If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
umfvm.dll - replaced my homepage
I cannot find this file on my computer, but the registry
keys in both LOCAL_MACHINE and CURRENT_USER have changed the Start Page, Default Start Page, Search Page and Default Search Page with this file reference (which is a search page) -- Anyone seen this? I've installed Spybot and LavaSoft's Adware 6 but neither of these two spyware/adware programs fix the problem. Thanks for your response.... |
#2
|
|||
|
|||
umfvm.dll - replaced my homepage
If neither AdAware nor SpyBot can fix this problem, even with updated
reference files then you will have to move on and try some other tools. Unfortunately it is difficult to give more specific advice since you omitted to mention the search page to which you are being redirected but instead only mention the name of the current dll (umfvm.dll) that is doing this, a name that is randomly generated by the parasite involved and doesn't give a clue as to the actual parasite you have installed on your system - telling us this might help shortcut the work involved in removing the pest. May I also suggest you download and use BHODemon http://www.definitivesolutions.com/bhodemon.htm that checks for unwanted Browser Help Objects and SpywareBlaster (http://www.wilderssecurity.net/spywareblaster.html) which can help prevent some parasites getting a grip on your PC. Then there is CWShredder (http://www.zerosrealm.com/downloads/CWShredder.zip or http://www.spywareinfo.com/~merijn/files/cwshredder.zip) which is the best way of getting rid of the many forms of the CoolWebSearch hijacker details of which can be found at http://www.spywareinfo.com/~merijn/cwschronicles.html and also http://www.pestpatrol.com/pestinfo/c/cws.asp.. Finally if you still continue to experience problems download a copy of HijackThis from (http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called hijackthis on C: and copy the file you downloaded to that folder. Close as many applications as you can including all instances of Internet Explorer and then run hijackthis.exe and post back the log to either the HijackThis Forum at http://forums.spywareinfo.com/ or alternatively http://forum.aumha.org/viewforum.php?f=30 and hopefully this will enable someone to identify the cause of your problem. See also: Dealing with Unwanted Malware, Parasites, Toolbars and Search Engines http://mvps.org/winhelp2002/unwanted.htm and also Browser Hijacking http://www.spywareinfo.com/articles/hijacked/ --? Mike Maltby MS-MVP Diane wrote: I cannot find this file on my computer, but the registry keys in both LOCAL_MACHINE and CURRENT_USER have changed the Start Page, Default Start Page, Search Page and Default Search Page with this file reference (which is a search page) -- Anyone seen this? I've installed Spybot and LavaSoft's Adware 6 but neither of these two spyware/adware programs fix the problem. Thanks for your response.... |
#3
|
|||
|
|||
umfvm.dll - replaced my homepage
Thanks for the response, Mike -
Here is the URL from the page -- this is copy/pasted from=20 the home page shown in my Internet Tools/Options dialog=20 box. The URL address line reads the same. res://umfvm.dll/index.html#37049 It does not specify a "site" really just a search page --=20 very frustrating. Since I just loaded AdAware and SpyBot=20 yesterday, I did the updates before I ran them --=20 Thanks Again -- I'll look at the other suggestions. Diane=20 -----Original Message----- If neither AdAware nor SpyBot can fix this problem, even=20 with updated=20 reference files then you will have to move on and try=20 some other tools.=20 Unfortunately it is difficult to give more specific=20 advice since you omitted=20 to mention the search page to which you are being=20 redirected but instead only=20 mention the name of the current dll (umfvm.dll) that is=20 doing this, a name=20 that is randomly generated by the parasite involved and=20 doesn't give a clue as=20 to the actual parasite you have installed on your system - telling us this=20 might help shortcut the work involved in removing the=20 pest. May I also suggest you download and use BHODemon http://www.definitivesolutions.com/bhodemon.htm that=20 checks for unwanted Browser Help Objects and SpywareBlaster (http://www.wilderssecurity.net/spywareblaster.html)=20 which can help prevent some parasites getting a grip on your PC. Then there is CWShredder (http://www.zerosrealm.com/downloads/CWShredder.zip or http://www.spywareinfo.com/~merijn/files/cwshredder.zip)=20 which is the best way of getting rid of the many forms of the CoolWebSearch=20 hijacker details of which can be found at=20 http://www.spywareinfo.com/~merijn/cwschronicles.html and also http://www.pestpatrol.com/pestinfo/c/cws.asp.. Finally if you still continue to experience problems=20 download a copy of HijackThis from=20 (http://www.spywareinfo.com/~merijn/downloads.html). =20 Create a folder called hijackthis on C: and copy the file you=20 downloaded to that folder. Close as many applications as you can including=20 all instances of Internet Explorer and then run hijackthis.exe and post=20 back the log to either the HijackThis Forum at http://forums.spywareinfo.com/ or=20 alternatively=20 http://forum.aumha.org/viewforum.php?f=3D30 and hopefully=20 this will enable=20 someone to identify the cause of your problem. See also: Dealing with Unwanted Malware, Parasites,=20 Toolbars and Search Engines http://mvps.org/winhelp2002/unwanted.htm=20 and also Browser Hijacking http://www.spywareinfo.com/articles/hijacked/ --=81 Mike Maltby MS-MVP Diane wrote: I cannot find this file on my computer, but the registry keys in both LOCAL_MACHINE and CURRENT_USER have changed the Start Page, Default Start Page, Search Page and Default Search Page with this file reference (which is a search page) -- Anyone seen this? I've installed Spybot and LavaSoft's Adware 6 but=20 neither of these two spyware/adware programs fix the problem. Thanks for your response....=20 . |
#4
|
|||
|
|||
umfvm.dll - replaced my homepage
Diane,
I'm sorry that doesn't help as you still haven't said which site this is taking you to. As I have already said the file name is generated randomly unlike the site to which you are taken. Knowing the site would perhaps help in identifying the parasite. Knowing the name of the file involved tells us nothing. :-( -- Mike Maltby MS-MVP wrote: Thanks for the response, Mike - Here is the URL from the page -- this is copy/pasted from the home page shown in my Internet Tools/Options dialog box. The URL address line reads the same. res://umfvm.dll/index.html#37049 It does not specify a "site" really just a search page -- very frustrating. Since I just loaded AdAware and SpyBot yesterday, I did the updates before I ran them -- Thanks Again -- I'll look at the other suggestions. |
#5
|
|||
|
|||
umfvm.dll - replaced my homepage
Let me say the same thing another way --
it appears to load an html file (stored somewhere on my PC?) that "looks like" a search page. I do not believe it is loading an actual web "site" page. It's odd for a random generated file name to come up the same each time -- since it is always the same one each time. To clarify, here's my process: I start IE. It comes up to res://umfvm.dll/index.html#37049. I change to my ISP home page Then go to Tools/Options/HomePage (which shows as res://umfvm.dll/index.html#37049) to "Use Current" (my ISP home page) and click Apply and OK. Then I exit IE. The next time I start IE -- it comes up to res://umfvm.dll/index.html#37049 again and that has again replaced my home page setting in the Internet Options dialog box with the same verbage -- res://umfvm.dll/index.html#37049. That doesn't really seem random ... In any case, I would certainly supply additional information if I had it to give you... or if you can tell me where to find the site reference other than in the address bar - (which reads, "res://umfvm.dll/index.html#37049"). At one point, I do believe I right clicked on the page and looked at Properties and it referenced C:\Windows\umfvm.dll -- but the file does not show up in the Windows folder. I'll keep trying to find another fix... Thanks again. -----Original Message----- Diane, I'm sorry that doesn't help as you still haven't said which site this is taking you to. As I have already said the file name is generated randomly unlike the site to which you are taken. Knowing the site would perhaps help in identifying the parasite. Knowing the name of the file involved tells us nothing. :-( -- Mike Maltby MS-MVP wrote: Thanks for the response, Mike - Here is the URL from the page -- this is copy/pasted from the home page shown in my Internet Tools/Options dialog box. The URL address line reads the same. res://umfvm.dll/index.html#37049 It does not specify a "site" really just a search page - - very frustrating. Since I just loaded AdAware and SpyBot yesterday, I did the updates before I ran them -- Thanks Again -- I'll look at the other suggestions. . |
#7
|
|||
|
|||
umfvm.dll - replaced my homepage
Diane,
This is what's infected the system : TROJ_WINSHOW.AB http://www.trendmicro.com/vinfo/viru...HOW.AB&VSect=T " This Trojan is a .DLL component that is downloaded onto a host machine by other malware files. It is capable of sending out system information and user activity. It also contains HTML scripts that attempt to open a Web browser window to display online advertisements. It may change the default start, home, and search pages of the Internet Explorer (IE). " Trendmicro claims that their virus removal tool, Sysclean, will " automatically remove this malware from your system ". Download it from here : Sysclean package http://www.trendmicro.com/download/dcs.asp Download the latest pattern file ( As of Jul 28, 2004, the latest pattern file number is 947 [1.947.00] ) from here : http://www.trendmicro.com/download/pattern.asp Create a folder on your C:\ drive named Sysclean. Move sysclean.com to the Sysclean folder. Unzip lpt947.zip to the Sysclean folder. ( There may be a more recent pattern file published prior to your downloading it. They all are in this format : lptxxx.zip. xxx is the number of the pattern file ). Now boot to Safe Mode : How to Start a Windows 98-Based Computer in Safe Mode http://support.microsoft.com/?id=180902 Enable " Show hidden files and folders " by going to Folder Options in the Control Panel, click the View tab, put a check mark next to " Show hidden files.... " , UNcheck the box next to " Hide protected operating system files (Recommended)", click Yes, click Apply, then OK. Start Sysclean by double clicking sysclean.com. UNCHECK the box next to " Automatically clean or delete detected files ". The reason I ask you to do this is that Sysclean will attempt to clean or delete files in System Restore and you DO NOT want it to do so. If there are infected files in System Restore you can flush it by disabling SR and then reenabling it AFTER cleaning the system. Sysclean will create a log file , SYSCLEAN.LOG , in the Sysclean folder. Allow Sysclean to clean or delete what it finds EXCEPT for the System Restore folder. Still in Safe Mode, empty the Temporary Internet Files folder by opening Internet Options in the Control Panel, click the Settings button on the General page, click the View Files button, click Edit, then Select All, then click File, choose Delete. Navigate to WINDOWS\Temp and delete all files and folders present there by dragging them to the Recycle Bin. EMPTY the Recycle Bin . Boot back to Normal mode. Open Internet Options, click the Programs tab, click the " Reset Web Settings " button, click Apply, then OK. Please post back with the SYSCLEAN.LOG so that we can see if you need to flush System Restore. MowGreen [MVP] =============== *-343-* FDNY Never Forgotten =============== wrote: Let me say the same thing another way -- it appears to load an html file (stored somewhere on my PC?) that "looks like" a search page. I do not believe it is loading an actual web "site" page. It's odd for a random generated file name to come up the same each time -- since it is always the same one each time. To clarify, here's my process: I start IE. It comes up to res://umfvm.dll/index.html#37049. I change to my ISP home page Then go to Tools/Options/HomePage (which shows as res://umfvm.dll/index.html#37049) to "Use Current" (my ISP home page) and click Apply and OK. Then I exit IE. The next time I start IE -- it comes up to res://umfvm.dll/index.html#37049 again and that has again replaced my home page setting in the Internet Options dialog box with the same verbage -- res://umfvm.dll/index.html#37049. That doesn't really seem random ... In any case, I would certainly supply additional information if I had it to give you... or if you can tell me where to find the site reference other than in the address bar - (which reads, "res://umfvm.dll/index.html#37049"). At one point, I do believe I right clicked on the page and looked at Properties and it referenced C:\Windows\umfvm.dll -- but the file does not show up in the Windows folder. I'll keep trying to find another fix... Thanks again. -----Original Message----- Diane, I'm sorry that doesn't help as you still haven't said which site this is taking you to. As I have already said the file name is generated randomly unlike the site to which you are taken. Knowing the site would perhaps help in identifying the parasite. Knowing the name of the file involved tells us nothing. :-( -- Mike Maltby MS-MVP wrote: Thanks for the response, Mike - Here is the URL from the page -- this is copy/pasted from the home page shown in my Internet Tools/Options dialog box. The URL address line reads the same. res://umfvm.dll/index.html#37049 It does not specify a "site" really just a search page - - very frustrating. Since I just loaded AdAware and SpyBot yesterday, I did the updates before I ran them -- Thanks Again -- I'll look at the other suggestions. . |
#8
|
|||
|
|||
umfvm.dll - replaced my homepage
Again this looks like spyware. Trying running a spyware
remover. Several free on internet. -----Original Message----- I cannot find this file on my computer, but the registry keys in both LOCAL_MACHINE and CURRENT_USER have changed the Start Page, Default Start Page, Search Page and Default Search Page with this file reference (which is a search page) -- Anyone seen this? I've installed Spybot and LavaSoft's Adware 6 but neither of these two spyware/adware programs fix the problem. Thanks for your response.... . |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Internet homepage 'Hijack' | Tiny McLellan | Internet | 2 | July 16th 04 11:25 PM |
Hijacked IE homepage | Francis M | General | 4 | July 12th 04 02:06 PM |
about:blank homepage | rj | Software & Applications | 2 | July 3rd 04 05:17 PM |
replaced motherboard diff type cant use recovery cd | bob | General | 2 | May 27th 04 10:27 PM |