A friend of mine has a problem with Internet Explorer. He has a browser hijack object. Whenever he clicks a url, he is redirected to a certain website. He has run Spybot, Adaware, Norton's anti-virus, etc. He also ran "HijackThis"; it detected and removed a few objects, but the problem remains! I believe he has inspected startup, the registry, and other files, but he can detect no suspicious objects. I don't believe he has a restore point.

I mentioned this problem in last Wednesday's chat session, and I received the advice to run HijackThis and to investigate possible host file corruption. Neither he nor I believe the problem is with the host files (we could be wrong). At this juncture his IE is useless.

Would running IE repair help in any way, or running system file checker? Would uninstalling/reinstalling IE help? What should he do now?

Thanks,
AL

No none of that would help Al. Takes a pro to read those hijack this files and have to be certain use the newest version as well.
This is version:http://www.majorgeeks.com/download3155.html
Could be rootkit so try some of these:
http://www.f-secure.com/blacklight/cure.shtml
http://www.majorgeeks.com/Lavasoft_ARIES_Rootkit_Remover_d4912.html
http://www.sysinternals.com/Utilities/RootkitRevealer.html

A friend of mine has a problem with Internet Explorer. He has a browser hijack object. Whenever he clicks a url, he is redirected to a certain website.

Al, I've seen this symptom recently on a client's PC but it was not
a hi-jack issue. The real problem was that the DSL modem was not
connecting. When you said his IE is useless it makes me wonder
whether he can connect to internet at all. If he can get the updates
using Spybot or Adaware then disreard what I'm saying here. If Spybot
or Adaware get errors upon attempting to update, then look into the
DSL or CABLE modem as being the source of the problem.
---pete---

Al,

jv16 is the savior here. If he has identified a BHO in hijackthis, jv will give the program that intruding.

ANOTHER possibility is turning off System Restore, doing a safe mode with networking and attempting to clean out his system that way.

Al, I've seen this symptom recently on a client's PC but it was not
a hi-jack issue. The real problem was that the DSL modem was not
connecting. When you said his IE is useless it makes me wonder
whether he can connect to internet at all. If he can get the updates
using Spybot or Adaware then disreard what I'm saying here. If Spybot
or Adaware get errors upon attempting to update, then look into the
DSL or CABLE modem as being the source of the problem.
---pete---

Pete,
Al said the browser is useless because he is immediately hijacked to another site. This is a classic browser hijack and I bet rootkit because he cannot escape. I should add that ultimately Al, reformat would save time. I battled this for a week before giving in and restoring with True Image and your friend does not have that luxury.

Put ewido and HijackThis (along with the rootkit scanners Rich posted a link to) on a CD and install them on the computer. Then, restart in Safe Mode, clear all temp files and all temporary internet files (don't open IE to do this, use Disk Cleanup), scan with ewido, run HJT and post the log please.

Edit: BHO = browser helper object

Put ewido and HijackThis (along with the rootkit scanners Rich posted a link to) on a CD and install them on the computer. Then, restart in Safe Mode, clear all temp files and all temporary internet files (don't open IE to do this, use Disk Cleanup), scan with ewido, run HJT and post the log please.

Edit: BHO = browser helper object

Also get the nod32 trial version and put that on a cd. You should be able to update Nod and Ewido from safe mode with networking.

Before you do any of the above, go into add/remove and remove any suspect programs such as "toolbars" or "Websearch". No amount of cleaning is going to do much good if these types of programs are not removed first. Also remove malware loaded p2p programs like Kazaa. Then run Ewido, Nod, and I'd also run Ad-Aware. After that, post the HijackThis log.