iehomepages.com Virus

Discussion in 'malware problems & news' started by dino, Oct 27, 2006.

Thread Status:
Not open for further replies.
  1. dino

    dino Registered Member

    Joined:
    Oct 27, 2006
    Posts:
    1
    I been trying to remove this from the website and seems to me nobody knows how to eliminate this virus. I will really apreciate some help or steeps to follow.
    Dino
     
  2. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    So this is your website and it got infected? If you know where it resides send it to www.virustotal.com and see what scanners detect it? That's all i can really suggest unless you post a hijackthis log somewhere. (Not here though)
     
  3. ItalianStallion135

    ItalianStallion135 Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    1
    i think i might have a similar problem as you. every time i open IE iehomepages.com pops up and i cant figure out how 2 get rid of it.
     
  4. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    It is just an adware type site, click cancel to get rid of the popup.

    Code:
    [whois.estdomains.com]
    Registration Service Provided By: ESTDOMAINS INC
    Contact: +1.3027224217
    Website: http://www.estdomains.com
    
    Domain Name: IEHOMEPAGES.COM 
    
    Registrant:
        ----
        Philip Harrison        (ph@isecuritypage.com)
        Hverfisgotu 53
        Reykjavik
        ,101
        IS
        Tel. +354.6591565
    
    Creation Date: 13-Oct-2006  
    Expiration Date: 13-Oct-2007
    
    Domain servers in listed order:
        ns2.iehomepages.com
        ns1.iehomepages.com
    
    
    Administrative Contact:
        ----
        Philip Harrison        (ph@isecuritypage.com)
        Hverfisgotu 53
        Reykjavik
        ,101
        IS
        Tel. +354.6591565
    
    Technical Contact:
        ----
        Philip Harrison        (ph@isecuritypage.com)
        Hverfisgotu 53
        Reykjavik
        ,101
        IS
        Tel. +354.6591565
    
    Billing Contact:
        ----
        Philip Harrison        (ph@isecuritypage.com)
        Hverfisgotu 53
        Reykjavik
        ,101
        IS
        Tel. +354.6591565
    
    Status:ACTIVE
     
  5. MaKR

    MaKR Registered Member

    Joined:
    Nov 13, 2006
    Posts:
    1
    Spybot Search & Destroy has been notified and is working on a solution. Until then I have manual instructions from SS&D for removal followed by some extra information that may be useful.

    Delete Files
    ================================================
    C:\WINDOWS\Downloaded Program Files\objectCubeInstall.ocx
    C:\Program Files\TrueCodec\isaddon.dll
    C:\Program Files\Quote.com\ContinuumClient\WiseUpdt.exe
    C:\Program Files\Quote.com\QCharts\WiseUpdt.exe
    C:\Program Files\Paltalk\pnetaware.exe

    Inside SS&D
    ================================================
    Please delete the following Active X file:
    {5F05A225-0F66-43DE-89E4-6FFD589C4F01}
    Open Spybot in the advanced mode via the menu item mode, go to 'tools'->'Active X'.
    Then mark the entry and remove it.

    Please delete the following BHO:
    {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d}
    Open Spybot in the advanced mode via the menu item mode, go to 'tools'->'BHO's'.
    Then mark the entry and remove it.

    Please delete the following Startup Entries:
    C:\Program Files\Quote.com\ContinuumClient\WiseUpdt.exe
    C:\Program Files\Quote.com\QCharts\WiseUpdt.exe
    C:\Program Files\Paltalk\pnetaware.exe
    Open Spybot in the advanced mode via the menu item mode, go to 'tools'->'System Startup'
    Then mark the entries and remove them.

    Final notes from this experience
    ================================================
    C:\Program Files\Paltalk directory was useless
    C:\Program Files\Quote.com directory was useless
    C:\Program Files\TrueCodec directory was useless and very damaging
    it contained 2 specific .dll files that were damaging, not just the one listed by SS&D instructions

    Infection comes from the TrueCodec as it tells the user it is required to watch a video.
    Also this computer had been infected with VirusBurst, which was automatically removed by SS&D through a very recent update.
    I am not familiar with Paltalk, but did not find any use for it.
    I am not completely sure how interlinked this entire infection was, but after removal of everything listed above the computer worked again, hijack was gone, and nothing seemed to be missing. And watch for updates from SS&D within a short amount of time. I hope this helps.
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm

    Regards,

    Pieter
     
Loading...
Thread Status:
Not open for further replies.