Unsolved
This post is more than 5 years old
1 Message
0
2498
IE homepage hijacked by http://www.geocities.com/PEROCAIRO/
My work PC is running IE 6 on Windows XP 2002 (SP3).
Yesterday my IE homepage was hijacked by a Geocities URL. Whenever I try to reset it to default it just goes back to the Geocities page.
I've run malware/spyware scans through updated versions of Windows Defender, McAfee VirusScan Enterprise Workstation 8.5 and HiJackThis. None of these programs have been able to detect what is causing the homepage to be locked.
Furthermore, my MS Outlook and server access has been compromised. I'm unable to access work emails.
Any ideas?
befa
1 Message
0
November 1st, 2010 03:00
Description
IE homepage hijacked by http://www.geocities.com/PEROCAIRO
Default home page was changed to "www.geocities.com/perocairo".
If the user switches back to its own startpage the virus changed back again.
Solution
Follow the method for manual removal:
1- Terminate the process "WScript.exe" into Windows Task Manager
2- into the registry editor, search the "VirusRemoval_Pero.vbs"
Remove all seek out the most important, in addition att
HKEY_Local_Michine \ Software \ winnt \ CurrentVersion \ Winlogon \ userinit
3- Change HKEY_Local_Michine \ Software \ winnt \ CurrentVersion \ Winlogon \ userinit
Key, remove C: \ WINNT \ System32 \ WScript.exe C: \ WINNT \ System32 \ VirusRemoval_PERO.vbs.
Keep just the normalaC: \ WINNT \ System32 \ Userinit.exe.
4- Change the code HKEY_Current_User \ Software \ Microsoft \ Internet Explorer \ Main Next
Home back to your startpage e.i. http://www.microsoft.com
5- Restart the computer
Additional information
WScript.exe is based on the Windows Scripting Host, let the script directly in Windows to run.
WSH (Windows Script Host) support the use of Microsoft Visual Basic Scripting Edition (VBScript) or JavaScript written scripts.
When you start a script, the script host reads and sends the specified file content scripts to the registered script engine.
But it also offers activities to the script platform virus, run virus can not utanWSH.
Reference documents:http://support.microsoft.com/kb/232211/zh-cn