Solved

default homepage cannot be set

Posted on 2003-10-29
14
15,567 Views
Last Modified: 2012-06-27
I have to problems - my default homepage is defaulting to xwebsearch.biz or vsearch.com

Is this a virus of some sort.  If so, I need someone to walk me thourgh the steps to correct it.  I do not know how to access the ms register.  I'm running XP Pro
0
Comment
Question by:vol2heel
14 Comments
 
LVL 97

Accepted Solution

by:
war1 earned 168 total points
ID: 9647648
Greetings, vol2heel!

A Search site has downloaded something into your computer.

1. If you have Windows Messenger Service, disable it.  The Messenger service is typically not needed for home users.

Right-click My Computer and click Manage.
Fold out the Services and Applications option and click Services.
Right-click the Messenger entry, select Properties, and choose Disable under Startup Type.
Click OK.

You should no longer receive messages sent via the messenger service.

2. Use the following scanners to find and remove the website.

SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/

Download the latest updates and run the scanner.

3. Some porn websites redirects links to their websites using your HOSTS file. Do a search for the HOSTS (without extension) file and remove the entry.

4. If still no joy, download HijackThis from Spywareinfo download page

http://www.spywareinfo.com/downloads.php

Run the program and you will find many entries. Most are OK. Post the log. I will find the problem for you.

5. For future preventive maintenance, make sure programs cannot just download on your computer without your permission.  From the Internet Toolbar, go to Tools > Internet Options > Advanced.  Make sure "Enable Install On Demand (Internet Explorer)" and "Enable Install On Demand (Other)" are unchecked.

Best wishes, war1
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 166 total points
ID: 9647652
If you  are talking abt in IE

check for possible spyware

***************************
Spyware/Adware removal tools:
------------------------------

SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml

Ad-aware : http://www.webattack.com/download/dladaware.shtml

Trojan Remover :http://www.simplysup.com/

HijackThis : http://www.webattack.com/download/dlhijackthis.shtml

KL-Detector  :http://www.webattack.com/download/dlkldetector.shtml

X-Cleaner Free  :http://www.webattack.com/download/dlxcleaner.shtml

SpywareBlaster  :http://www.webattack.com/download/dlspywareblaster.shtml

SpywareGuard :http://www.webattack.com/download/dlspywareguard.shtml

*****************************

If tht doesnot work out  repair IE


*******************************

Description of the Internet Explorer Repair Tool
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q194/1/77.asp&NoWebContent=1

How to Reinstall or Repair Internet Explorer and Outlook Express in Windows XP
http://support.microsoft.com/?kbid=318378

Repair Internet Explorer 6
http://www.theeldergeek.com/repair_ie6.htm

http://support.microsoft.com/?kbid=293907

Unable to Open Link
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q281679&sd=tech


**********************************

Sunray
0
 
LVL 97

Expert Comment

by:war1
ID: 9647653
vol2heel,
  Also the problem could be CoolSearch. Use CW Shredder to get rid of it.

http://www.spychecker.com/program/cwshredder.html
0
 
LVL 1

Expert Comment

by:AnnMarie1
ID: 9647666
If you feel comfortable working in the registry, go to Start > Run and type regedit.

Drill down and see if this key is present:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte
rnet Explorer\Control Panel\HomePage


If this key exists, delete it and reboot. NB Make sure that you back your registry up before making any changes.  The easiest way to do this is to select the entry that you are going to delete with your mouse and go to File and choose Export. Call it any name that you like (selected branch should be pre-selected) and then send it to a New Folder on your Desktop as a reg file. If you have no further problems, rightclick on the New Folder and delete it. Do NOT doubleclick on a .reg file unless you want to put it back in your Registry.
0
 
LVL 10

Expert Comment

by:LRI41
ID: 9651116


CoolWebSearch-the coolwebsearch chronicles


[langalist] LangaList Standard Edition 2003-10-23
Date: 10/22/2003 9:17:30 PM Pacific Daylight Time

CoolWebSearch = Very UnCool

It is a nasty hijack program that hides very well. It would run
once a day so even if he thought he had things fixed and
working the problem would return the next day (after a reboot).
[The CoolWebSearch exploit (explained at
http://www.spywareinfo.com/~merijn/cwschronicles.html )] was
the root of the problem. If you read this site you can see just
how nasty this is. The dam* thing can install from a web page
you may be at or passing through.

http://www.spywareinfo.com/~merijn/

 has a fast little shredder
to remove it plus a few other useful utilities. He won't be
100% sure that he has finally beat this bug for a couple days,
but from the tests he's done so far it does appear to have been
killed.


Subject: Registry cure for Searchv hijacker

http://www.computing.net/security/wwwboard/forum/6873.html



******************************************************

How to fix a hijacked homepage setting
 
http://www.cyberwalker.net/columns/oct02/241002.html


http://www.geekgirls.com/net_hijacked.htm

Browser Hijacking

http://www.spywareinfo.com/articles/hijacked/

Has something started redirecting your browser to whazit.com? We have the solution!
http://www.spywareinfo.com/

Manual remove:

http://whazit.com/manualremove.html


restore a hijacked browser, or if you want to know whether that free software you just downloaded might have a parasite bundled into it, you've come to the right place.
http://www.spywareinfo.com/


[langalist] LangaList Standard Edition 2002-01-24  
Date: 1/23/2002 9:18:06 PM Pacific Standard Time

Free "Anti-Parasite" Browser Check

Esther Schindler, who helps edit and produce columns and discussions for
InformationWeek.Com (including mine!), sent along a note about

http://and.doxdesk.com/parasite/
 :

     Nice utility page that automatically detects spyware in your
     Windows Explorer browser, and generates instructions for
     removing it....

Thanks, Esther. The page runs a small JavaScript that looks for
"exploitationware"  and other "parasite" add-ons that may have barnacled
themselves to your browser without your knowledge.


Lockergnome Windows Digest] Electronic Toolbar and the Lovers  
Date: 3/16/2003 1:44:12 PM Pacific Standard Time

IE Restrictions v1.0 [478k] W9x/2k/XP FREE

http://www.mywebattack.com/gnomeapp.php?id=105964

IE Restrictions allows you to disable certain modifications to
Internet Explorer. Many of them are commonly abused by invasive
Web sites that, for example, change your home page settings,
modify the toolbar, open pages in full- screen mode, and more.
Others are more of an administrative nature, allowing you to
disable the registry editor, page source viewing, and other
settings. [MWA]


MOSSBERGS'S MAILBAG  WSJ
June 6, 2002  


Software Can Prevent Porn Sites From Monopolizing Start Pages
By WALTER S. MOSSBERG

There's no other major item most of us own that is as confusing, unpredictable and unreliable as our personal computers. Everybody has questions about them, and we aim to help. Here are a few questions about computers I've received recently from people like you, and my answers. I have edited and restated the questions a bit, for readability.

This week my mailbox contained questions about disabling malicious porn site settings, finding a book about Windows XP and printing directly from digital cameras.

Q: A gross porn site, apparently once visited by my teenage son, has taken over my browser and installed itself as my start page. Every time I launch Internet Explorer, this porn page appears, and it spawns multiple other porn pages so fast I can't close them. Even if I go into the settings menu and change the start page back to something I want, the porn page overrides my choice the next time I reboot the PC. How can I get rid of it?

A: Porn sites aren't the only ones who try and take over your browser by changing your start page, which is the Web page that appears first whenever you launch Internet Explorer. Some sleazy marketing sites do this, too. These sites install malicious code on your PC, some of which controls the browser start page setting, overriding your own selections.

But I have found a free program to be very effective in blocking such sabotage. It's called StartPage Guard and was developed by a programmer named Piotr J. Walczak. The program not only kills malicious code and allows you to restore your favorite start page, but it can automatically check to make sure your choice isn't overridden again. You can download StartPage Guard at

www.download.com  (search for "start page") or at http://pjwalczak.com/


Lockergnome Windows Digest] Superimposed Symphony and the Aliasing  
Date: 7/5/2003 4:37:19 PM Pacific Daylight Time

Browser Hijack Blaster v1.0 [393k] W98/2k/XP FREE


Browser Hijack Blaster protects your system from browser hijackers
and spyware that alters your Internet Explorer settings. It runs
in the system tray and silently monitors the settings for IE
Homepage, IE Default Page, IE Search Page, and BHOs (Browser
Helper Objects). If any of these settings are changed, it will
intercept and warn you, giving you the option to undo the changes.
[MWA]

 
http://www.mywebattack.com/gnomeapp.php?id=106649

http://www.wilderssecurity.net/bhblaster.html


HijackThis

HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. It's up to you to decide what should be removed. Some items are perfectly fine. You should not remove them. Never remove everything. Doing that could leave you with missing items needed to run legitimate programs and add-ins. This Page will help you work with the Experts to clean up your system. For those of you needing instructions on how to Copy and Paste the contents of a text file into a Forum Post, please look at the Table of Contents. A link to the instructions is included.

http://www.tomcoyote.org/hjt/

HiJack This Tutorial

http://hjt.wizardsofwebsites.com/

I think this is a simple answer for the Tutorial:

In This Weekly Issue of ComputorEdge8-29-2003

Digital Dave

Dear Digital Dave,
In the July 18 issue, a reader had a problem with spyware. You advised him to download Ad-aware from Lavasoft to get rid of the problem. I just want to add something you and your readers may want to know.
Ad-aware was unable to detect the spyware that had infested my computer. This pesky program automatically initiated upon computer startup and, no matter what I tried, I couldn’t get rid of it, as it had placed hidden files in various locations on my computer that would detect if parts were being deleted, and miraculously reinstall itself.
Here is what does the trick: Download, unzip, and install Hijack This!

   www.spywareinfo.com/downloads.php#det


This program scans the Registry. This is where some culprits nest to prevent deletion.
Hit the Scan option. When the scan is finished, the Scan button will change into a Save Log button. Press that, and save the log somewhere. Copy the Registry scan and post the results on

   http://forums.techguy.org

for someone knowledgeable to view the contents.
Most of what the log lists will be harmless, so don’t fix anything yet. Someone will be happy to help. Next time, you will know what is and isn’t harmless.





[Lockergnome Windows Digest] SIC 2003 Special Edition  
Date: 8/6/2003 4:01:33 PM Pacific Daylight Time

Secure IE 2003 [3.9MB] W9x/NT/2k/XP US$29.95

 The name of this software says it all (well, almost). Secure IE
offers advanced protection from JavaScript, ActiveX controls, and
VB Script, as well as effectively blocking malicious file
downloads. Secure IE offers control over browser security
settings, allowing you full access to trusted sites, while
eliminating the potential nasties found on unknown sites. Pop-up
blocking technology offers built-in elimination of annoying offer
messages. Automatic configuration options let you lock down the
most vulnerable portions of your browser in seconds. Tabbed
browsing rounds out my favorite features of Secure IE,
complimenting security enhancements with this required usability
booster. This app is a must have for anyone who wants to secure
their computer from browsing nasties or just wants to protect the
corporate network from outside threats.
.
 http://www.secureie.com/


WinPatrol 5.2
Supports Windows 95, 98, ME, 2000, NT and XP

·      
·      Detect if your default Home Page has been hijacked.

Message #: 291886From: J RAMSent: 8/29/2003 1:32 PM
A.      DAVY...this is the I've seen,and it does a-lot more things including stopping worms and spyware.. it's free


  http://www.winpatrol.com/





0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 97

Expert Comment

by:war1
ID: 9651339
LR141, thank you for confirming what I already posted.
0
 
LVL 37

Assisted Solution

by:Bing CISM / CISSP
Bing CISM / CISSP earned 166 total points
ID: 9669920
... why a so simple question caused so many posts? in fact, i dont use any anti-virus software on my computer, and i can prevent almost all existing viruses by just disabling activex, script and java of IE for internet zone and patch the system on time. as for the changed homepage settings, after you disable all the above, just remove it with the normal way from internet properties. hope this could be the simple bu efficient answer to the question.
0
 
LVL 97

Expert Comment

by:war1
ID: 9684269
vol2heel,
   We have not heard from you? Did any comment help you solve your problem? Do you have any more questions? If an Expert help you, please accept his/her answer with an excellent or good grade.

Thanks, war1
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 10060202
vol2heel, any feedback please? five experts were here, but you gave nothing to them. :(

war1, agree with you. where is the PE zenlion420?
0
 
LVL 97

Expert Comment

by:war1
ID: 10060396
bbao,
   Don't worry about it.  Question will be cleaned up during a CV comes around.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 10060438
war1, thanks for your comment. in fact, i am just cleaning those questions i participated. :)
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now