#  >  > Computers Can Be Fun >  >  > Computer News >  >  New virus? People's Republic of Thailand

## Rattanaburi

At my work some of the computers browsers have been hacked so that when you start the browser "People's Republic of Thailand (PRT)" comes up. It's a new thing in the last two weeks I guess. Anyone experienced this and is there an easy cure for it? It just changes your homepage. They are talking about it at pantip.com but so far all I have found is Thai language sites for it. Any help would be appreciated?


pantip with a pic of the browser's opening page. This is the only problem. you can go to other pages but the browser opens like this.


_edited by dirtydog_
really don't need that shite on here if they have been hacked. dirtydog

----------


## Thetyim

There seems to be something about it here but it is in thai.
Can anyone help with a translation
ÊÓ¹Ñ¡§Ò¹ÊÒ¸ÒÃ³ÊØ¢¨Ñ§ËÇÑ´¢Í¹á¡è¹

----------


## Rattanaburi

Pantip wasn't affected by the virus. It had some info on how to get rid of it in Thai though. I'm not sure how the virus gets around. it may have to be carried from computer to computer via thumbs drive. KhonKaennews has something about it but its was in Thai mostly and involved going into your computer management programs and doing some things which I didn't understand. I'm just looking for some easy program to remove it.

----------


## dirtydog

Trouble is it is just a Thai thing, so the big companies wont give a shite as they probably never received any money from a Thai person in their lives, go for the free online scans, then delete the shite out of the registry where the problems are, hell, probably easier to reformat.

----------


## Loombucket

If the browser has been hijacked, it's likely that you have downloaded something that has layed a sting in the registry like DD says. This has worked many times for me so I will share. Download and run "Spybot", make sure that it is the latest version. Give it a chance to scan through every file and then do what it recommends. 

Download and run "Hijack this". This will show you everything in the registry. Items are listed on the left 1 up wards. Look at the 1's. DO NOT BE TEMPTED TO CHANGE ANY OF THE OTHERS. Remove anything that changes the browser settings. BE VERY CAREFULL. If you remove the wrong thing, you will make a little problem a very big one and the whole thing may not work. Spybot and Hijack this are available as free downloads and are written in English.

Cheers!

----------


## Rattanaburi

From that Khonkaen website I took a try using the little English I could see there and managed to get it off the comp at work. It actually was very easy. I just had to delete a startup entry. I used the ccleaner program to do it. I also shut off system restore to make sure I got it all and made sure my homepage in explorer was set to a real website. Right now it seems to be working fine. Thanks for the ideas.

----------


## Rattanaburi

Got it again. The second time I got rid of it with the Hijackthis program.

----------


## Coota

I've tried all the previous advice, though every time I remove the following file using hijackthis.....

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About**:People's Republic of Thailand (PRT)

...and then change my webpage back to normal, the file returns in seconds?

Can you please explain to me in layman's terms how to remove the virus properly?

You assistance would be very much appreciated.

----------


## Sage

Try these steps:
1.press Ctrl+Alt+Del to go to task manager at "processes" press end process all the "wscript.exe" you found,
2.open drive C and search for the word ".vbs" and delete all the file found with .vbs,
3. go to Start-->Run type "Regedit" and enter then go toHKEY--CURRENT_USER-->Software-->Microsoft-->Internet Explorer-->Main, find "start page" at the right hand side window, double click the "start page" you will see that damn name at "value data" change it to "about**:blank" and restart your computer you will get rid of that stupid virus.

----------

