Solved

IE 6: Startup Homepage

Posted on 2003-11-15
9
13,602 Views
Last Modified: 2008-02-01
I visited a website, then my IE's homepage was automatically changed to their URL(i.e. the page we see when IE starts up). Even if I set the homepage in "Tools-->Internet Options", it will be reset to their URL again next time I start IE 6.0    This is very impolite and annoying.

Anyone knows how to overcome this problem? Many thanks!

-codenamecharlie
0
Comment
Question by:codenamecharlie
9 Comments
 
LVL 44

Accepted Solution

by:
CrazyOne earned 40 total points
ID: 9757861
Use these to track it down

Check for adware and sypware

spybot here
http://spybot.safer-networking.de/
Download
http://spybot.safer-networking.de/index.php?lang=en&page=download

AdAware
http://www.lavasoftusa.com/

Spycop:
http://www.spycop.com/

BHODemon and Hijack This and Browser Hijack Blaster
http://www.spywareinfo.com/downloads.php?cat=sp#det
BHODemon http://www.spywareinfo.com/downloads/bhod/ | Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. This program is my choice for BHO detection and is highly recommended.

Browser Hijack Blaster http://www.wilderssecurity.net/bhblaster.html | Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenver one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings.

Hijack This http://www.spywareinfo.com/~merijn/files/hijackthis.zip | Written by a member of our support forums and based on our Hijacked! article, this program scans the locations in your computer system that may be modified by browser hijackers and fixes any problems found. An easy-to-understand tutorial is available at TomCoyote.org.

General and overall information about Spy/Adware
http://www.cexx.org/adware.htm
0
 
LVL 45

Assisted Solution

by:sunnycoder
sunnycoder earned 30 total points
ID: 9757862
Hi codenamecharlie,

How to fix a hijacked homepage setting

http://www.cyberwalker.net/columns/oct02/241002.html


http://www.geekgirls.com/net_hijacked.htm

Browser Hijacking

http://www.spywareinfo.com/articles/hijacked/

Has something started redirecting your browser to whazit.com? We have the solution!
http://www.spywareinfo.com/

Manual remove:

http://whazit.com/manualremove.html


restore a hijacked browser, or if you want to know whether that free software you just downloaded might have a parasite bundled into it, you've come to the right place.
http://www.spywareinfo.com/


[langalist] LangaList Standard Edition 2002-01-24  
Date: 1/23/2002 9:18:06 PM Pacific Standard Time

Free "Anti-Parasite" Browser Check

Esther Schindler, who helps edit and produce columns and discussions for
InformationWeek.Com (including mine!), sent along a note about

http://and.doxdesk.com/parasite/
:

    Nice utility page that automatically detects spyware in your
    Windows Explorer browser, and generates instructions for
    removing it....

Thanks, Esther. The page runs a small JavaScript that looks for
"exploitationware"  and other "parasite" add-ons that may have barnacled
themselves to your browser without your knowledge.


Lockergnome Windows Digest] Electronic Toolbar and the Lovers  
Date: 3/16/2003 1:44:12 PM Pacific Standard Time

IE Restrictions v1.0 [478k] W9x/2k/XP FREE

http://www.mywebattack.com/gnomeapp.php?id=105964

IE Restrictions allows you to disable certain modifications to
Internet Explorer. Many of them are commonly abused by invasive
Web sites that, for example, change your home page settings,
modify the toolbar, open pages in full- screen mode, and more.
Others are more of an administrative nature, allowing you to
disable the registry editor, page source viewing, and other
settings. [MWA]


MOSSBERGS'S MAILBAG  WSJ
June 6, 2002  


Software Can Prevent Porn Sites From Monopolizing Start Pages
By WALTER S. MOSSBERG

There's no other major item most of us own that is as confusing, unpredictable and unreliable as our personal computers. Everybody has questions about them, and we aim to help. Here are a few questions about computers I've received recently from people like you, and my answers. I have edited and restated the questions a bit, for readability.

This week my mailbox contained questions about disabling malicious porn site settings, finding a book about Windows XP and printing directly from digital cameras.

Q: A gross porn site, apparently once visited by my teenage son, has taken over my browser and installed itself as my start page. Every time I launch Internet Explorer, this porn page appears, and it spawns multiple other porn pages so fast I can't close them. Even if I go into the settings menu and change the start page back to something I want, the porn page overrides my choice the next time I reboot the PC. How can I get rid of it?

A: Porn sites aren't the only ones who try and take over your browser by changing your start page, which is the Web page that appears first whenever you launch Internet Explorer. Some sleazy marketing sites do this, too. These sites install malicious code on your PC, some of which controls the browser start page setting, overriding your own selections.

But I have found a free program to be very effective in blocking such sabotage. It's called StartPage Guard and was developed by a programmer named Piotr J. Walczak. The program not only kills malicious code and allows you to restore your favorite start page, but it can automatically check to make sure your choice isn't overridden again. You can download StartPage Guard at

www.download.com  (search for "start page") or at http://pjwalczak.com/


Lockergnome Windows Digest] Superimposed Symphony and the Aliasing  
Date: 7/5/2003 4:37:19 PM Pacific Daylight Time

Browser Hijack Blaster v1.0 [393k] W98/2k/XP FREE


Browser Hijack Blaster protects your system from browser hijackers
and spyware that alters your Internet Explorer settings. It runs
in the system tray and silently monitors the settings for IE
Homepage, IE Default Page, IE Search Page, and BHOs (Browser
Helper Objects). If any of these settings are changed, it will
intercept and warn you, giving you the option to undo the changes.
[MWA]


http://www.mywebattack.com/gnomeapp.php?id=106649

http://www.wilderssecurity.net/bhblaster.html


HijackThis

HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. It's up to you to decide what should be removed. Some items are perfectly fine. You should not remove them. Never remove everything. Doing that could leave you with missing items needed to run legitimate programs and add-ins. This Page will help you work with the Experts to clean up your system. For those of you needing instructions on how to Copy and Paste the contents of a text file into a Forum Post, please look at the Table of Contents. A link to the instructions is included.

http://www.tomcoyote.org/hjt/

HiJack This Tutorial

http://hjt.wizardsofwebsites.com/

I think this is a simple answer for the Tutorial:

In This Weekly Issue of ComputorEdge8-29-2003

Digital Dave

Dear Digital Dave,
In the July 18 issue, a reader had a problem with spyware. You advised him to download Ad-aware from Lavasoft to get rid of the problem. I just want to add something you and your readers may want to know.
Ad-aware was unable to detect the spyware that had infested my computer. This pesky program automatically initiated upon computer startup and, no matter what I tried, I couldn’t get rid of it, as it had placed hidden files in various locations on my computer that would detect if parts were being deleted, and miraculously reinstall itself.
Here is what does the trick: Download, unzip, and install Hijack This!

  www.spywareinfo.com/downloads.php#det


This program scans the Registry. This is where some culprits nest to prevent deletion.
Hit the Scan option. When the scan is finished, the Scan button will change into a Save Log button. Press that, and save the log somewhere. Copy the Registry scan and post the results on

   http://forums.techguy.org

for someone knowledgeable to view the contents.
Most of what the log lists will be harmless, so don’t fix anything yet. Someone will be happy to help. Next time, you will know what is and isn’t harmless.





[Lockergnome Windows Digest] SIC 2003 Special Edition  
Date: 8/6/2003 4:01:33 PM Pacific Daylight Time

Secure IE 2003 [3.9MB] W9x/NT/2k/XP US$29.95

The name of this software says it all (well, almost). Secure IE
offers advanced protection from JavaScript, ActiveX controls, and
VB Script, as well as effectively blocking malicious file
downloads. Secure IE offers control over browser security
settings, allowing you full access to trusted sites, while
eliminating the potential nasties found on unknown sites. Pop-up
blocking technology offers built-in elimination of annoying offer
messages. Automatic configuration options let you lock down the
most vulnerable portions of your browser in seconds. Tabbed
browsing rounds out my favorite features of Secure IE,
complimenting security enhancements with this required usability
booster. This app is a must have for anyone who wants to secure
their computer from browsing nasties or just wants to protect the
corporate network from outside threats.
.
http://www.secureie.com/


WinPatrol 5.2
Supports Windows 95, 98, ME, 2000, NT and XP

·    
·     Detect if your default Home Page has been hijacked.

Message #: 291886From: J RAMSent: 8/29/2003 1:32 PM
A.     DAVY...this is the I've seen,and it does a-lot more things including stopping worms and spyware.. it's free


 http://www.winpatrol.com/


Cheers!
Sunny:o)
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9757863
If you use Hijack This http://www.spywareinfo.com/~merijn/files/hijackthis.zip then post the contents of the report so we can help track down what elements in the report you need get rid of.
0
 
LVL 1

Assisted Solution

by:nocddog
nocddog earned 30 total points
ID: 9762487
use regedit, they modified the registry of your IE 6, check the item "Start Page", just change
it to your value.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 44

Expert Comment

by:CrazyOne
ID: 9762546
Some do more than that nocddog some of these things place exe's and dll's on the machine so even if you remove or change the registry settings they are changed back and hijack the home page again.
0
 

Author Comment

by:codenamecharlie
ID: 9762648
well, thank all, points were splitted and given to everyone
0
 

Expert Comment

by:realraul
ID: 10061833
Hi,

I used HijackThis to fix the hijack start up page namely all that starts with http://www.cnww.net... however once I reboot it keeps coming back. I suspect some other
part of the registry must be fixed. I think it is better to consult the experts here on which can be altered and which can't. Hope the experts here can help. Thank you.
-------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 10:00:19 PM, on 1/7/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nutsrv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Winamp\winampa.exe
F:\Program Files\Memofr\Memofr.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\ctfmon.exe
F:\Program Files\iFinger\iFinger.exe
F:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Documents and Settings\YbC\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.cnww.net/serch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.cnww.net/serch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cnww.net/serch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cnww.net/serch.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnww.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cnww.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cnww.net/serch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cnww.net/serch.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnww.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cnww.net/serch.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cnww.net/serch.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cnww.net/serch.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cnww.net/serch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.cnww.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.cnww.net/serch.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.cnww.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.cnww.net/serch.htm
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll__SpybotSDDisabled (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: iFinger - {1624F640-49AC-11D3-8ABD-00C04FA95EE0} - F:\PROGRA~1\iFinger\IFINGE~1.DLL
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - F:\PROGRA~1\FLASHGET\jccatch.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NuTCSetupEnviron] F:\PROGRA~1\RATIONAL\RATION~1\NUTCROOT\bin\ncoeenv.exe
O4 - HKLM\..\Run: [WinampAgent] "F:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Mémo Friends] F:\Program Files\Memofr\Memofr.exe
O4 - HKLM\..\Run: [abaak] regedit -s c:\windows\system\winlog\WIN32log.cer
O4 - HKLM\..\Run: [ziqlog] regedit -s c:\windows\system\winlog\WIN32log.cer
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [] regedit -s c:\windows\system\winlog\WIN32log.cer
O4 - Global Startup: iFinger.lnk = F:\Program Files\iFinger\iFinger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - F:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: iFinger (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {80B38492-FB56-4B0E-ABDD-8B14EB05F9A7} - http://www.directxtras.com/speaksforitself/download/mstts_mary.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37688.1220949074
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C9BEF1E9-21F6-486F-80A2-32D61DE86E5E} - http://www.directxtras.com/speaksforitself/download/ms_sapi.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksforitself/download/speechplugin.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.hotmail.msn.com/activex/HMAtchmt.ocx

0
 

Expert Comment

by:gugu_1500
ID: 10424584
hi realraul,

how did you solve your ie problem? I also faced this problem . How did you get rid of www.cnww.net page from your ie?

gugu
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I spend far too much time on the web keeping up with the news: politics, the environment, computer stuff, the Experts Exchange. It's never-ending. But many of the most informative web pages are overwhelmed with noise: scrolling banners, flashing tex…
Several part series to implement Internet Explorer 11 Enterprise Mode
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now