| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 34117 | 2003-06-04 10:39:00 | Web Browser Hijacked | paulbutterworth (3949) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 149782 | 2003-06-04 10:39:00 | Help. My web browser has been hijacked. My web browser sporadically re-directs me to "www.fassia.net Before taking me to this address the message "Opening page r3.jhtml at 204.177.92.68..." is displayed. I am running IE6 with latest patches on Windows machine (XP). Does anyone know what this is and how to fix it? PaulB |
paulbutterworth (3949) | ||
| 149783 | 2003-06-04 10:52:00 | Is this only your homepage, or any website? Sounds like some 'dodgy' surfing may have caused this.. Run Ad-Aware and an Anti-Virus scan. You should also check what apps are loading at startup by running msconfig. If its all web-pages, your host file may have been modified :-( Post back Cheers Chilling_Silence |
Chilling_Silently (228) | ||
| 149784 | 2003-06-04 10:55:00 | Run Adaware & Spybot that will remove it. | stu140103 (137) | ||
| 149785 | 2003-06-04 10:58:00 | Thanks for the reply. Its some websites but not all websites. Definitely some dodgy surfing involved - got trapped in porn "pop-up hell" after connecting through sneaky url link in an email. I suspect that some little piece of software has got imbedded somewhere in my system - just not sure where, how or how to get rid of it. PaulB |
paulbutterworth (3949) | ||
| 149786 | 2003-06-04 10:58:00 | Firstly... In the Registry (use the registry editor program by clicking START |RUN and in the run dialogue box typing REGEDIT and click OK) check the key HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/URL/Prefixes/www This key value should be " This is the prefix that is added automatically before every URL typed in. The scumware probably changed this to something like "http://www.fassia.net?redir="" target="_blank">". This is the prefix that is added automatically before every URL typed in. The scumware probably changed this to something like "http: Change it back to "http://" exit the Registry and restart Internet Explorer. Secondly (and subsequently)... If you don't want to do the above then use a spyware scanner to remove it: Adaware (www.lavasoftusa.com) or SpyBot S&D (http://security.kolla.de/) Install and use/run one of these utilities on a regular absis... also assume you are using an Antivirus utility. Cheers, Babe. |
Babe Ruth (416) | ||
| 149787 | 2003-06-04 10:59:00 | Thanks. Have run Spybot (but not Adaware) and it is still there. | paulbutterworth (3949) | ||
| 149788 | 2003-06-04 11:03:00 | Thanks. Yes, run NAV and Spybot (and have run Spybot recently). Also, check Registry setting in your posting - was set to "" and not "http: PaulB |
paulbutterworth (3949) | ||
| 149789 | 2003-06-04 11:04:00 | Try rebooting into Safe Mode... Also, Click Start -Run type: msconfig Under the Startup tab over the right, check what's loading up.. untick anything that may be the culprit :-) |
Chilling_Silently (228) | ||
| 149790 | 2003-06-04 11:35:00 | Take a look at FAQs 8a and 8b, (top right of PF1 home page) they are specifically intended to help with your problem. Cheers Billy 8-{) |
Billy T (70) | ||
| 149791 | 2003-06-04 12:05:00 | This is a Browser Helper Object (BHO) that hijacks address-bar searches. Ad-Aware should remove it. More info Here (www.doxdesk.com) Manual removal Open the registry (Start->Run->regedit) and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run. Delete the entry called 'ASWnk' if you see it on the right. Now open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands: cd "%WinDir%\System" regsvr32 /u msinfosys.dll You should now be able to delete the 'msinfosys.dll' file in your System folder (inside the Windows folder; called 'System32' on Windows NT/2000/XP) and the 'primesoft' folder in the Program Files folder. |
Jim B (153) | ||
| 1 2 | |||||