Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't remove index.php as default page

Status
Not open for further replies.
MALFIE

MALFIE

Technical User
Apr 3, 2003
113
AU
This system runs M.E. and had several THOUSAND infected files by Netsky..

All have been removed (as far as I can tell) and internet operations are almost back to normal, including virus updating. However, I still get the defauly home page as
213.159.117.134/index.php
no matter what I do..
I've run the latest CWS, spybot & Adaware (with updates) and have gone thryu the registry and Modified out all instances of the string. I've searche thru msconfig and a HDD search but can't find what continues to trigger this pest.

Any suggestions, please??


"We do not stop playing because we are old, more likely we grow old because we stop playing...
 
Sort by date Sort by votes
Hi Malfie,

Try HijackThis. I had a similar problem before and now its gone completely. Nice to see the "about:blank" after a long time.

Ron
 
Upvote 0 Downvote
That was entertaining. I clicked on that to check it out and got 2 trendmicro hits for a dialer which I had to explain to the company owner about 5 minutes later. I'm pretty confident that's coolwebsearch.

I looked at some other logs this morning-it looked like some were getting fixed with hijackthis and some weren't.
You can look at thread760-891764 to get an idea of what a log might look like-although I've discovered in the last couple of days this one was not fixed properly.

My suggestion would be to run a hijackthis log, research the items and then boot to safe mode, run hjt and fix the problems and then run adaware. If that doesn't do it, you're probably into looking for hidden cws dll files. If you need to do that post back.

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
Yes..turn off Restore before I found all the netsky germs..

All very interesting, though..particularly if you work on a several new cases over a week...'

I was not aware that hijack ( hadn't even known the term was in use.. but in looking around I came across a nifty little {FREE.. sort of..) proggie, that while a bit flashy (if you like comics you'll love this..) called GEEK SUPERHERO..
There are a few like it about but this one is nifty, especially for the owner of the PC I've been talking about.
If ANYTHING is being changed or installed in IE Outlook or elsewhere (it seems), this character pops up and asks you do you really want this change to happen, if not it undoes it.. the change.. but it also will remember the choice if it should occur again for some reason..
Ok, it may not clean up the villians but it surely puts a curse on 'em, and not the owners peace of mind.

Anyway, for what its worth..

Mal


"We do not stop playing because we are old, more likely we grow old because we stop playing...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
Police: Do as we say and not as we do! 1
Replies
4
Views
134
goombawaho
goombawaho
CCX008
  • Locked
  • Question
Barowwsoe2save , how can I remove this stubborn virus !! 3
Replies
10
Views
260
goombawaho
goombawaho
javierdlm001
  • Locked
  • Question
"Win32.Downloader.gen" found as Malware by Spybot
Replies
3
Views
178
2ffat
2ffat
lvis001
  • Locked
  • Question
Cannot remove "pup.bprotector" 1
Replies
6
Views
184
goombawaho
goombawaho
MrMode
  • Locked
  • Question
Can anyone tell me what to remove with hijack this?
Replies
2
Views
136
MrMode
MrMode

Part and Inventory Search

Sponsor

Back
Top