hijacked homepage

[mark]

My home page keeps being reset to a page that must have been loaded by
a web site, I change my home page back to what I would like it to be
but when I reboot the other page is back. My system is Windows NT 4.0,
I have gone into my registry and changed my default_page and my
start_page. I also do a find with the string that is in my
default_page everytime I reboot and change
every occurance of this string and the wrong home page still comes
back. I have downloaded Spybot and run it, it found a redircting file
and I went through removing it. But when I reboot my home page still
changes. What do I need to change to get rid of this take over of my
home page. Thank you for any help.

[YK]

mark wrote:
> My home page keeps being reset to a page that must have been loaded by
> a web site, I change my home page back to what I would like it to be
> but when I reboot the other page is back. My system is Windows NT 4.0,
> I have gone into my registry and changed my default_page and my
> start_page. I also do a find with the string that is in my
> default_page everytime I reboot and change
> every occurance of this string and the wrong home page still comes
> back. I have downloaded Spybot and run it, it found a redircting file
> and I went through removing it. But when I reboot my home page still
> changes. What do I need to change to get rid of this take over of my
> home page. Thank you for any help.

Maybe HijackThis can help
http://www.tomcoyote.org/hjt/

[Jay T. Blocksom]

On 30 Jun 2003 10:18:10 -0700, in <alt.privacy.spyware>,
morgan.mark@worldnet.att.net (mark) wrote:
>
> My home page keeps being reset to a page that must have been loaded by
> a web site, I change my home page back to what I would like it to be
> but when I reboot the other page is back. My system is Windows NT 4.0,
[snip]

> What do I need to change to get rid of this take over of my
> home page. Thank you for any help.

<http://www.litepc.com/ieradicator.html>

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Jay T. Blocksom]

On Sat, 05 Jul 2003 08:38:07 GMT, in <alt.privacy.spyware>, "Jon Oringer"
<jon@surfsecret.com> wrote:
>
> http://<URL redacted>
>
> PestPatrol is a great utility for this
>
[snip]

No, it isn't.

PestPatrol is blatant spamware, promoted and sold by a frothing loon:

<http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=9ftp43%243g8%240%40216.39.174.41&rnum=1& prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DISO-8859-1%26q%3DPestPatrol%2Bgroup%253Anews.admin.net-abuse.email%26btnG%3DGoogle%2BSearch>


--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[TonyKlein]

LOL, I have to agree...

Download either or both Ad-Aware and SpyBot S&D, update them, and have them scan your drives./

If after that still no joy, go to http://www.tomcoyote.org/hjt/ , and download Hijack This.

Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, and save the log somewhere

Next, go to http://www.spywareinfo.com/forums/

Sign in, go to the Spyware and Hijackware Removal section, press "new topic", explain your
problem, and copy and paste the contents of the Hijack This log into your new message. You'll get
expert assistance in dealing with your problem.
--

Cheers, Tony

NOTE: Please reply to the group, and not to me personally.
E-mail address is void.





"Jay T. Blocksom" <usenet01+SPAMBLOCK@appropriate-tech.net> wrote in message
news:t5jegvg7o065tj2iqnr4h44ffakp51n0n3@news.rcn.c om...
> On Sat, 05 Jul 2003 08:38:07 GMT, in <alt.privacy.spyware>, "Jon Oringer"
> <jon@surfsecret.com> wrote:
> >
> > http://<URL redacted>
> >
> > PestPatrol is a great utility for this
> >
> [snip]
>
> No, it isn't.
>
> PestPatrol is blatant spamware, promoted and sold by a frothing loon:
>
>
<http://groups.google.com/groups?hl=e....174.41&rnum=1
&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DISO-8859-1%26q%3DPestPatrol%2Bgroup%253Anews.admin.net-abuse
..email%26btnG%3DGoogle%2BSearch>
>
>
> --
>
> Jay T. Blocksom
> --------------------------------
> Appropriate Technology, Inc.
> usenet01[at]appropriate-tech.net
>
>
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety."
> -- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Unsolicited advertising sent to this E-Mail address is expressly prohibited
> under USC Title 47, Section 227. Violators are subject to charge of up to
> $1,500 per incident or treble actual costs, whichever is greater.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Jay T. Blocksom]

On 6 Jul 2003 22:17:15 +0800, in <alt.privacy.spyware>, Aaron
<aarontaycheehsien@yahoo.com> wrote:
>
> Jay T. Blocksom <usenet01+SPAMBLOCK@appropriate-tech.net> wrote in
> news:u2jegvo23nbqpa60harvo0pb0odik9jh0t@news.rcn.c om:
>
[snip]
> >
> > <http://www.litepc.com/ieradicator.html>
>
> Maybe he isn't using IE?
>
[snip]

Granted, he didn't explicitly state what browser he was using; but
I'd say the odds are pretty good, considering some of the "clues" he
provided:

--> [He didn't explicitly state what browser he was using.]

This alone is a big clue. As a general rule, only MSIE users (or AOLers,
which he isn't) presume that the browser they happen to be using is the
"only" browser out there.

--> My home page keeps being reset to a page that must have been loaded by
--> a web site,

How many browser hijackers target anything else *but* Exploder?

--> My system is Windows NT 4.0,

The default install included MSIE (originally v3.0, IIRC; v4.0 came with
some of the later Service Packs).

--> I have gone into my registry and changed my default_page and my
--> start_page.

What other browser is stupid enough to keep application-specific data in the
registry? (Last I looked, both Netscape and Opera use .INI files for this.
I haven't tracked down where K-Meleon and Mozilla keep that data; but since
they're both "sort of" derivatives of Netscape, it stands to reason that
the'd follow that model.)

--> I also do a find with the string that is in my
--> default_page everytime I reboot and change
--> every occurance of this string and the wrong home page still comes
--> back.

The string "default_page" is apparently a registry key/value. I have
K-Meleon, Mozilla, Netscape, and Opera installed on this box; but of course,
MSIE is not on the premises -- and that key/value does not appear anywhere
in my registry.

So, all in all... Are we "beyond a reasonable doubt"?

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Aaron]

Jay T. Blocksom <usenet01+SPAMBLOCK@appropriate-tech.net> wrote in
news:49pkgv4lnqqaoget36t3elg2mnqboucnji@news.rcn.c om:

> On 6 Jul 2003 22:17:15 +0800, in <alt.privacy.spyware>, Aaron
> <aarontaycheehsien@yahoo.com> wrote:
> >
> > Jay T. Blocksom <usenet01+SPAMBLOCK@appropriate-tech.net> wrote in
> > news:u2jegvo23nbqpa60harvo0pb0odik9jh0t@news.rcn.c om:
> >
> [snip]
> > >
> > > <http://www.litepc.com/ieradicator.html>
> >
> > Maybe he isn't using IE?
> >
> [snip]
>
> Granted, he didn't explicitly state what browser he was using; but
> I'd say the odds are pretty good, considering some of the "clues" he
> provided:

> How many browser hijackers target anything else *but* Exploder?

Well isn't there a lop version out there that does Mozilla?

> --> I have gone into my registry and changed my default_page and my
> --> start_page.
>
> What other browser is stupid enough to keep application-specific data
> in the registry? (Last I looked, both Netscape and Opera use .INI
> files for this. I haven't tracked down where K-Meleon and Mozilla keep
> that data; <snip>

In the applicationdata/profiles/ somerandomstring directory

The randomstring is a basic anti=hijack feature i think. Not that it
stops lop, since it still manages to replace your bookmark files and
pref.js

> So, all in all... Are we "beyond a reasonable doubt"?

Well obviously, my comment was meant tongue in the cheek. Still, I do
think answering the original poster with a link to some app that removes
IE is a little unfair instead of addressing the poster's problem.

I understand you and some people here hate IE to the bone, but IMHO,
posting a link to a IEeradicator app without any comments is uncalled
for.

It's almost like jokingly asking a newbie to do format c:\ when someone
asks what to do if he infected with a virus.







Aaron
--
Want to learn how to use Winboard and the 150+ free Winboard
Chess engines?Visit http://www.aarontay.per.sg/Winboard/