[pcductape] Re: Hijacked homepage.

  • From: "Martha Bagwell" <mabagwell@xxxxxxxxxxxxx>
  • To: <pcductape@xxxxxxxxxxxxx>
  • Date: Fri, 2 Jan 2004 12:24:51 -0600

Go to this site for info on this & download CWShredder to remove the
hijacker fron your system.
http://www.spywareinfo.com/articles/hijacked/

Martha

Martha's Web
http://www.keyboardpower.com



-----Original Message-----
From: pcductape-bounce@xxxxxxxxxxxxx
[mailto:pcductape-bounce@xxxxxxxxxxxxx]On Behalf Of Ray Spitz
Sent: Friday, January 02, 2004 11:57 AM
To: pcductape@xxxxxxxxxxxxx
Cc: rspitz2@xxxxxxxxxxx
Subject: [pcductape] Hijacked homepage.


Hi all:

Hope everyone had a great holiday season.
Well, we finally broke down and got cable a couple of months
back and now have been hit with a HomePage Hijacker .
The system is ;
Acer Aspire, 330 MHz, W98 FE, IE & OE 5.5, 120 GB HD, 196MB Ram,
AVG anti-V, Zone Alarm.

Problem: The home page is RESET to the unknown site each time the
computer is re-started. Setting to my-homepage via IE-tools holds only
for the "current" session. Interestingly, my browser is unable to
"find" the hijack-page on start-up. It comes up "page not found".

The hijack URL is  http://t.rack.cc/h.php?aid=35
On one occasion it tried to access  www.cool-search.net/?aid=35.

I have run Ad-Aware, SpyBot, &  Avg and each came up clean.
I Checked Sandi's extensive MVP site but found no reference
other than a 'search-box" which does find the hijack site (which
appears to be a promotional site to sell their marketing approach).

I ran a "find" in Regedit and found 4-references. You can see a
copy of the registry entries on my web page at
            http://www.wideopenwest.com/~rspitz8207/

I deleted the 4-registry entries and then set IE back to my
home-page but upon the next restart the hijacker has
restored the offending settings back into the registry
as shown. Nothing in the start section of msconfig
"hit" me between the eyes but could have been
in there ....

Otherwise, my computer appears to be normal.

Sorry for the long tale. I'm hoping someone will
recognize the parasite and provide a removal
procedure or a link to one.

Have to go visit new grand-daughter now.
be back later.
best regards to all,                        Ray



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.557 / Virus Database: 349 - Release Date: 12/30/03




To unsubscribe from this list send an email to
pcductape-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field
OR by logging into the Web interface.

To view the message archives simply go to:
http://www.freelists.org/archives/pcductape/

To unsubscribe from this list send an email to
pcductape-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field
OR by logging into the Web interface. 

To view the message archives simply go to: 
http://www.freelists.org/archives/pcductape/

Other related posts: