I need a little help ridding a computer of a trojan virus. Everytime they log on to the internet the homepage has been reset to a **** site and the options menu where you change the homepage has been grayed out (unchangeable). We are pretty sure she contracted this from a website (possibly kentucky.com)as she has not recieved any strange emails or used any uknown programs.
Norton antivirus is up to date and unable to find this problem. I have checked winini and the is nothing next ot run or load (the usual place where the command line for a trojan is). I have even downloaded and ran a trojan remover that is unable to find this problem. I have followed various leads of virus's that could cause this type of problem and none of them panned out to be it. The two I remember checking out was QAZ and Happy99 with no results of them being it.

Does anybody have any tips or advice on what it is or what I should do?

 

My only suggestion is to try the link below. This is from the makers of Pc-cillin.

http://housecall.antivirus.com/housecall/start_corp.asp

Sometimes this will find one that Norton won't. It's an online scan. Does take some time to load on a dial-up.

 

wish I could help ... I recently had to go to the Norton web site and use the free virus scan , then delete the 22 files it found that were infected.
you might try reinstalling a newer version of your browser.

 

What OS are you running? If win98 do ctrl/alt/del to get the close program window up and see if there are any weird processes running. Try closing anything you don't recognize and see if it lets your browser work as intended. If you ID the culprit then run msconfig from the start/run window and look in the startup tab for the same program and remove it. You may also have to remove it manually if it reinstalls itself on boot up.

If none of this works then try deinstalling the browser and reinstalling it.

 

Try downloading and running the 30 day trial version of The Cleaner.
www.moosoft.com

 

You can reset the home page in Regedit. that'll fixit

 

Thanks for the replies so far, I will have to try them out.

To answer Crewl1's question she is running Win98 on 2-3 yr old 466 mhz IBM (I know makes no difference) she has Norton antivirus but it's the old discontinued version 5.04.01a. That version is no longer made and any subscription renewal options have ended so you have to update to NA 2002.

Reinstalling her browser may work but she is already running 5.5 and I have read that the type of trojan she has is targeted at 5.5 and 6.0 versions (something about having a security hole). There is a patch from Microsoft but it will not do much good till her computer is clean. The security hole thing may not even be related to her problem but worth fixing anyways.

I also learned today that her Outlook express is acting funny too. As soon as her new emails have loaded onto the screen where you could click on one, she is totally booted off and has to dial back in. She is also recieving emails to **** sites and the like.

This now makes it more complicated as it is just not the browser now. Her main concern now is the internal corruption she may not be seeing. It's hard to track these things down (at least it is for me) as they are always hidden pretty well. I will try closing all uknown programs but I don't think it will work. Like I said I ran msconfig and went to winini and looked at run and load which is where they usually start from.

Thanks for help, keep it coming.

 

Just a thought but maybe you could download a firewall program like Zone Alarm(free) and install it.
Usually trojan programs are initiated thru hacking.

 

You may try uninstalling and then reinstalling the Norton Anti Virus program. This "may" allow you to get the current updates from their site. Then just download the file directly. Don't use the "Live Update" feature.

I've actually been able to get the program to update using both the file and the Live Update feature, but just feel more comfortable doing it with the file.

Good luck. Hopefully, the update will have a repair for your virus. At the worst, it should be able to identify it and you can find a "manual" way of ridding yourself of it.

 

Mitch I am not sure what you mean by downloading the file directly. I know you can go to the symantec website and get your virus updates but unless it's a corporate edition it will check that you have a valid subscription.

On the other hand her subscription ran out long ago but her virus updates are up to 12/19/01. How I do not know, unless they just started checking to make sure you had a subscription before giving you an update. Anyways she is going to get the newest antivirus she can find and keep it up to date this time as to prevent a relapse of any problems in the future.

I'll let you all know when I find a fix.

 

Try this link. Then just click on the file "0109i32.exe" and it should ask you if you want to open it or save it. Choose to Save it and then path your way to a location on your hard drive to save it to.

Once it's downloaded, double click on it and it should find your version of Norton. This file is good for version 4.0 and above.

norton update

You still have to uninstall and reinstall Norton first. Otherwise it will tell you don't have a current subscription. Reboot inbetween the installs too. It worked for me at least when I did it.

 

http://www.spywareinfo.com/hijacked.html

First get tauscan, it is the best trojan finder / killer.
Trojans are different than virii, so if a AV didn't detect it, it's no wonder.
Anyway if and when you check out clean, you can easily edit your home page in the registry.
Find these keys in your registry using start/run/regedit

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\
Default_Page_URL
From: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
To: http://www.whatever.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\
Start Page
From: http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
To: http://www.whatever.com