe
    C:\Program Files\Quote.com\QCharts\WiseUpdt.exe
    C:\Program Files\Paltalk\pnetaware.exe
    Open Spybot in the advanced mode via the menu item mode, go to 'tools'->'System Startup'
    Then mark the entries and remove them.

    Final notes from this experience
    ================================================
    C:\Program Files\Paltalk directory was useless
    C:\Program Files\Quote.com directory was useless
    C:\Program Files\TrueCodec directory was useless and very damaging
    it contained 2 specific .dll files that were damaging, not just the one listed by SS&D instructions

    Infection comes from the TrueCodec as it tells the user it is required to watch a video.
    Also this computer had been infected with VirusBurst, which was automatically removed by SS&D through a very recent update.
    I am not familiar with Paltalk, but did not find any use for it.
    I am not completely sure how interlinked this entire infection was, but after removal of everything listed above the computer worked again, hijack was gone, and nothing seemed to be missing. And watch for updates from SS&D within a short amount of time. I hope this helps.
     
    MaKR, Nov 13, 2006
    #5
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm

    Regards,

    Pieter
     
    Pieter_Arntz, Nov 14, 2006
    #6
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...