| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 38583 | 2003-10-11 22:46:00 | Hijacked Homepage | fat_jack (4717) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 182427 | 2003-10-12 04:12:00 | khooker is the SiS video driver utility. with hijackthis don't delete something your not sure of. i'm surprised adaware/spybot didn't pick it up. check you have the latest ver and is fully updated. also clean out your windows temp file and make sure your windows is fully updated. |
tweak'e (174) | ||
| 182428 | 2003-10-12 04:39:00 | Have you tried the Spybot Search & Destroy immunise option for the homepage? It locks down your homepage so that it cannot be changed at all (even if you try this yourself with the setting on). Open up the program in Advanced Mode and click on the Immunize button. Down the bottom of the page are some options for locking down your homepage, as well as preventing access to your Internet Options dialog box (be careful with this one as it will shut you out). Make sure you have re-entered your correct homepage first, then go to this option and select "Lock IE start page setting against user changes" This should hopefully prevent any further homepage changes. You can easily remove the tick from this option if you wish to change the homepage yourself. |
Jen C (20) | ||
| 182429 | 2003-10-12 05:06:00 | Do a search for msupdater.exe - if you find this file delete it. It is the program that continually reinstalls winshow. It is probably located in your "Startup" folder in the Start Menu. Once you have deleted this file. Run SpyBot and it should clear it up. This is something I am working on for myself as well at the moment, so if you find this works I'd be extremely appreciative if you let me know. |
whiskeytangofoxtrot (438) | ||
| 182430 | 2003-10-12 05:25:00 | Sorry I really needed to give some more information. The "searchv" problem is related to a hijacker called WinShow. This program installs itself either in your Windows directory (W98/ME) or into your Docs & Settings\Application Data directory (2K/XP) SpyBots latest includes will detect and remove the reg settings etc and the files. These files winshow.dll winshow.cfg and dict.dat are the biggest problems. Once removed. Set your homepage back to normal by going Control Panel --> Internet Options. Don't open IE until you have done this, or it will reinfect you. I've just done this on a W2K machine, however everytime I restarted it would reinfect itself. On further investigation the file msupdater.exe was found. I looked inside MSUPDATER with a sector editor and it links to: 00hq.com Again, please let me know if this resolves it for you. It looks like this is going to need to be reported to SpyBot for addition to their includes. |
whiskeytangofoxtrot (438) | ||
| 182431 | 2003-10-12 06:37:00 | I had a similar problem some months ago. A Dutch semi-porn site installed itself as my home page. Adaware, and Spybot made no difference. I did a Google search and immediately found info on this installation which explained how to get rid of it. From memory I installed Hijack This but even after running that had to go through MSCONFIG and remove the startup entries. Took a couple of hours and 3 restarts. Persistant little sods these programs. Cheers and good luck Winston |
Winston001 (3612) | ||
| 182432 | 2003-10-12 08:45:00 | hi everyone. A big thanks and thumbs up for all your help. I finally seem to have got it sorted by disabling the sys.reg file in msconfig. All "infected" files are still present as i still need to check about deleting them. Once again thanks for your help. fat_jack ps: if the sys file is full of only searchv stuff, can i safely delete it? |
fat_jack (4717) | ||
| 182433 | 2003-10-12 09:13:00 | Just rename it so the suffix ends in tst eg crap.tst Then it will be harmless. If anything else requires it, then it is easy enough to rename it back again. If nothing happens after a couple of weeks, then delete. | Pheonix (280) | ||
| 182434 | 2003-10-12 14:08:00 | well well well. Purely in the name of science i went and got my machine infected with this browswer hijack. Damn this thing is nasty. Damn i'm an idiot. Its 3.30am but ive got it sorted. Running spybot and ad-awere found various nasty crap from this *&^$%#$%^,they were deleted,homepage was set bck to google and i rebooted,and the %$$#@ regenerated,changing my homepage and throwing porn at me,nice one,the girls in the porn weren't even good looking. The msupdater.exe mentioned above wasn't found on my machine so i can rule that one out,i had a look at the contents of my sys.reg file and it did indeed have three entries pertaining to the sites mentioned,These i deleted,set my home page back to google,then ran spybot and add-aware once again,the same entries were found(obviously re-installed on the last boot)So were once again deleted and i rebooted. Problem solved,spybot and adawere find no traces of it on my system,my home page has stayed how i wanted it and no unwanted re-directing,pop-ups or downloads so far. As far as my research tells me its a hack on windows version of Java,Which i uninstalled and have loaded on the real version from sun,well i attempted to load it on,i get errors and it quits,damn,...still,it gives me something to do tomorrow. Those that have this problem can they check the infected machine and see if its running the windows VM/java,i think thats the hacks first port of call. |
metla (154) | ||
| 182435 | 2003-10-12 14:56:00 | 4.30am,got sun java loaded,best i go to bed...... | metla (154) | ||
| 182436 | 2003-10-12 20:20:00 | I just keep a image these days of my C: drive and just do a restore which takes about 15 mins to a earlier state when my PC was working as it should do using Drive Image 2002 on 98SE O/S. Prior to that I ended up wasting an hour removing a thing called Lop.com nast things Hijackers , I use Zone alarm pro adware spybot spysweepwer and pestpatrol along with regcleaner and hijack this these days along with a few other things . |
kiwibeat (304) | ||
| 1 2 3 | |||||