[pcductape] Re: Hijacked homepage.

  • From: "Bob Noble" <bnoble@xxxxxxxxx>
  • To: <pcductape@xxxxxxxxxxxxx>
  • Date: Fri, 2 Jan 2004 10:11:23 -0800

Hi Ray,
You need to go to, run, type in sysedit, hit run, and look in the win.ini file,
run. There you will find a piece that runs on startup that puts all the bad
stuff back.

The easiest way to find out what this thing is called, for your situation, is to
type in msconfig at the run command and look under the startup tab.
If you are running xp, you may have to find this program from Microsoft and add
it, as it doesn't come with xp.

What I do, is anything I don't recognize in the startup list, I type it in the
search engine and see what it is.

You can uncheck the bad one in msconfig, but the best way is to remove it from
the win.ini file.  You can temporarily uncheck it in the msconfig, so you are
able to use the internet.

If you add this method to your regedit method, you won't need Antivirus software
to remove viruses.

Bob Noble
www.sonic.net/bnoble
----- Original Message -----
From: "Ray Spitz" <rspitz8207@xxxxxxxxxx>
To: <pcductape@xxxxxxxxxxxxx>
Cc: <rspitz2@xxxxxxxxxxx>
Sent: Friday, January 02, 2004 9:56 AM
Subject: [pcductape] Hijacked homepage.


| Hi all:
|
| Hope everyone had a great holiday season.
| Well, we finally broke down and got cable a couple of months
| back and now have been hit with a HomePage Hijacker .
| The system is ;
| Acer Aspire, 330 MHz, W98 FE, IE & OE 5.5, 120 GB HD, 196MB Ram,
| AVG anti-V, Zone Alarm.
|
| Problem: The home page is RESET to the unknown site each time the
| computer is re-started. Setting to my-homepage via IE-tools holds only
| for the "current" session. Interestingly, my browser is unable to
| "find" the hijack-page on start-up. It comes up "page not found".
|
| The hijack URL is  http://t.rack.cc/h.php?aid=35
| On one occasion it tried to access  www.cool-search.net/?aid=35.
|
| I have run Ad-Aware, SpyBot, &  Avg and each came up clean.
| I Checked Sandi's extensive MVP site but found no reference
| other than a 'search-box" which does find the hijack site (which
| appears to be a promotional site to sell their marketing approach).
|
| I ran a "find" in Regedit and found 4-references. You can see a
| copy of the registry entries on my web page at
|             http://www.wideopenwest.com/~rspitz8207/
|
| I deleted the 4-registry entries and then set IE back to my
| home-page but upon the next restart the hijacker has
| restored the offending settings back into the registry
| as shown. Nothing in the start section of msconfig
| "hit" me between the eyes but could have been
| in there ....
|
| Otherwise, my computer appears to be normal.
|
| Sorry for the long tale. I'm hoping someone will
| recognize the parasite and provide a removal
| procedure or a link to one.
|
| Have to go visit new grand-daughter now.
| be back later.
| best regards to all,                        Ray
|
|
|
| ---
| Outgoing mail is certified Virus Free.
| Checked by AVG anti-virus system (http://www.grisoft.com).
| Version: 6.0.557 / Virus Database: 349 - Release Date: 12/30/03
|
|
|
|
| To unsubscribe from this list send an email to
| pcductape-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field
| OR by logging into the Web interface.
|
| To view the message archives simply go to:
http://www.freelists.org/archives/pcductape/
|


To unsubscribe from this list send an email to
pcductape-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field
OR by logging into the Web interface. 

To view the message archives simply go to: 
http://www.freelists.org/archives/pcductape/

Other related posts: