Windows Legacy OS forum

General discussion

My new browser windows goto a website when I close window!

by htmlguy / October 15, 2007 3:36 PM PDT

Hi, I have XP.

When I work on my new website project I close windows (pages) and
they go to www.asafteyprocudure.com. If I'm offline it just tries to connect. I don't want their stuff! How do I get rid of it?

Also a shield icon (blue with ?mark changes to red with a X) in my tray. Can't right click on it. It puts up balloons that say I have been infected... click this balloon to resolve this issue...

I click the x to close but they pop right back up, now every few seconds. Very annoying! It goes to the same site. Sometimes very large ads pop up for it.

I had a yellow icon, a triangle with a ! on it. A alert window said (as windows closing) icthis.exe cannot initialize... I searched for it. Found it (with the icon) in program files. Could not delete it but I changed the name. HA! I dont see it and it's balloons anymore.

Now I need to dump the shield and pages going to their site.
My Norton pays no attention to it!

Thanks for any help!!
HTMLguy

Discussion is locked
You are posting a reply to: My new browser windows goto a website when I close window!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: My new browser windows goto a website when I close window!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
That web site...
by MarkFlax Forum moderator / October 15, 2007 8:53 PM PDT

www.asafteyprocudure.com doesn't work for me. Please check the site address.

Tell us more about Norton's and this computer. What Norton product do you have, eg is it just Norton's Anti-virus or is it Norton's Security which includes a firewall and anti-virus? Is it a trial that came pre-installed with the computer or did you purchase it? Are its virus definitions kept up to date?

What do you use for anti-spyware? Remember, viruses and spyware are not the same.

That icthis.exe looks like a trojan or virus, eg Trojan.Media-Codec/V4. If it is found in C:\Program files\Online video Add-on\icthis.exe then it probably is.

What I would do;

1] Turn off System Restore where viruses and spyware can hide, then
2] Goto http://housecall.trendmicro.com and run an online anti-virus scan. Delete everything the scan finds, and
3] Goto http://www.ewido.net and run the online anti-spyware scan. Again, delete everything the scan finds.

How to turn off System Restore: Right click your My Computer icon and select Properties. Click the System Restore tab and select the option to disable System Restore.

Remember to turn System Restore back on after the scans, but only if your computer is clean.

I suspect the browser issue of redirecting to that web site is also associated with this.

Mark

Collapse -
Thanks Mark!
by htmlguy / October 16, 2007 4:08 AM PDT
In reply to: That web site...

Mark,

I'm with Juno. They provided me with Norton Internet Security Online.

It shows antivirus and personal firewall.

I'll do the restore/scan project tonight. I will report the results.

Thanks again!
HTMLguy

Collapse -
Did as instructed...
by htmlguy / October 17, 2007 11:44 AM PDT
In reply to: Thanks Mark!

Mark,

I followed the instructions. 71 infections were found. All cleaned up. After, I ran Norton scan, 0 found. The shield icon with the constant balloons every 2 seconds saying that several spyware, etc. were in my system & to click this balloon to download anti-spyware.. had dissapeared! What a relief!!

However, I found that my web pages I'm working on off line would still try to connect when I hit the X to close. When I went online they did connect! I could hit my menu on top of the pages and switch pages (Home to Policy to Join, etc.) and it did not try to connect, ONLY when closing the page.

When I close (X) on line the window now goes to Blank.

SO! This means, I think, that my browser window is infected! My main Juno Explorer is fine. It is the secondary browser/web pages that has the X=connect-to-bad-guys-site problem.

There is a second address line below the usual. That is where the bad addy shows up! The main addy field stays the same.

So how do I clean them up?? Or eliminate the second addy line?

BTW, I misspelled procedure, so the creeps URL is www.asafteyprocedure.com.

One more thing, Juno provided Norton but later on I got expired alerts. I (clicked) went to re-sign up but it said I already had the product. After several tries I contacted Juno. The gave me a link to get Norton Internet Security Online. So that is why I was.... "not wearing protection" when the bad guy struck. Happy

Thanks again for your help!

HTMLguy

Collapse -
Misspelled... again
by htmlguy / October 17, 2007 11:56 AM PDT
In reply to: Did as instructed...

It's...
www.asafetyprocedure.com

Collapse -
2 Other Free Programs You Can Download....
by tobeach / October 17, 2007 3:57 PM PDT
In reply to: Misspelled... again

& try removing with:

Latest Spybot version (beta but works better than regular).
Download, Install, (use defaults except check box for start up in advanced mode), Update (suggest safer-networking#2 for updating) Immunize & run program. Let FIX all found). You will have several options once installed (TOOLS)including setting Home & Search pages & locking them down. Ability to check & stop/disable start-up programs, Browser Helper Objects (!!) etc.
If you can, run scans from safe mode to prevent baddies from being
running at start-up thereby harder to remove. Has option to "remove on next boot up" also.

http://www.safer-networking.org/file...15he-beta1.exe

Forums: http://forums.spybot.info/


& Try Rogue Remover (currently gets about 400 rogue programs). Free trial of Pro (pay version) or on same page regular FREE version:

http://www.malwarebytes.org/rogueremover.php

One more can't hurt suggestion: Scan for a rootkit with FREE scanners:

AVG Ant-rootkit: http://free.grisoft.com/doc/5390/us/frt/0

F-Secures Blacklight Rootkit Scanner: http://www.f-secure.com/blacklight/


Hope these get it for you!! Happy

Collapse -
I agree with Tobeach
by MarkFlax Forum moderator / October 17, 2007 5:51 PM PDT

Spybot Search & Destroy will help you get rid of that Internet Explorer window opening. All I would say about Spybot is it is not easy to see which "Mode" you are in. You need to select the "Mode" menu option along the top then select "Advanced". That displays a list of options down the left hand side which you can click on and explorer.

Like I said before, there are viruses and there is spyware. Your Norton's product will help find and protect against viruses but not against spyware.

I've never tried "Rogue Remover", but if Tobeach says it is ok then that's fine by me.

You need at least one anti-spyware program, and unlike anti-virus where more than one is not really recommended, more than one anti-spyware is recommended. One of them should run in the background and use the others as double check scanners on occasion. No single anti-spyware will find all spyware.

Back to your Norton's product: I'm not clear if it is updating its anti-virus definitions regularly. New viruses appear everyday and so Norton should be updating daily, or every two or three days. Perhaps you could check that.

I see that you have Internet Explorer and an explorer called Juno Explorer. I suspect this is an Internet Explorer, (IE), clone with Juno's own name inserted. That's fine if you are happy with that. You mention Juno Explorer's Home Page, but what Home Page does IE try to connect to when IE is opened? I suspect it is that web site, www .asafetyprocedure. com you gave us. I went there and immediately got a popup telling me my computer was infected and trying to get me to download various programs. That web site is nasty, (that's why I have split the name here so it is harder to copy/paste).

If IE's Home Page is that one, then Spybot should be able to help you change that. I would change IE's Home Page to something safe, like www.google.com or Juno's home page, then run Spybot with IE open but minimised, and have it lock the Home Page.

If you still get this IE opening again with that web site then I would look up on Google BHO short for Browser Help Objects and also look up BHOdemon to remove all the BHO's from IE.

Let u know how you get on.

Mark

Collapse -
Homepage
by htmlguy / October 18, 2007 4:14 AM PDT
In reply to: I agree with Tobeach

"If IE's Home Page is that one, then Spybot should be able to help you change that. I would change IE's Home Page to something safe, like www.google.com or Juno's home page, then run Spybot with IE open but minimised, and have it lock the Home Page."

No Mark, Juno homepage comes up just like normal. Only the web pages I'm working on. I wonder if there are a subsitute web page/browser I can use?

BTW, I have been with Juno since the Juno Free Email days b4 they were a ISP around 1998.

I'll try the new ideas tonite!

HTMLguy

Collapse -
Oh! and.....
by htmlguy / October 18, 2007 4:27 AM PDT
In reply to: Homepage

I clicked everything I could on the webpage/browser trying to change the destination to blank, etc. nothing worked. No such option, also no option to get rid of the second addy field. I don't remember browsers like this in the past!?

The creeps are infecting computers then directing you back to them like a hero when it is THEY that you want to get rid of. Kind of like the fox breaking in the coop and eating all the chickens then, in discuise, going to the farmer with a remedy for break-ins. The fox scores twice!

Tip to farmers: Look for feathers around the mouth!

HTMLguy

Collapse -
A safer browser, Mozilla Firefox
by MarkFlax Forum moderator / October 18, 2007 5:04 AM PDT
In reply to: Oh! and.....

If you are serious about changing browsers then go for Mozilla's Firefox at http://www.mozilla.com/en-US/

At the same time I would change your email software from Outlook Express or Outlook, if you use either, to the Firefox companion email software Thunderbird. I use them all the time and Firefox is the leading contender behind IE now. It is also safer to use because virus and spyware writers choose IE to write the malware for to distribute with "fly-by" visits to web sites.

I'm not sure I understand where you said you clicked everything you could on the web page/browser to change the destination to blank. Clicking links in web pages would not change them to blank links. Or do you mean IE's Tools > Internet Options, General tab then Home Page?

If that is what you mean, then are you saying that this nasty web site is displayed in that box in the Home Page section? If so, use Spybot to modify the pages listed there.

1] Open Spybot and make sure you have selected Mode > Advanced.

2] Click Tools on the left hand side.

3] Select the following, (this lists the selected items as options underneath the Tools menu on the left);
a) Resident
b) ActiveX
c) BHO's
d) Browser Pages
e) IE Tweaks
f) Hosts file
{You can select others to explore as you wish.}

4] Now select "Browser pages" on the left. You will see all the web pages that your IE browser has registered as Search or Start pages.

5] Look for any offending pages in the list. Highlight one at a time and click the "Change" button at the top.

6] In the new window change the address of this page. If you have a pull down arrow, select any safe option listed, eg about:blank

7] Click OK. Repeat for all unsafe web pages listed.

Cool In the options list on the left, select "IE Tweaks". Select the options to Lock Hosts file and Lock the IE start page.

Then I would turn off System Restore again, run Spybot again and see if anything else is found. Don't forget to turn System Restore back on and create a new Restore point.

If none of this is what you mean, then perhaps you could supply a screen print of what you can see and post it into an online image site like ImageShack and post the url web page address here.

Good luck.

Mark

Collapse -
I can't change browser... not the same thing...
by htmlguy / October 18, 2007 3:59 PM PDT

Hi Mark,

Well, one time I DL a new IE and it messed up Juno mail, etc. and had to get help from Juno support. They have their own version of IE and you can't modify it. Duh! I should have asked first.

"I'm not sure I understand where you said you clicked everything you could on the web page/browser to change the destination to blank. Clicking links in web pages would not change them to blank links. Or do you mean IE's Tools > Internet Options, General tab then Home Page?"

Yes, TOOLS. I know about blank, I did it b4. BUT, this is not the same. I'm talking about saving a txt file as anewwebpage.html which has the problem and there are no options, etc. (Tools yes but not for my problem) I even went to an old folder and opened and closed old web pages and the same thing happened. I figured it would... trying anything.

BTW, I love IE but I do not like Outlook, I like Juno's email program.
I don't like Netscape at all! Had it, hate it. I don't like Macs either.


"Don't forget to turn System Restore back on and create a new Restore point."

I have to ask, what is "create a new Restore point"? I did not know about that but everything seems ok... aside from the problem.

Thanks for all the browser info. I can't change it but readers of this forum may make use of it. Nothing goes to waste here, someone can benefit.

My new keyboard, emachines, has no PRINT button, I had it in the past.
How else can I do that? I have a site to post a image.

I am making signs now. I'll do the things mentioned later 2nite maybe.

HTMLguy
www.statestreetmarketing.com

Collapse -
Mozilla Firefox is not a safer browser.
by Me, Myself and You / October 18, 2007 9:26 PM PDT

Please tell me how Firfefox is safe, if the browser gets breached. Once the browser is breached, it is out of the question. A secured IE (zones configured to only allow content you decide to let it, and no more) continues to work after the browser gets breached, because that security henceforth covers the whole operating system.

That said, a properly secured IE will not get breached, unless someone silly adds a bad site to the trusted list.

The only manner in which Firefox has an inkling of security is the fact that it has nowhere near as large a user base as Internet Explorer. As soon as Firefox feats. Zones, and more system wide security, then we'll talk.

Collapse -
Then we'll talk?
by MarkFlax Forum moderator / October 19, 2007 2:29 AM PDT

Thanks for that offer. Sadly I decline.

Mark

Collapse -
You are obvously grossly misinformed.
by Me, Myself and You / October 19, 2007 4:07 AM PDT
In reply to: Then we'll talk?

Hide behind your firewalls, AVs, ***, and third party browsers that are "secure", while I browse with none of those, at more speed and at less risk of attack. Does it never occur to people that there is a reason why corporate solutions never use Firefox? (Or if they do, they are insane, because it is in no way related to system and network policies, thusly allowing users to go wild - just one of its security woes)

I and many others appreciate your input here, and I certainly appreciate your moderation, but offering false advice about "secure browsers" is moot, and misleading.

Collapse -
Auto-redirecting to Asafteyprocedure.com
by Slaave / October 19, 2007 12:04 PM PDT

To stop your browser from auto-redirecting to asafteyprocedure.com (just fixed this myself decided to share) do a google search for the program BHODemon run that and remove the BHO "isfmdl.dll"

Simple 4 step fix.
1) Download BHODemon
2) Install BHODemon
3) Run BHODemon
4) Click the checkmark next to "isfmdl.dll"

and You're done.

Collapse -
BHODemon
by htmlguy / October 22, 2007 12:46 PM PDT

"BHODemon run that and remove the BHO "isfmdl.dll"

I did and I did remove (disable) isfmdl.dll but I still have the problem.

:-/

HTMLguy

Collapse -
Next steps.
by MarkFlax Forum moderator / October 22, 2007 8:36 PM PDT
In reply to: BHODemon

I'm sure this is a malware infection of some sort, but with BHODemon try deleting all BHO's. Don't worry if some {genuine} site needs them, the site will always download or ask you for permission to download them again.

If that doesn't work then I feel you need more expert advice from our malware experts in the Spyware, Virus and Security forum here;
http://forums.cnet.com/5204-6132_102-0.html?forumID=32&tag=dir.forum

Visit them and describe the situation again.

Good luck.

Mark

Collapse -
asafetyprocedure.com is affiliate
by htmlguy / October 23, 2007 2:51 PM PDT
In reply to: Next steps.

Mark,

I looked at asafetyprocedure.com source code. They are affiliates for several websites.

Affiliate info follows the urls like this.

.com/?aff=561

That is ALL they do.

There is NO identifying info at the top of their code as to who they are. SUPRISE, SUPRISE! Yeah, right.

Anyway, I posted my redirect problem at the Spyware, Virus and Security forum.

Thanks,
HTMLguy

Collapse -
I Suspect That Juno Browser's Source Problem...
by tobeach / October 18, 2007 3:39 PM PDT

is entering through.
I have never used Juno so am speculating but I suspect they started out as one of those cheap internet deals in exchange for letting them keep their tracking spyware on board rather like "3web".
Perhaps they made so much off that deal that they're now claiming ISP status and still forcing you to their search engine with easy access to your machine for downloading whatever is paying them to do so.

I put Juno Browser into Bleeping Computers search engine & almost every posting was in the Hijack This Log help forums. Clearly listed as a BHO!

If this is the deal then spending a few dollars more for a real ISP is what's indicated. Unfortunately many "real ISPs" are behaving like this also and selling their customers into bondage w/ 3rd parties.

Example: My Rogers Cable sold us "en mass" to Yahoo! Including our E-Mail routing. I had carefully arranged a straight out cable connection without using their convenient start up CD thereby avoiding Yahoo! and all it's extras. Got me behind my back anyway for the mail at least.Luckily my Browsing is not routed thru them.
The sad part is they'll take ads from anyone who pays it seems (Winfixer anyone?) and even put LIVE Links attached to your mail without screening for malware sources which will bypass recipients SPAM Blocker as your mail is from a known contact!!

I used Spybot to set "Home Page(House Icon)" to about:blank & my "Search Page (World Icon)" to Google.com ( I left out the full addie here to prevent a live link). All others I removed by using "change" 1 by 1 and just backspacing on the listing without entering any new info.
Now I have just the 2 listed for Home & Search.

In Spybot (advanced mode>Tools) dbl. click on BHO's and look for Juno there. If found try first "toggle" off to see if this works, & if so, then return & use "delete".
Note DO NOT delete the one ending in "xxxx2484F}" if there. That is Spybots Bad Download Blocker (routed hosts file) & will be their if you've enabled it under "resident".

I wonder if a pass with Cool Web Shredder may also find a few entries:
(Free): FREE Programs from Merijn.Org:

COOL WEB SHREDDER(CWS) Removes COOL WEB SEARCH Hijacker (Win 98 & Newer). last Merijn Version1.0.0.1(Left Side>Programs>CWS>click download from Merjin.Org:
http://www.merijn.org/


Latest Version (post Sale to Trend Micro) Version 2.19 From T.M.: Click Button: "Remove CoolWebSearch" Download & save:
http://us.trendmicro.com/us/products/personal/CWShredder/index.html?WT.TM_clusty_flg=3
Continued next post??!!

Collapse -
Above Post (Continued)....
by tobeach / October 18, 2007 3:47 PM PDT

I heartily agree with idea of Firefox & Thunderbird instead as long as you machine is at least XP >>SP2<<. Minimum requirement for FF & needed Java 5.0 or 6.0 (Java must be on machine BEFORE installing FF & Thunderbird). If SP1 or earlier, you can use Mozilla Projects Sea Monkey (all-in-one) with Java 1.4,2_15 (also Java 1st)(also works with all from Win 98 up).
Hoping there's light at end of your tunnel by now!! Grin

Note: I Had to post in 2 parts since this extra bit wouldn't appear. Never seen this happen before. Suspect something scripty about using "FF"
& then a slash before Thunderbird. ShockedHappy

Collapse -
Note: NEW Security Fixed Firefox Released Today....
by tobeach / October 18, 2007 4:19 PM PDT
Collapse -
Maybe a explanation of the problem is needed...
by htmlguy / October 18, 2007 5:58 PM PDT

It is not the main, as I call it, browser. It is a html document which, when opened off line is like a browser. It has the address at the top like a browser but with less functions (like changing to BLANK). The address will be where your test.html is.

Like so... C:\Documents and Settings\Owner\Desktop\test.html

This is where my problem is. There is a second addy field that goes to badguy site when I close the window.

I tried to put a html example here but it did not display correctly.
There is a way but takes a little time... (I forgot how... have to look it up. There is a special code to do it.)

If you're interested in html then goto www.htmlgoodies.com or search html.

It's simple and fun. Be creative!

HTMLguy

Collapse -
For Me, Myself and You
by MarkFlax Forum moderator / October 19, 2007 5:35 AM PDT

Continued from http://forums.cnet.com/5208-4_102-0.html?forumID=5&threadID=268145&messageID=2610379#2610379

Obviously misinformed? Obviously "grossly" misinformed?

The matter has been discussed many, many times in these forums and elsewhere. We all make our own decisions based on what we read, what we hear and on our own experiences. I have made my choice.

I will say just two things;

1] IE7 is, I accept, a major improvement on previous IE's. But we had to wait 5 or 6 years between IE6 and IE7. And it still uses non-standard html and it still allows ActiveX by default.

2] The hundreds of thousands, perhaps millions, of users around the world who do not know about, and do not understand about, internet security have been at risk from IE6 and previous versions for years. How many of them use machines that are infected and are zombies for the spyware and hacker community?

Good luck to you and your methods. I trust you will pass your system on to all the other users who still use IE.

Mark

Collapse -
Explanation.
by Me, Myself and You / October 19, 2007 9:50 AM PDT
In reply to: For Me, Myself and You

People being uninformed is NOT the fault of the browser. Just because someone leaves ActiveX turned on, for all sites, does not mean the browser is naturally insecure.

If the design is secure, if the implementation is secure, if the blah blah blah is secure, the system/app is secure. IE achieves this by using zones.

In order to achieve anywhere near that level of security in Firefox, you have to disable everything, which makes any site you visit inoperable. IE has zones, to seperate site permissions. Not only that, but IE covers your whole system. If you have Winamp, Windows Media Player, or whatever running, that displays a live web page, it uses IE. If you are ignorant enough not to configure IE properly even if it is not your default browser, it still gets taken account when other apps embed it. This is why securing it takes a system wide effect. If Firefox is breached, then that's it. You're finished. If IE is breached, it is really not a big deal, because its security and zone permissions continue farther than the browser alone. That said, if it is secured, and you don't add malicious websites to the trusted list, it will not GET breached.

To test theories, etc. Try visiting the site: TEST.ON.NIMP.ORG in Firefox. It will screw your browser and system. In order to protect against that, you have to shut of Java and stuff, but this will affect EVERYTHING you browse. In IE, you just add that site to your blocked list (or if your system is secure it will be part of the internet zone, which should have disable permissions on everything anyway). Yet, the rest of the sites you wish to browse in your trusted, work fine.

Until you find me a browser that expands its security over the whole system, and implements the use of zones, I stand very much by my statement. If you wanna feel special, use Opera.

Collapse -
Also,
by Me, Myself and You / October 19, 2007 9:53 AM PDT
In reply to: Explanation.

And this works for, hummm, IE4 and above, any IE that uses zones. In fact, IE3 might even have had zones.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?