afternoon campers,

have a trojan virus thingy in C:\windows\system32\config\services.exe

norton antivurus picked it up but cannot do any thing because access is denied :-( have tried renaming but still no joy has anyone any ideas please!!!!

do i delete the file if so how???

Rick...

MB, more details please. What virus is it, what Operating System. There is probably a stinger that will clean it and/or you might have to start in safe mode.

Tim i think i may have sorted it,if there are problems still will get back to you!!

Many thanks...

Mega...

Got a new XP jobbie here at work - and since the bank holiday weekend, something seems to have installed itself - no matter how many times I re-set the homepage and delete the porn sites which have also plonked themselves in my favs, they all just keep coming back..

When I log into IE I get Search Everything, but in the address bar a funny square (i.e. not explorer) and C:\WINDOWS\system32\hp.uti

Checked the gateway thingy and firewall and firewall monitor are both active.

Oh 'eck

dotel, sounds likea a hijack, have you got adaware or Spybot Search and Destroy?
if so run them if not get the, both free !

not on here, Space..how did it get past the firewall then?

dotel,
firewall doesnt stop stuff being downloaded, its stops (or tries to stop)poeple and things trying to access your machine.

Symptopms are definately hijack, what page is homepage getting set to? most common hijack is coolwebsearch.

well it was supposed to be msn.co.uk, but it keeps defaulting to Search Everything - Microsoft Internet Explorer and then with that odd C windows thingy

d, can you post the actual url eg www.zzzz.com. Shoudl be fairly easy to get rid of? are you dial up? have you got any teenage male kids?

only 3 users here - and 2 of them claim innocence (I'm no 3!) address is as per post 1787 - can't say what the funny square in front of the C: bit is though, just not the explorer logo...it's really odd - it isn't a proper address is it?

The favs, however are gotosex4all.com, webanalsex.com, allcrazyporn.com, thestas.com and spyorgy.net

dotel,

OK I suspect one of them isnt being completely truthful ;-) and its probably a man ;-)

But who knows these hijacks keep trying to worm their way into PCs, however in my experience they are nearly always caused by surfing porn sites to warez etc sites (sites containg software keys etc).

Does the info in the following link look familiar?http://forums.spywareinfo.com/index.php?showtopic=3795&st=0entry16637

dotel, thanks for the links :-)

These hijacks are pretty lethal. I got one the other night just searching for something. Some web pages are loaded with them, and you don't have to be browsing for sex sites to get one. Unfortunately they are loaded into your browser as a "browser helper object" without even a warning box, so you won't know you've loaded one until the next time you start up IE. No doubt that will be fixed in a subsequent update of IE but for the moment there is no protection. Some of them even disable anti-hijack software. The only ideas I found were to disable Java and Javascript, the only problem with that being that half the pages on the Web would stop working, including AM of course.

Just went to options, space - sorry for being so thick - here's the homepage address


http://solongas.com/hp.htm?id=9

Funny you should say that, space - I know who contracted this...by doing just what K suggests - it's him indoors, he only uses my computer to search for stuff. Also, at the top of the page is a spyware removal thingy, like you say, K

dotel, the link I posted contains info about removing this hijack, its not one I have seen before so I cant vouch for the instructions but the site they are on is very good.

Does that help ??

Still can't get it up

It took ages - threw exlporer off - but now I get *this page cannot be displayed*, space

Ah success! Thanks space, will have a play

Is it a coincidence when I went to put it into favs that it's come up as SWI Forums - CWS removal-http--solongas.com ?

Sorry, dotel, I was speaking to my nephew on the phone. That link comes from a site with a lot of info about hijacks. CWS (coolwebsearch was the first major hijack and many others are derived from it).

I didnt understand 1799 and 1800 above???

Couldn't get the page up to begin with, Space