My homepage keeps going to safetydefender.com

[Guest gamerz]

Has anyone seen this one? I am scared my computer is being held hostage. My homepage went from

MySpace.com to http://www.safetydefender.com/:

 

This is the message I am getting:

 

Attention! Your system is under control of remote computer with IP address 227.4.167.118. The remote computer has access to the following folders on your PC:

- \WINDOWS\System32

- \Program Files\Internet Explorer

- \My Documents

- Drive C:\ files

Click here to download official anti-spyware software

 

Your private info is collected by W32.Sinnaka.A@mm

Your IP address: ***********

 

Your Country: US, United States

 

They know you're using: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

 

Operation System: OS Windows

 

Risk status for futher investigation: VERY HIGH RISK

 

Time of investigation: Tue Apr 25 16:43:52 PDT 2006

 

I also see SpyFalcon 3.1

[Guest Ron_*]

This happenned to me as well. Microsoft Internet Explorer no longer works.

[Guest BlackSun_*]

Lemos Adamantios is your culprit. I think the owner's name is a scam. Adamantios Lemos appears to be the name of a Greek steamer sunk west of Guernsey in 1921. The owner of the steamer was Michael LEMOS (Piraeus).

 

Registration Service Provided By: ESTDOMAINS

Contact: +1.3027224217

Website: http://www.estdomains.com

 

Domain Name: SAFETYDEFENDER.COM

 

Registrant:

n/a

Lemos Adamantios (lemos@securitywarnings.net)

aktis 119, vouliagmeni

athens

,n/a

GR

Tel. +030.2108960081

 

Creation Date: 11-Mar-2006

Expiration Date: 11-Mar-2007

 

Domain servers in listed order:

ns2.safetydefender.com

ns1.safetydefender.com

 

 

Administrative Contact:

n/a

Lemos Adamantios (lemos@securitywarnings.net)

aktis 119, vouliagmeni

athens

,n/a

GR

Tel. +030.2108960081

 

Technical Contact:

n/a

Lemos Adamantios (lemos@securitywarnings.net)

aktis 119, vouliagmeni

athens

,n/a

GR

Tel. +030.2108960081

 

Billing Contact:

n/a

Lemos Adamantios (lemos@securitywarnings.net)

aktis 119, vouliagmeni

athens

,n/a

GR

Tel. +030.2108960081

 

Status:ACTIVE

[Guest gamerz]

Thanks for the tip BlackSun,

But unfortunetely that still does not help.

 

I am getting a message from Norton Antivirus that says dcomcfg.exe file is trying to change my home page.

 

I found out that dcomcfg.exe or more commonly known as DCOM is a component of Windows which allows an application to execute using the file permissions of a specified user. You will need to specify a user for the ArchiveSync components to run under in DCOM before running the scheduler as a service. You will want to select or create this account before beginning configuration of DCOM. The user account must have permissions to access the files you are planning to synchronize.

 

I now have to use firefox to see the web. Should I remove Microsoft Internet Explorer from my system?

[Guest gamerz]

Ok. I guess this will be my blog of pain. Maybe I can learn and help some other poor sucker who gets this

problem.

 

Now I am getting this message

 

Critical System Error

 

Your PC is infected by spyware. Spy ware and other unwanted software refers to programs that perform certain tasks on your computer, typically without your consent. This can include installing pop-up advertising or collecting your personal information. Anti-spyware tools can only help rid your computer of spyware.

 

Click "OK" to get software and special offers on antivirus software.

 

When I click OK a windows browser opens and I get

 

http://www.pesttrap.com/?advid=177

 

What is PestTrap?

 

PestTrap an award-winning spyware removal utility will help you fighting all kinds of spyware and adware including keyloggers, trojan horses, password thieves and on.

 

With new and unique protection module once cleaned your machine will not get infected ever again. Do not wait, try now for free! PestTrap is a new and unique heuristics-based spyware removal software. It not only cleans your PC but helps keeping it safe from future infections. With its stunning security system your computer will never ever be a victim of spyware. Try PestTrap now to find out if you are infected. It's easy and free for all!

 

Do you think they are the culprits.

 

Hopefully someone will read this message and help me out. Thanks.

[BlackSun]

Restart your computer in Safe Mode.

 

If the computer is running, shut down Windows, and then turn off the power.

 

Wait 30 seconds, and then turn the computer on.

 

Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.

 

Ensure that the Safe Mode option is selected.

 

Press Enter. The computer then begins to start in Safe Mode.

 

Login on your usual account.

 

Open your Norton AntiVirus Scan Tool

 

If you get nothing post it on the boards. I will research your problem.

[Guest Hookworms]

Uninstall via add/remove programs (located in control panel):

 

ISTsvc or ISTbar

 

Fix with HjT (click do a system scan only, checkmark these and press fix checked):

 

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [fcaCBva] C:\WINDOWS\airpixl.exe

O4 - HKLM\..\Run: [fcaCBvùõš/‚²‘ÆßfÏNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\airpixl.exe

O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ipnsade.exe

 

Delete if found:

 

C:\WINDOWS\airpixl.exe

C:\Program Files\ISTsvc

C:\WINDOWS\ipnsade.exe

 

Reboot.

 

Download SmitfraudFix © S!Ri

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip contents (folder SmitfraudFix)on your desktop:

 

Open SmitfraudFix kansio and doubleclick smitfraudfix.cmd

Choose option #1 - Search by pressing 1 and "Enter"; txt file will open.

Send contents of that txt file to this thread along with fresh HjT log.

[Guest gamerz]

Now I have a security toolbar on my browser.

 

systemsecurityupdate.com

 

I cannot believe how far these **to perform an anatomical sexual impossibility**ers will go.

[Guest Warad420]

Hi Everyone,

I had the same problem and got SmitFraudFix v2.37

 

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

 

Scan done at 19:02:43.73, Sun 04/30/2006

Run from C:\Documents and Settings\Andy Wasserman\Local Settings\Temporary Internet Files\Content.IE5\FPWUGH9Y\SmitfraudFix[1]\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600]

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\atmclk.exe Deleted

Problem while deleting C:\WINDOWS\system32\dcomcfg.exe

Problem while deleting C:\WINDOWS\system32\hp????.tmp

Problem while deleting C:\WINDOWS\system32\ld????.tmp

C:\WINDOWS\system32\ncompat.tlb Deleted

C:\WINDOWS\system32\ot.ico Deleted

C:\WINDOWS\system32\simpole.tlb Deleted

Problem while deleting C:\WINDOWS\system32\stdole3.tlb

C:\WINDOWS\system32\ts.ico Deleted

C:\WINDOWS\system32\1024\ Deleted

C:\DOCUME~1\LUKEWI~1\FAVORI~1\Antivirus Test Online.url Deleted

C:\Program Files\Security Toolbar\ Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» Reboot

 

C:\Program Files\Security Toolbar\ Deleted

C:\WINDOWS\system32\dcomcfg.exe Deleted

C:\WINDOWS\system32\hp????.tmp Deleted

C:\WINDOWS\system32\ld????.tmp Deleted

C:\WINDOWS\system32\stdole3.tlb Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

Fight Spammers

 

I am contacting http://www.estdomains.com and tell them to stop these creeps.

[Guest timinreno@aol.com]

Has anyone seen this one? I am scared my computer is being held hostage. My homepage went from

MySpace.com to http://www.safetydefender.com/:

 

This is the message I am getting:

 

Attention! Your system is under control of remote computer with IP address 227.4.167.118. The remote computer has access to the following folders on your PC:

- \WINDOWS\System32

- \Program Files\Internet Explorer

- \My Documents

- Drive C:\ files

Click here to download official anti-spyware software

 

Your private info is collected by W32.Sinnaka.A@mm

Your IP address: ***********

 

Your Country: US, United States

 

They know you're using: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

 

Operation System: OS Windows

 

Risk status for futher investigation: VERY HIGH RISK

 

Time of investigation: Tue Apr 25 16:43:52 PDT 2006

 

I also see SpyFalcon 3.1

[Guest Timinreno@aol.com]

What seems to fix the problem of getting rid of "safetydefender.com" is to go to "system restore" on xp. I went back three days before the problem and haven't had an issue since...I tried a couple of adware programs before and couldn't get rid of it. This, so far, seems to do the trick. Tim

[Guest Tracy]

What seems to fix the problem of getting rid of "safetydefender.com" is to go to "system restore" on xp. I went back three days before the problem and haven't had an issue since...I tried a couple of adware programs before and couldn't get rid of it. This, so far, seems to do the trick. Tim

 

Wow! That totally worked... except that it renamed some of my McAfee files and now that program doesn't want to enable scanning and IE has slown to a craawwwwl. It's still better than staring at that safetydefender web page. THANKS!!!