Hijacked Home Page

Discussion in 'A+ Certification' started by sbmike, Dec 21, 2004.

  1. sbmike

    sbmike Guest

    A neighbor lady asked me to check out her internet home page because it wasn't
    the one she had been using. I went to 'Internet Properties' and under the
    general tab found the 'Home page' section was grayed out and
    'http://www.searchmircale.com/' was in the address box.

    I ended up doing a search in regedit for searchmircale and replaced it with
    her original home page. Now when opening IE her page is displayed but when
    returning to the 'Home page' section of 'Internet Properties', it's stilled
    grayed out.

    I'm assuming that I need to remove one of the items I changed in the
    registry but not sure which one.

    Need help.

    IE is v. 6.0 and O/S is XP.

    Mike
     
    sbmike, Dec 21, 2004
    #1
    1. Advertisements

  2. sbmike

    J Figueredo Guest

    Try SpyBot Search and Destroy or any of the anti spyware programs at
    www.download.com also run an antivirus program just in case, and look at
    www.getfirefox.com great Web browser without the IE security flaws.

    Good luck,

    Jose
    MCSA, Network+,

    A+
     
    J Figueredo, Dec 21, 2004
    #2
    1. Advertisements

  3. HijackThis! should work for this situation. It knows where to look in the
    registry for browser-hijacking garbage, and lets you remove it easily.
    Hopefully, the combination of this, spybot, and ad-aware can solve the
    problem. In my experience, it usually does the trick.
     
    Patrick Michael, Dec 21, 2004
    #3
  4. sbmike

    AG Guest

    Another program that might help in this situation is BHO Deamon. The
    install file is here:
    http://www.pcworld.com/downloads/file_download.asp?fid=23611&fileidx=1
    Also a very interesting program for those that insist on using IE is
    IESPYAD. It puts a bunch of the word offending spyware sites in the IE
    restricted list so that all of the insecure activeX type programs just won't
    run from those sites.
    It can be downloaded from this page:
    http://www.pcworld.com/downloads/file_description/0,fid,23332,00.asp



    AG
     
    AG, Dec 21, 2004
    #4
  5. Hmmm... flame reply that doesn't even address the problem... how profound...
     
    «bonehead;\), Dec 21, 2004
    #5
  6. sbmike

    J Figueredo Guest

    No comment......

    J


     
    J Figueredo, Dec 22, 2004
    #6
  7. sbmike

    Thumper Guest

    I have not been on this site but in similar circumstances I went to
    the contact section on the help page of the site and sent an email
    telling them how pissed off I was and wanted to remove it. A bot sent
    an email back directing me to click on a link that will remove the
    software. I'll bet if you contact them they will respond within
    minutes via a bot. They probably get thousands of pissed off people a
    day writing them.
    Incidentally I have 4 spyware and bot checkers plus an anti virus
    programs. None of them removed the hijacker from my system.
    Thumper
    To reply drop XYZ in address
     
    Thumper, Dec 23, 2004
    #7
  8. sbmike

    MF Guest

    In my experience, adaware and spybot will not remove hijackers. they will
    find one or two of the pieces and remove them, then the hijacker will
    promptly restore them. problem is that hijackers dump dll's all over the
    place, including users docs and settings folder. puts registry entries all
    over the place to call the dlls. which then promptly restore everything
    adaware and spybot have deleted.

    the best automated solution is HjackThis! but it's output is esoteric, so
    you have to read the instructions. You _may_ also have to spend a several
    hours deleting stuff manually. First, search google and google groups for
    your malware -that word shd be replaced with scumware. You will find tons
    of references. go read them. some of them will include lists of all the
    crap the scumware dumps into your system, and all the registry entries it
    makes. keep reading till you feel you have a comprehensive list. then boot
    into safe mode. search your hard drive for the dlls and exes and delete
    them. search the registry for the for the entries and delete them.
    anything you feel nervous about deleting, simply rename. then boot
    normally. if behavior is back to normal, you've succeeded. if not, do it
    again. if you are like me, by the time you are done, you will have
    developed a monumental hatred for the purveyors of these things.

    then try running some sort of protection. i'm running bho demon - but i
    haven't been to any sleazebag sites in a while, so i don't know how well it
    works. and BTW, you can get hijackers by relatively innocent activity, like
    following a google link to a site that provides - or says it provides -
    discographies.

    good luck

    Mike
     
    MF, Dec 28, 2004
    #8
  9. sbmike

    Bum Guest

    In Windows XP to correctly remove the spyware / adware and the other
    pollution on the system it is advisable to take the following steps to
    resolve the problem you point out:

    1) Create a restore Point

    2) Turn off the Automated System Restore for all partitions

    3) Run Spybot and AdAware

    4) Reboot

    5) Repeat step 3 and 4 until the System is clean

    6) Turn Automated System Restore back on for all partitions

    Without turning the Automated System Restore off, XP will attempt to
    restore those files and registry entries removed by the cleaning tools.
     
    Bum, Dec 28, 2004
    #9
  10. Sometimes, I like to run spybot and ad-aware in "safe mode", or "safe mode
    with networking" (the latter so I can update and scan all at once). This
    ensures that none of the crap is loading in the background.
     
    Patrick Michael, Dec 28, 2004
    #10
  11. sbmike

    Bum Guest

    Never thought of that ... would eliminate several reboots ... thanks for
    pointing the brain to a new way of thinking .... hmmmm wish I would have
    thunk of that ...
     
    Bum, Dec 28, 2004
    #11
  12. Yours wasn't a bad idea either...never hurts to create "restore points"
    whenever you're running programs that do a lot of registry-editing to remove
    spyware/crap.
     
    Patrick Michael, Dec 29, 2004
    #12
  13. Or you could try Firefox and find out that the vulnerabilities of Microsuck
    don't have to be your vulneraability also....
    http://www.mozilla.org/products/firefox/

    Firefox can be set up so that websites can't automatically download
    crap on your machine....
     
    «bonehead;\), Dec 29, 2004
    #13
  14. sbmike

    Bum Guest

    Yes one can install and configure FireFox. Yet the fact remains the path
    from IE to Firfox requires one to clean the machine first. Hence, it is
    not a solution to the problem posed but rather a preventive measure.

    Yes a safe boot and running spybot and adaware is a good way to solve the
    problem. You may still need to reboot a few times to verify a clean
    system. Once the system is clean a safe boot with network support to
    download, install and configure firefox and will prevent most of these
    problems in the future ...
     
    Bum, Dec 29, 2004
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.