1

Hey guys,

Anyone ever run into a Trojan that jacks your homepage and redirects it to everythingy.com? It appears it is messing with Windows Explorer too.

I tried the usual removal tools (Malwarebytes, etc) but this stupid thing keeps coming back.

Anyone have success removing this pest?

5 Spice ups
2

try This.

http://support.kaspersky.com/faq/?qid=208283363

3

A few things:

  1. Look at the hosts file in C:\windows\system32\drivers\etc & make sure there are no entries

  2. Check internet explorer to make sure there isn’t a proxy address listed

  3. Run ComboFix in Safe Mode, then let it reboot & run in normal mode

  4. Run Malwarebytes again

If that doesn’t fix it, then run HitMan Pro, it seems to catch what ComboFix doesn’t (and vice versa, which is why I start with ComboFix)

4

WOOPS just posted the exact same thing he said!

Boot into safemode with networking (tap F8 on startup)

Check internet options under control panel, go to the connections tab, then LAN settings and make sure the proxy box is not checked.

Go here http://www.bleepingcomputer.com/download/anti-virus/combofix and download combofix.

Run combofix (it takes a bit and might restart)

after it removes your hijack trojan i’d go over to

http://malwarebytes.org and download the free version. Update and run a quick scan just to be safe.

Cheers

5

you might also want to try VIPRErescue in safe mode that has worked for me on strange occurrence’s like this before

6

I like NOD32. It usually cleans up everything that’s left after manually removing files and fixing the registry damage from the trojan.

7

I ran into this just yesterday on a users’ laptop. ESET didn’t discover nor did SAS. Combofix did remove some items, although I don’t know if they were related. Ultimately I had to remove entries out of the infected machine’s registry. If you need details I have saved a .rar file with all the “bad” registry entries I had to remove.

8

Some viruses hijack IE and setup a proxy connection. Check there if you have not already. Just a added comment.

9

Yeah, in my case there wasn’t a proxy entry. There were however plenty of entries in the registry for IE related settings – stuff which isn’t commonly visible… like declaring a secondary default url which launched a php script. Searching for “everythingy” in the registry helped a ton. Stuff was seriously buried!