So last night somehow I managed to get a few trojans on my computer....how? I have no idea. I have tried everything to get rid of them, Norton reconizes them but cant delete them. One of them shows up on adaware, but adaware cant delete it. Everytime i try starting up IE i get this weird *** webpage as my default homepage. I click internet settings to change it and it says the default homepage is about:blank, which it is not. So i change it to my default, google.com. Well what do you know! 2 minutes later its back to that say about:blank as my default:homepage. Not only has this happened, but somehow my AIM has gotten total screwed up. I reinstalled it, and still everytime I try to IM someone it crashes. I am about to THROW MY COMPUTER OFF MY BALCONY :shooting: :cuss: :cuss: :cuss:


I tried system retstore, of course it doesnt work........does it ever?

Ok I read your first sentence and i believe i''ve solved your problem. Next time get out of the bed and make sure ur Trojans land in the trashcan and not on ur computer..

:rofl:

"I'm just getting..really..T'O'ed that she hasnt sent me a full body shot yet"

delete all your temp internet files. and clear all that good stuff.

Did it

Run Norton/Adaware from safe mode?

Normally thats your best bet cause if they install themselves into something that makes them active upon startup you cant delete active files.

BOot into safe mode and try again.

OK, I am going to try safe mode. I dont know why I didnt think of that in the first place

What did Norton say which trojan it was? Search for a program called HijackThis, download it and run it. Send me what it found.

Read this http://www.io.com/~cwagner/spyware/
Run Hijack this and cws shredder
hijackthis can be found here http://www.spywareinfo.com/~merijn/downloads.html
and CWS shredder here http://www.intermute.com/spysubtract/cwshredder_download.html
and try a different browser like firefox
www.getfirefox.com
or Mozilla
http://www.mozilla.org/products/mozilla1.x/
and download mcafee stinger http://vil.nai.com/vil/stinger/


good luck
ahhh pbzmag you beat me to it.... :hail:

Your homepage has been hijacked....

First,

Visit http://www.adwareaway.com/ and download Adaware Away.... There should be a trial version....

This program will remove it...

Good luck,
David

About:blank is a nasty bit of spyware that has it's way with your internet explorer homepage. I have a pretty lengthy instruction as to how to remove it I could try to dig up for you... but I could do you an even bigger favor and say to scrap IE, and go to www.mozilla.com and download firefox.

i too have that annoying about:blank thing on my other computer. my dad has all kinds of anti spyware and anti-whoknowswhat on it, and we cant get it to go away either.
the computer used to be fast, but now its really slow from everything on it to get rid of it.
and, for some reason, when i try to go to ebay, it hijacks the webpage and lots of annoying spyware pop ups pop up.

I find that the microsoft beta spyware thing is AWESOME

http://www.microsoft.com/athome/security/spyware/software/default.mspx

Stop downloading porn.

Its not from porn. Bytethis and admincash trojans.

Dont Use Ie!

if you know the name of the trojan go to google and do a search on it.

they will have a step by step way to delete it.

and as SpecialBlend2786 said MS's spyware program is pretty sweet so far

hit ctrl-alt-delete and check for any suspicious processes running under your login name. kill those then run norton/adaware again and see if they'll remove it then. this should work pretty good unless the trojans are injecting themselves into another process such as IE or even worse a system process.

good luck..

Ok I read your first sentence and i believe i''ve solved your problem. Next time get out of the bed and make sure ur Trojans land in the trashcan and not on ur computer..
:spit_take :cheers: :hail:

the EXACT same thing happened to me...I just bought a new computer (literaly)

ok, relax. you have a stubborn version of the about:blank homepage hijack. you can beat this if you are willing to put in some effort and time. you will need:
adaware se
spybot search and destroy
mcafee stinger
hijack this
cwshredder
ccleaner
and a few others. they can all be found here: http://forums.majorgeeks.com/showthread.php?t=35407

go here and read the first 5 stickies: http://forums.techguy.org/forumdisplay.php?f=54

this will explain it all. very important to disable system restore and work in safe mode.

or you can ship me the computer and i will clean it for 200$

Found some info on the Admincash trojan on trendmicro.com website:

Solution:


Identifying the Malware Program

To remove this malware, first identify the malware program.

1. Scan your system with your Trend Micro antivirus product.
2. NOTE all files detected as TROJ_BUBE.A.

Trend Micro customers need to download the latest pattern file before scanning their system. Other users can use Housecall, Trend Micro’s online virus scanner.

Terminating the Malware Program

This procedure terminates the running malware process. You will need the name(s) of the file(s) detected earlier.

1. Open Windows Task Manager.

» On Windows 95, 98, and ME, press
CTRL+ALT+DELETE
» On Windows NT, 2000, and XP, press
2. CTRL+SHIFT+ESC, then click the Processes tab. In the list of running programs*, locate the malware file(s) detected earlier.
3. Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
4. Do the same for all detected malware files in the list of running processes.
5. To check if the malware process has been terminated, close Task Manager, and then open it again.
6. Close Task Manager.

*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.

Removing Other Registry Entries

1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
2. In the left panel, locate the following registry entries:

* HKEY_CURRENT_USER>Software>Microsoft>Security Center
FirewallDisableNotify = “dword:00000001”
* HKEY_CURRENT_USER>Software>Microsoft>Security Center
UpdatesDisableNotify = “dword:00000001”
* HKEY_CURRENT_USER>Software>Microsoft>Security Center
AntiVirusDisableNotify = “dword:00000001”
* HKEY_CURRENT_USER>Software>Policies>Microsoft>
Windows>WindowsUpdate>AU
NoAutoUpdate = “dword:00000001”
* HKEY_CURRENT_USER>Software>Policies>Microsoft>
Windows>WindowsUpdate>AU
AUOptions = “dword:00000001”
* HKEY_CURRENT_USER>Software>Policies>Microsoft>
WindowsFirewall>StandardProfile
EnableFirewall = “dword:00000001”
* HKEY_CURRENT_USER>Software>Policies>Microsoft>
WindowsFirewall>DomainProfile
EnableFirewall = “dword:00000001”
* HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Security Center
FirewallDisableNotify = “dword:00000001”
* HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Security Center
UpdatesDisableNotify = “dword:00000001”
* HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Security Center
AntiVirusDisableNotify = “dword:00000001”
* HKEY_LOCAL_MACHINE>SOFTWARE>Policies>Microsoft>
WindowsFirewall>DomainProfile
EnableFirewall = “dword:00000001”
* HKEY_LOCAL_MACHINE>SOFTWARE>Policies>Microsoft>
WindowsFirewall>StandardProfile
EnableFirewall = “dword:00000001”
* HKEY_LOCAL_MACHINE>SOFTWARE>Policies>Microsoft>Windows>
WindowsUpdate>AU
NoAutoUpdate = “dword:00000001”
* HKEY_LOCAL_MACHINE>SOFTWARE>Policies>Microsoft>Windows>
WindowsUpdate>AU
AUOptions = “dword:00000001”
3. In the right panel, locate and modify the registry entry values to the default:
“dword:00000000”
4. Close Registry Editor.

NOTE: If you were not able to terminate the malware process as described in the previous procedure, restart your system.

Additional Windows ME/XP Cleaning Instructions

Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.

Users running other Windows versions can proceed with the succeeding procedure sets.

Running Trend Micro Antivirus

Scan your system with Trend Micro antivirus and delete all files detected as TROJ_BUBE.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s online virus scanner.

Did you get it figured out yet?
:confused: :wow: