Solved

HiJacked?

Posted on 2004-03-29
8
399 Views
Last Modified: 2013-12-28
Hi,

my Internet explorer is rendered completely unusable by multiple windows that come up whenever I use IE. Its some form of search page. I have repeatedly changed my homepage back to google from a best-search.cc page and it keeps going back. The windows also occure if I go directly to another page by clicking an outlook express link. I get the page of the link but then the windows start openning. If you press any key whilst the window is open it says "Page loading, please wait" but it never loads it just opens another wiindow about every 5 seconds. This is really annoying and I tried using netscape to get around the problem and I find it keeps grinding to a halt. Please help I love win98 and don't want to have to leave it.

Cheers,
Chris
0
Comment
Question by:chrispadbury
  • 3
  • 2
8 Comments
 
LVL 44

Accepted Solution

by:
CrazyOne earned 50 total points
Comment Utility
This little didy will get rid of some of the more well known Home page Hijackers.
CoolWebShredder
http://www.spychecker.com/program/coolwebshredder.html
here is a description of what it does
http://www.softpedia.com/public/cat/10/17/10-17-143.shtml
Features:

· Redirections to CoolWebSearch related pages
· Redirections when mistyping URLs
· Redirections when visiting Google
· Enormous IE slowdowns when typing
· IE start page/search page changing on reboot
· Sites in the IE Trusted Zone you didn't add
· Popups in Google and Yahoo when searching
· Errors at startup mentioning WIN.INI or IEDLL.EXE
· Unable to change or see certain items in IE Options
· Unable to access IE Options at all

download here
http://www.spychecker.com/download/download_coolwebshredder.html
----------------------------------

And/or

Hijack This and BHODemon and Browser Hijack Blaster

Hijack This http://www.spywareinfo.com/~merijn/files/hijackthis.zip | Written by a member of our support forums and based on our Hijacked! article, this program scans the locations in your computer system that may be modified by browser hijackers and fixes any problems found. An easy-to-understand tutorial is available at TomCoyote.org.

http://www.spywareinfo.com/downloads.php?cat=sp#det
BHODemon http://www.spywareinfo.com/downloads/bhod/ | Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. This program is my choice for BHO detection and is highly recommended.

Browser Hijack Blaster http://www.wilderssecurity.net/bhblaster.html | Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenver one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings.
==========================


Could be malware has installed itself on your system that is the causing this. The following utilities can help you find and remove most known malware. The first two are free and I would suggest to use both of them because neither is 100% in finding malware but using both together helps find what the other may have missed.

spybot here
http://www.safer-networking.org/
Download
http://spybot.safer-networking.de/index.php?lang=en&page=download

AdAware
http://www.lavasoftusa.com/

Spycop:
http://www.spycop.com/

General and overall information about Spy/Adware
http://www.cexx.org/adware.htm
0
 
LVL 44

Expert Comment

by:CrazyOne
Comment Utility
Sart > Run msconfig
Click on the tab marked "Startup"
unckeck all items except System Tray and Explorer.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
0
 

Author Comment

by:chrispadbury
Comment Utility
I have put up images of the homepage, window that comes up as well as my win98 task list

home:
http://www.chrispadbury.f9.co.uk/home.jpg

window:
http://www.chrispadbury.f9.co.uk/popup.jpg

tasks:
http://www.chrispadbury.f9.co.uk/tasks.jpg
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 38

Assisted Solution

by:BillDL
BillDL earned 50 total points
Comment Utility
The utilities quoted by CrazyOne will provide the means to eradicate the culprits and in particular, a couple of them will reset your homepage to the default by overwriting the relevant registry keys.

For future reference, you can stop standard (non-HiJacked or spyware-spawned) popup windows by installing one of those utilities designed for this purpose.  I like Popup Stopper by Panicware (http://www.panicware.com/product_downloads.html#PopupStopper) for its simplicity and ease of use, although it doesn't stop ALL popups depending on the code used in web pages to cause the popups.

Most of these utilities allow you to bypass the restriction by holding Ctrl or Shift as you click a link.  Otherwise, they flash an icon in the system tray and buzz you (or whatever) when actively stopping popups.

You have a particularly long list of running processes in the screenshots shown on your web page.  In case, for some reason, these screenshots become unavailable for those who visit the page later, here's a list.  I've grouped the common Win98 ones at the top with an asterisk, and commented them, any ommitted are simply those applications you are obviously to enable you to post this message:

* Explorer
* Stimon
* Systray
* Rundll32

Soundman - Sound Manager System Tray utility installed by the drivers for Realtek Avance Logic based soundcards

Ptsnoop - background program used by PCTEL modems for functionality

-----------------------------------------

Seemingly normal ones (but read notes)
-----------------------------

Khooker - SiS Keyboard Daemon.  System Tray utility which gets installed by the drivers of the latter day SiS VGA cards.  The utility itself is not of much use in our opinion and may occasionally be contributing to Windows startup problems, although we have not been able to establish this for certain.  Recommendation : Delete using  The Ultimate Troubleshooter (http://www.answersthatwork.com/TUT_pages/TUT_information.htm)

Point32 - Microsoft Intellipoint software for their Intellimouse series of mice – previously implemented as a DLL but now as an EXE file.
Recommendation :
If you are using Win98/ME/XP/2000/2003, then unless you are using specific advanced features, we recommend fully de-installing the Intellipoint software via the "Add/Remove Programs" icon in the Control Panel, as most of the standard Intellipoint features have been integrated into the above operating systems, and the Intellipoint software does create [sometimes significant] problems under specific conditions.  Note :  programmers using the Microsoft IDE (Integrated Development Environment) and who use the web wheel on their mouse, will need to keep this task as that is the only way that they will be able to use the web wheel from within the IDE.
Source : http://www.answersthatwork.com/Tasklist_pages/tasklist_p.htm

Nprotect - Norton Utilities program that protects your Recycle Bin by adding an extra layer of safety to the deletion of information from your PC.  Recommendation :
Leave untouched.  If you want to remove it, do so via the Norton Utilities’ control screen.
(http://www.answersthatwork.com/Tasklist_pages/tasklist_p.htm)
 
Vshwin32 - Background real-time virus scanning task for McAfee VirusScan (McAfee calls it the "On-access scanner").  This task runs in the background and scans files as you use or create them.

Pts -  I think this is to do with the Kodak Picture Transfer Service probably installed with your Kodak digital camera, but I am not sure.

Winampa - Background task from Winamp which has two purposes :  on the one hand it provides the Winamp System Tray icon, and on the other it maintains file associations so that other applications do not take over file associations which Winamp normally handles.  As a System Tray icon Winamp is rarely used; most users use Winamp through double-clicking on an MP3 file rather than through actually starting it through Start \ Programs.  Therefore, for most users there is no need for a Tray icon which just adds to the clutter.  More worryingly, in our experience WINAMPA seems to cause unexplained crashes in Netscape and Internet Explorer, and a few other programs.  Disabling WINAMPA totally seemingly gets rid of the crashes.  Recommendation :
Disable Winamp Agent.  Right-click on the  Winamp  icon in the System Tray and choose  Disable Winamp Agent.  Reboot your PC.
(http://www.answersthatwork.com/Tasklist_pages/tasklist_w.htm)

Qttask - Apple’s QuickTime Tray Icon which enables you to start QuickTime from the System Tray (from version 5 onward).  Given the extremely simple functionality of this Tray icon, it is a totally unreasonable resource hog – it has been measured to use as much as 1.5Mb of memory at times.
Recommendation :
Disable it immediately, as follows – Start QuickTime through "Start \ Programs", choose the "Edit \ Preferences" menu option, select "QuickTime Preferences" from the right-hand side menu, uncheck the box next to QuickTime System Tray icon.  In version 6, however, this is done differently : double-click on the QuickTime icon in the Control Panel to bring up the QuickTime Settings panel, choose Browser Plug-in in the drop-down at the top, and then uncheck QuickTime System Tray icon.  Next, disable or delete it with  The Ultimate Troubleshooter  if it still shows in  The Ultimate Troubleshooter (http://www.answersthatwork.com/TUT_pages/TUT_information.htm).  You can always start QuickTime through "Start \ Programs" or through double-clicking on a quicktime file.
(http://www.answersthatwork.com/Tasklist_pages/tasklist_q.htm)

Dcfssvc - Kodak DC (Direct Connection) File System Driver.  Part of Kodak Digital Camera software.  Essential to the operation of the Kodak digital cameras that it is associated with.  It runs in the background and fools the operating system into thinking that the camera connected to the PC via the USB port is in fact a hard disk drive, thereby allowing the end-user to transfer pictures from the camera to his PC.
(http://www.answersthatwork.com/Tasklist_pages/tasklist_d.htm)

Usbmonit - Associated with the above perhaps, or maybe just your own usb activity monitor.  Do you really need it?


-------------------------------------

Unknown ones
------------------

Mame - Don't know about this, but I assume it might be something to do with online gaming?

Pfgw - ???

Ertray - A utility that dials 911 from your system tray when you get shot while gaming? :-)
Don't know what it is, really.

------------------------------------------

Do you really need this?
-------------------------------

Gamechannel - Wild Tangent Web Driver – Background task installed with games from Wild Tangent.  This background task notifies you of new or updated Wild Tangent games whilst also supposedly making it faster for you to access your Wild Tangent games – it will also automatically download in the background updated version of your current games (if configured to do so).  GAMECHANNEL will also show in the Task List of new PCs (2002), such as Hewlett-Packard’s Pavilion range, as they come pre-installed with demo versions of Wild Tangent games. Some Wild Tangent games :  Atomic Pop, Betty Bad, Blackhawk Striker, Blasterball 2, BlasterBall Wild, Cannonballs, Dark Orbit, Dice Jam, Excavation, Gem Master, Hit the Pros, Honeycombs, Kublox, Men in Black II CROSSFIRE (& Extreme version), SabreWing, Slyder, Snowboard Extreme, Space Rocks, Virtual Warfare. Recommendation :
This task consumes Internet bandwidth unnecessarily and unless you use your PC primarily for games, you should disable it with  The Ultimate Troubleshooter  (our preferred method) – it is not needed to run your games. Another way to disable it is by right-clicking the Wild Tangent icon in the System Tray, taking OFF all ticks, and clicking OK.  Other issues with this task include problems with Internet access as a result of the task crashing in the background, and Internet Explorer crashes.  If you do not play any Wild Tangent games, you should consider de-installing anything "Wild Tangent" in the "Add/Remove Programs" in the Control Panel.

-----------------------------------

YOU DEFINITELY DON'T WANT THESE!!
===========================

*** Save ***

Depending on the version this will show as SAVENOW, SAVE, or WHENUSAVE in Windows 95/98/ME, and it will show as SAVENOW.EXE or SAVE.EXE in Windows NT4/2000/XP.  In theory SaveNow (also called WhenUSave in newer versions of the program – SAVE.EXE is the newer program file) is a program that brings you relevant coupons and offers and alerts you to various deals and services when you surf the web.  SaveNow is installed on your computer as a module that will have come with WhenUShop or other software that you downloaded from the Internet.  SaveNow intercepts website addresses you type in your browser’s address bar, and search words you enter on search engine sites, and uses those words to display popup advertising of deals and bargains which are related to the type of sites you are visiting, or the type of searches you have been making.  In our opinion SaveNow/WhenUSave is both spyware (what else is it sending to its central site from your PC?) and an intensely annoying parasite while you are browsing the web, and we do mean "intensely" !
Recommendation :
Remove immediately !  Go to "Start \ Settings \ Control Panel \ Add/Remove Programs", select "SaveNow" (or "WhenUSave", or just "Save"), and click "Add/Remove".  Also run either Ad-Aware or Spybot Search & Destroy.


*** Whagent and Whsurvey ***

The main component of webHancer.  First, what webHancer Corporation say about webHancer :  "webHancer Customer Companion resides on the end-user’s computer where it transparently monitors Internet performance.  blah, blah, blah."

Our translation :  spyware.  Software like this has no business being on your PC.  We consider it an invasion of the end-user privacy.  In most cases webHancer comes bundled with free or cheaply priced software.  Versions of Audio Galaxy, iMesh, and Wildcat Web Optimizer include it.

Recommendation :
Any software like webHancer which sends information back to a central server about almost any Internet activity that you perform, will inevitably have a negative performance effect on your Internet browsing, particularly if you connect via modem or ISDN, rather than via ADSL or Cable Modem.  As if this were not enough webHancer sometimes prevents the installation of software (WinZip), it crashes too often on bootup with illegal operations, PCs suffer blue screens or illegal operations mentioning WHAGENT.  But it gets worse :  hastily getting rid of webHancer will in most cases either prevent your PC from accessing the Internet, or you will suffer endless crashes in your browser.  Unbelievable, and unacceptable.  This is virus-like behaviour, pure and simple.  It is our view that webHancer is about the worst piece of spyware there is.

The best way we have found of getting rid of webHancer is :
(1) Remove webHancer Customer Companion through the "Add\Remove Programs" icon in the Control Panel.
(2) Reboot.
(3) Finally, download SpyBot Search & Destroy (or any of the others mentined by CrazyOne), install it, run it, and say yes to the removal of any remaining webHancer components.  If you are lucky, this will work and you will be able to access the Internet without crashes.  If not, you will need to go to the webHancer website, www.webhancer.com, download "webHancer Customer Companion", install it, reboot your PC, and then go through the same process

(source: http://www.answersthatwork.com/Tasklist_pages/tasklist_w.htm)

-----------------------------------------

I suggest that you go first to your Start > Run option and type MSCONFIG then click "OK"
Go to the Startup tab and uncheck all except System Tray and ScanRegistry.  Apply the change, then reboot BEFORE attempting to get rid of anything through "Add/Remove Programs" or via one of the Spyware utilities.  This disables all unnecessary processes from loading and you will have more success at removing them.

Hope this is of some help to you, Chris.
0
 
LVL 38

Expert Comment

by:BillDL
Comment Utility
Sounds like a good suggestion, Lee.
0
 
LVL 38

Expert Comment

by:BillDL
Comment Utility
Thank you LeeTutor and modulo
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now