A new installation of Firefox is redirected to "Internet Explorer Emergency Mode" even after AV8 was removed by PCTools, How can I fix this redirection of home page.
IBM ThinkPad running XPPro Internet Explorer 8 Installed with "IE8-WindowsXP=86-ENU" Firefox ver 3.6.12 Install ver 4.22.0.0
All Replies (2)
Do a malware check with some malware scan programs.
You need to scan with all programs because each program detects different malware.
Make sure that you update each program to get the latest version of the database before doing a scan.
- http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
- http://www.superantispyware.com/ - SuperAntispyware
- http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
- http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
- http://www.lavasoft.com/products/ad_aware_free.php - Ad-Aware Free
See also "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked and What to do when searches take you to the wrong search website
If you can't fix it with the above listed scanners then you need to ask advice on one of the forums that specialize in malware removal mentioned in the Popups_not_blocked article.
Check Image File Execution Key...
The following instructions involve removing registry entries, which can severely bork your computer unless you know what you're doing. Please make sure you exercise caution and proceed at your own risk.
Regedit
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
If you were/are currently infected with AV8... you'll see keys underneath the Image File Execution such as chrome.exe, firefox.exe, opera.exe., iexplore.exe
Do NOT delete DIINXOptions or IEInstal.exe under this branch in the registry.
Delete the full key for any browser name you see there. If you look inside any one of those keys, it will show you that it routes to iesafemode.exe which is a piece of malware in and of itself
IE - Remove Chrome.exe, which specifically references iesafemode.exe
After performing this, you'll probably want to remove the actual piece of malware known as "iesafemode.exe"
32 bit - C:\windows\system32\iesafemode.exe
64 bit - C:\windows\syswow64\iesafemode.exe