Home page keeps getting reset to services.freshy.com

ChrisAttebery

Member
Nov 10, 2003
118
3
81
Help,

I've been fighting with this on my laptop. Its a Win7 64 machine. I installed a free video converter off TUCOWS and now I can't get rid of this.

Every time I restart the computer the home page on IE and Chrome both get reset to:
http://services.freshy.com/general/newhometab.php?hometab=home&partner=11075&guid={0056CE68-A5B1-48A3-803E-5CAB6A92F90B}&i=

I've run AVG, malwarebytes, ADWCleaner, and FRST. None of them seem to be able to find the issue.

Thanks in advance,


Chris
 

Ketchup

Elite Member
Sep 1, 2002
14,559
248
106
Malwarebytes is usually good with those. Look in programs and features for anything that installed with the video converter. If nothing there, look in msconfig and you should find one or more entries for it. Look at the location and remove everything in the lowest folder. You may have to do this in safe mode. If they are in a temp folder, you can clear everything from that folder.

Remove the entries themselves by unchecking the msconfig entries or removing them in the registry (if you are comfortable doing that).
 
Last edited:

smakme7757

Golden Member
Nov 20, 2010
1,487
1
81
Also check the shortcut for the browser. They usually inject a URL at the end of the executable string:

Example:
"c:\program files\microsoft\internet explorer" http://mydirtyspyware.net

Right click the icon and click properties and look at "Target"
 

HOSED

Senior member
Dec 30, 2013
658
1
0
It is also probably a good idea to clear any recent restore point made by win 7, once this is solved. Sometimes with stubborn malware it is easier to just reimage your machine with a recent backup image. (Hopefully this is not one of those cases).
 

John Connor

Lifer
Nov 30, 2012
22,757
618
121
Autoruns could help and you may want to see if there is something installed into the browser addons.

Also try super antispyware.

Emsisoft Emergency Kit is pretty damn good too.

If it's a rootkit (most likly not) check out TDsskiller and malwarebytes anti root kit.

Herdprotcet is something else I run.

I run the browser in sandboxie though.

Oddly, that domain says coming soon, but the whole link redirects to yahoo. http://www.freshy.com/

Like I said, I'm using Sandboxie with a host of security addons in Pale moon so I'm not scared going to your link.
 
Last edited:

LPCTech

Senior member
Dec 11, 2013
679
93
86
Run in this order:

Boot to Safe Mode with networking
then run
Rkill
junkware removal tool
Hitman pro (this can be skipped if you have run a bunch of other AV stuff already)
Adwcleaner
allow adwcleaner to reboot you to normal mode if hitman pro does not require a reboot.
If this does not remove it, its in the shortcut as suggested before.

I work in online tech support and remove things like you describe from old peoples PCs all day. With this method.

Edit: there may also be some sort of rogue program installed, that isnt flagging as virus, download and run REVO uninstaller to remove anything you KNOW FOR SURE should not be there, ask if not sure. Dont remove something the os might need.
 
Last edited:

Scarpozzi

Lifer
Jun 13, 2000
26,391
1,780
126
This is why I run Ubuntu as my base OS and sandbox Windows 7 in VirtualBox with snaps.
 

PliotronX

Diamond Member
Oct 17, 1999
8,883
107
106
Check out the subset of BHOs using Hijackthis. That URL might jump out at you and removing it is two clicks later.
 

VirtualLarry

No Lifer
Aug 25, 2001
56,572
10,208
126
No mention of FreeFixer? I use that all of the time to manually remove crapware. It goes a bit more in-depth than HijackThis, including Scheduled Tasks, which may be how this malware is re-inserting itself. I suggest giving it a try.
 

Iron Woode

Elite Member
Super Moderator
Oct 10, 1999
31,259
12,782
136
how about manually checking IE by going into tools > internet options > and edit the homepage selection or click use default homepage.

then try rebooting and see if the homepage changes back to freshy.

And while you are there; go to connections and click lan settings and make sure it says automatically detect settings.
 

arman19

Junior Member
Jan 1, 2015
1
0
0
In mozilla I deleted file user.js in "C: \Users\Arman\AppData\Roaming\Mozilla\Firefox\Profiles\zoo6a247.default\" and changed settings in about:config "browser.startup.homepage", "browser.newbat.url" to default (reset) it helped me
 
Last edited:

chronoswiss1

Junior Member
Jan 17, 2015
1
0
0
Run in this order:

Boot to Safe Mode with networking
then run
Rkill
junkware removal tool
Hitman pro (this can be skipped if you have run a bunch of other AV stuff already)
Adwcleaner
allow adwcleaner to reboot you to normal mode if hitman pro does not require a reboot.
If this does not remove it, its in the shortcut as suggested before.

I work in online tech support and remove things like you describe from old peoples PCs all day. With this method.

Edit: there may also be some sort of rogue program installed, that isnt flagging as virus, download and run REVO uninstaller to remove anything you KNOW FOR SURE should not be there, ask if not sure. Dont remove something the os might need.

Thank you to LPCtech for this post. I spent a few hours trying to get rid of the Freshy.com virus, but when I did exactly what you outlined above, it worked. Thanks again!!!
 

BearCub

Junior Member
Jan 29, 2015
1
0
0
Running these 4 apps in the same order removed services.freshy.com from firefox.

rkill (free)
junkware removal tool (free)
Hitman Pro ($25 per year)
Adwcleaner (free)
 

ringtail

Golden Member
Mar 10, 2012
1,030
34
91
suggestions (if you're on Windows 7 instead of Linux, I don't know about W8): Several steps to KILL IT (after already UNINSTALLING it)!!!

1)
a)Make sure in Control Panel / Folder Options / View that you check the radio button to Show Hidden Folders and Drives

b) In Windows Explorer browse your way into C:\Users\<your username>\AppData (You won't even see AppData unless you first do the above) and

c)look inside the Local, and LocalLow and Roaming folders for anything related to what you seek to kill.

d) Delete what you find in there and want to banish.

2)
Then download, install free "Agent Ransack" and use it to search ALL your drives for the beast you seek to slay ...Agent Ransack won't take long to roto root EVERYTHING A to Z. Agent Ransack is so fast you won't believe it.

3) Download, install free Eusing Registry Cleaner. Run it, delete all the bad registry keys it discovers, which will include registry keys left behind by whatever you manually deleted above. (People post here who insist you should never clean your registry. They are mistaken wrongheaded, piling onto a meme, dead wrong). Whatever you manually deleted will leave a bunch of trash keys behind in your Windows registry, and Eusing will Eusing will erase them. Most of them.

5)
Run free CCleaner Registry Cleaner, which will probably find a small handfull of additional junk registry keys to erase (different algorithm than Eusing finds different things), and then afterwards run the main CCleaner clean.

6)
Run Windows cleanmger, then when it (takes annoyingly long time, maybe 10 seconds, depending on your box) finally displays it's friggin GUI, click "Clean up system files" near the bottom, and the stupid thing then runs completely over including wait-time (bad engineering here). Next time it AGAIN displays its GUI, click the "More Options" tab, and under System Restore and Shadow Copies click Clean Up (then "Delete"" then "OK" (there's actually a better way to do this but I don't want to confuse you).


6b) If you know how to run Cleanmgr in amplified form do that (much deeper cleaning) -Sageset / Sagerun. I won't trouble you with the details. If not skip.

7)
Then, it's just me, I'd run the Windows defrag, followed by the free Eusing Registry Defrag.

Sounds like a bfd, actually all takes maybe only 3 or 4 min if you have the sw installed, i7 and lots of RAM.

Santa Barbara Sunset




 

dmstar

Junior Member
Feb 22, 2015
1
0
0
:thumbsup:Removing the user file worked for me. Then resetting the homepage as usual in Internet options. Thanks for including the complete folder tree so I could find it. Normally the appdata folder does not show so just type the folder at least up to and including \appdata, go there, then continue the search from there.

In mozilla I deleted file user.js in "C: \Users\Arman\AppData\Roaming\Mozilla\Firefox\Profiles\zoo6a247.default\" and changed settings in about:config "browser.startup.homepage", "browser.newbat.url" to default (reset) it helped me
 

RLSTATEdotCOM

Junior Member
Apr 16, 2015
1
0
0
I looked at the date on the "freshy" program in Control Panel (mine was 9/5/2014) and, then, I sent to Accessories, MS Dos Prompt to look for all files that had installed at the same time (since the program that I'd installed, VLC-something??, was the only thing I'd installed for about a +/- a month, it made sense to get rid of all of these. Many were in a directory called "node". The process, while laborious, worked. If you're not skilled at working with dos, it's not that tough. Type Help at the Dos prompt to learn the commands. Use DIR *.exe /s /p to find each executable (the /s is a "switch" to look at subdirectories and the /p is a switch to pause after each screen so you can view the results) - I used my phone to take a photo of each directory/program that was created on the same date and, then, used the del command to delete each directory and it's contents (be forewarned - using this incorrectly can cause problems). In general, I traversed to each problem directory with the cd command and used the del *.* /s /q command once I'd gotten there. Once I'd finished them all (and there were at least 8-12, maybe more, I went back to control panel to uninstall Freshy there (it didn't remove until I had all the programs & subdirectories removed that had been created on 9/5/14. I liked this approach since I'd already tried installing a couple of other programs that I was afraid would only trash my computer further. Here, I felt 'in control'.

Good luck! I hate these things especially since their designers seem to put themselves out to repair them and "catch" you again with some other scheme.