cancel
Showing results for 
Search instead for 
Did you mean: 
gmkezell
Level 7

Hijacked Browser...please help

My browser has apparently been hijacked.  I reset my Internet Explorer settings and disabled addons (advice from my last post...thanks) but, this did not work.  I ran Spybot and Smitfraudfix.  With Spybot, received "Unexpected error in fixing problems. Cannot create file "C:\windows\system32\drivers\etc\hosts" access is denied.  With Smitfraudfix, I went through the whole process of running the smitfraudfix.exe in safe mode and in the report, there were about 40 or so messages "access is denied".  Does anyone know what this means?  This is so crazy...who are these people that create these viruses which cause so much frustration for us "everyday people"??  Arghhhh.....  Thanks so much for any help!

0 Kudos
17 Replies
rakesh.p
Level 10

Re: Hijacked Browser...please help

Hi gmkezell

I suggest you to run Smitfraudfix.exe once again in Normal mode, also check for unwanted entries on host file & remove them, after removing them make sure to save the file....if an error appears stating "Access Denied" then there chances of host file might be corrupt & in that case you may have to replace the host file.

Navigating to host file - C:/windows/system32/drivers/etc/hosts - Open with notepad.

Regards,

Rakesh P

McAfee Technical Support

0 Kudos
exbrit
Level 21

Re: Hijacked Browser...please help

Moved to General Malware Assistance > Home User Assistance.

0 Kudos
gmkezell
Level 7

Re: Hijacked Browser...please help

I attached a copy of that host file you referred me to so you can see whether it looks corrupt.  They all look to be websites that my browser gets hijacked to.... I deleted everything and tried to save it but got "Cannot create the C:/windows/system32/drivers/etc/hosts.  Make sure that the path and file name are correct".  Is there another way that I should delete everything?  Thanks!!!

0 Kudos
exbrit
Level 21

Re: Hijacked Browser...please help

Is this in XP SP3 may I ask?  When you went to edit the HOSTS file, when finished, did you click on File/Save or Save as?   Plain Save usually worked for me.  I say worked because I no longer have XP installed in order to check it.

Do you have the actual Administrator account visible and available on your log in screen?   If not you can enable it.  I suggest this because this is best done by the Administrator account.

For XP only here's a quick method of enabling the hidden Admin account:  http://www.dougknox.com/xp/scripts_desc/xp_admin_ok.htm

If you do enable it don't forget to password protect it and any other of your accounts if the machine is used by more than one person.

Message was edited by: Ex_Brit on 06/01/10 10:00:40 EST AM
0 Kudos
exbrit
Level 21

Re: Hijacked Browser...please help

Another suggestion which might be a good idea in any case to double-check everything is as it should be.   Download Hijackthis and post its log on one of the following specialist forums for expert advice:

DOWNLOAD HIJACKTHIS

Do not post the log here, we can't help!

Post the logs at a specialist Forum:

AUMHA FORUM

BLEEPING COMPUTER FORUM

MAJOR GEEKS FORUM

MALWAREBYTES FORUM

MALWARE REMOVAL FORUM

SPYWAREHAMMER FORUM

SPYWARE INFO FORUM

WHAT THE TECH FORUM

Be sure to read all the sticky announcements/instructions at the top of each malware forum!

0 Kudos
gmkezell
Level 7

Re: Hijacked Browser...please help

It is Windows XP, Version 5.1, SP3 ...  I did "file Save" in the administrator account and got the same message "Cannot create the C:\windows......"  So, I'm still having the same problem.  In one of the SmitFraudFix reports, on the 2nd page it states "hosts file corrupted".

0 Kudos
exbrit
Level 21

Re: Hijacked Browser...please help

Until I can find something concrete do the Hijackthis routine as someone on one of those forums may have a solution.

0 Kudos
exbrit
Level 21

Re: Hijacked Browser...please help

Navigate to C:\WINDOWS\system32\drivers\etc\hosts and open the file with Notepad, (Right click, select Notepad and make sure that the option to "Always use this application to open this type of file" is NOT selected).

Make the changes, then goto File > Save As, ensure the "Save as file type:" is All files and not *.txt , then click Save. Accept the warning that this will overwrite the existing file.

Does that not work for you?

0 Kudos
gmkezell
Level 7

Re: Hijacked Browser...please help

I can do the save as "all files" but, it is still only saving it as a .txt document.  I clicked on one of the "hosts.201001105.213320.backup" files.  & it let me override it.  There are about 40 or so of these files with different #'s....  Does that mean anything?

0 Kudos