Safewebnavigate hijacking internet explorer

By BottomSeeker · 22 replies
Jul 5, 2008
  1. I have been fighting with my cp for the last few hours trying to fight this apparent infestation (determined through a search of your website to be a virus). Have now lost control of several functions (i.e. taskmanager, access to C: drive through normal means, but can still get into it through other means).

    Have been running from the "topic58138" post, but do not know when and how to post the requested logs. I am currently running step 7.

    Guidance from here would be greatly appreciated.


    Here are the 3 log files

    Also, there were no results for the rootkit scan. Almost all of the original issues have ceased, with the exception of the windows formatting (themes) only allow classic view now and my Trend Micro continues to tell me my personal firewall has been disabled.
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Your logs look pretty good.

    Update your Java Runtime Environment
    • Click the following link
      Java Runtime Environment 6 Update 6
    • The 5th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_06 folder


    Run Kaspersky Online AV Scanner

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
  3. BottomSeeker

    BottomSeeker TS Rookie Topic Starter

    Scan complete

    Thanks for the help, here is the scan file from the Kaspersky online scan.
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    That one is clean as well. Are you still having any issues? everything looks ok. I am going to post instructions to clean up and secure the work you did.

    Uninstall Combofix
    * Click START then RUN
    * Now type Combofix /u in the runbox
    * Make sure there's a space between Combofix and /u
    * Then hit Enter.

    * The above procedure will:
    * Delete the following:
    * ComboFix and its associated files and folders.
    * Reset the clock settings.
    * Hide file extensions, if required.
    * Hide System/Hidden files, if required.
    * Set a new, clean Restore Point.


    OTCleanit! by Oldtimer
    • Download OTCleanIt
    • Click the CleanUp! button.
      • It will go thorugh the list and remove all of the tools it finds and then delete itself (requiring a reboot).


    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
    1. Set correct settings for files
      • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
      • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
      • If unchecked please check Hide protected operating system files (Recommended)
      • If necessary check "Display content of system folders"
      • If necessary Uncheck Hide file extensions for known file types.
      • Click OK

      clear system restore points

      • This is a good time to clear your existing system restore points and establish a new clean restore point:
        • Go to Start > All Programs > Accessories > System Tools > System Restore
        • Select Create a restore point, and Ok it.
        • Next, go to Start > Run and type in cleanmgr
        • Select the More options tab
        • Choose the option to clean up system restore and OK it.
        This will remove all restore points except the new one you just created.

    2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialize and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

      See this link for a listing of some online & their stand-alone antivirus programs:

      Virus, Spyware, and Malware Protection and Removal Resources

    4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

      For a tutorial on Firewalls and a listing of some available ones see the link below:

      Understanding and Using Firewalls

    6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.This is done in Vista through control panel -> windows updates.

    7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

      A tutorial on installing & using this product can be found here:

      Using SpywareBlaster to protect your computer from Spyware and Malware

    8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    Follow this list and your potential for being infected again will reduce dramatically.

    here are some additional utilities that will enhance your safety

    • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to which is your local computer
    • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
    • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
      Using Winpatrol to protect your computer from malicious software
  5. BottomSeeker

    BottomSeeker TS Rookie Topic Starter

    Wow, some great resources I didn't know about. Been a big fan of Trend Micro for years, and it seems to have blinded me to other resources out there.

    Thanks for the great help. Still not sure how it got through firewall and AV software, but at least it didn't happen as quick as some I have seen on the site.

    Only standing issue(s) I have, is internet is running a little slower, but is manageable; and all of the "theme" stuff for XP has disappeared. Everything is the old square windows START bar and such. If you happen to know a way to fix it.

    Again, can't express how grateful I am for the tech help. Always beats most of the tech support lines, etc found now days where they seem to read off a script.
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    You might want to try resetting your policies to default

    Download to your Desktop this self-extracting ZIP archive FixPolicies.exe

    • Double-click FixPolicies.exe
    • Click the Install button on the bottom toolbar of the box that will open.
    • The program will create a new Folder called FixPolicies
    • Double-click to Open the new Folder, and then double-click the file named Fix_Policies.cmd
    • A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warnings.
  7. BottomSeeker

    BottomSeeker TS Rookie Topic Starter

    Unfortunately, that didn't work. Narrowed down to (assumption of course) Control Panel/Display/Appearance only style available under "windows and buttons" is Windows Classic style.
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    We can try a few more things to narrow it down

    Make sure the theme service is started

    Right click on My Computer -> Manage -> double click on Services and Applications -> double click on Services -> in the right pane look for Themes -> double click on it

    make sure that the service is set to Automatic, and it says that the service is started, if it isn't click on the Start button, and see if it starts...
  9. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I am going to bed so if that doesnt work do this...

    Please go to Start > Run
    Paste in the following line:
    • regedit /e c:\registrybackup.reg
    Click OK.
    It won't appear to be doing anything, that's normal.
    Your mouse pointer may turn to an hour glass for a minute.
    Please continue when it no longer has the hour glass.

    Making a .reg file
    Open notepad and copy and paste the text in the quotebox below in it:

    [b]Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    Name the file as Fix.reg

    Change the "Save As" type to "All Files" and save it on the desktop.

    It should look like this: [​IMG]

    Double-click on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
  10. BottomSeeker

    BottomSeeker TS Rookie Topic Starter

    Maybe I am hoping too much. The "regedit" fixed part of it (view difference in control panel), but still doesn't give me the option, or ability to change the appearance of the "start" bar. Still just the classic square look for it.
  11. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    so the option is there for XP theme -> through appearance in the control panel?

    But the taskbar still looks classic?
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I think you should right click on the task bar -> select properties -> start menu tab -> make sure it isn't set to classic
  13. BottomSeeker

    BottomSeeker TS Rookie Topic Starter

    Already tried that. Also, the only option under "display properties/appearance" in the control panel is classic style.
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Right click My Computer -> Properties -> Advanced tab -> Under Performance -> Settings button -> Visual Effects tab

    Select Use Visual Styles On Windows And Buttons -> Apply -> OK
  15. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Let me know if that works, if not I have a few more things we can do
  16. BottomSeeker

    BottomSeeker TS Rookie Topic Starter

    Nope, was already marked. Is it possible the virus scans, etc, some of the files and stuff got deleted in the process?
  17. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    It is possible

    Making a .reg file
    Open notepad and copy and paste the text in the quotebox below in it:

    [b]Windows Registry Editor Version 5.00
    "Description"="Provides user experience theme management."
    Name the file as Fix.reg

    Change the "Save As" type to "All Files" and save it on the desktop.

    It should look like this: [​IMG]

    Double-click on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
  18. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    After that navigate to:


    and make sure that there is a folder named Luna - either way let me know what folders are there. If it is missing I can send you one to install and it should work as we will have completely rebuilt it
  19. BottomSeeker

    BottomSeeker TS Rookie Topic Starter

    Folder is there, but shell folder, and sub folders are empty.
  20. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

  21. BottomSeeker

    BottomSeeker TS Rookie Topic Starter

    Great, at least I have the view back. Doesn't provide the option to click on it to change it in the appearance section, but don't plan to change to classic view anyway.

    Thank you so much for all the help and patience you have had with me over the last few days. Wish I had the time to learn that much about computing.
  22. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    I am glad that worked cause I was running out of ideas. I think if you did want classic you could go to line 187 and select classic.

    So everything is normal now?
  23. BottomSeeker

    BottomSeeker TS Rookie Topic Starter

    Yes, everything is back to pre-virus state. I ran out of ideas myself two days ago, that's how I found this site.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...