Further, re-ran system look, and it's back...
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Further, re-ran system look, and it's back...
:regfind yaimoI want to see what shows.
Hi Joe
Here you go...
Hi again Joe,
Didn't work. I've done the process a couple of times, ensured I was running as administrator, and the sucker keeps coming back.
Just for giggles, I used the F12 developer options, and used the Dom explorer to look at the search page. It looks like it's being loaded through java from the IE search engine.
I couldn't find a way to save the page source to show you though.
Jim
Hi Joe,
I've done all the above, but no go. I ran into one snag, if I remove Java, then the control panel for java no longer exists, and you can't clear the cache. I did all the rest.
Upon reboot, I did a system look, and no yaimo files were found. I opened IE, and the search page was there. A system look then finds the yaimo files again.
I cleaned up the yaimo files, reset explorer. I then installed the latest Java, used the java control panel to remove all cache files, and turned off java keeping files in a temp folder. I then uninstalled java, reset explorer again. A systemlook found no yaimo files.
Rebooted, did a system look. No files. Started IE, page is back. New system look, files are back.
--------------------
Edited by Jim Dearden, 28 May 2014 - 08:46 AM.
Hi Joe,
Found it!
I did some Google searches and found a hint on a spanish website.
What ever malware did this, it changed the IE shortcut to read:
"C:\Program Files\Internet Explorer\iexplore.exe" http://www(dot)yaimo(dot)com
So that's what was overriding the homepage. I fixed the shortcut, and no more redirect. This has survived a few reboots, and runs of IE. Systemlook didn't find anything, either.
In the interests of research, I visited the Yaimo page manually. Sure enough, the entries in the IE temp files showed up! So the redirect was making the entries happen on visit. Interestingly, I still don't have Java installed.
I cleaned up the entries again, did the reboot/run tests again, and it's still fine.
So I think that's the last of it! I guess it's on to whatever final checks and cleanup that you want me to do, and then I can quit bothering you! :-)
Jim
Edited by Jim Dearden, 29 May 2014 - 05:39 AM.
Do you have that link for the website, I kept getting dead ends an no real hints.I did some Google searches and found a hint on a spanish website.
Jim,
Do you have that link for the website, I kept getting dead ends an no real hints.I did some Google searches and found a hint on a spanish website.
There was no bother, this was a great experience working with you. I would not have located the issue without you, so now I can add to my toolbox.
http://www.bleepingc...ortcut-cleaner/
Just for interest above link is a tool we sometimes use, called short cut cleaner.
I'll give you some instructions a bit later so we can remove the tools we used, an close the thread.
Thanks
Joe
Hi Joe, it was a great learning experience for me as well. I'm thinking of registering for training once the ticket is closed. It would be great to do this on my own, as well as help others on the site.
here is the Spanish page, through Google translate:
http://translate.goo...tXQ#post2215228
long one, hope it works!
Do you thing it would be worth running the shortcut cleaner as well?
Jim
Edited by Jim Dearden, 29 May 2014 - 06:53 PM.
Hi Joe,
all the cleanups are done, everything is still working fine. I'm going to take the safe practices link above, and print it up for the lady who owns the computer. Hopefully that will keep it clean for a while...
Thanks for all the help!
Jim
Great!
She needs to read that. Watch what she downloads and where from. I'll leave the thread open for a while just in case.
Jim Great working with you.
Joe
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.