Link to home
Start Free TrialLog in
Avatar of shomali
shomali

asked on

restricting porn sites from becoming homepage!!!!!

Hi everyone

my problem is with porn sites..
some porn sites when accessed automaticly download spyware on the computer and reset the IE homepage into one of its own sites. and nomatter howmany time i change back the homepage it keeps resteting back to the porn sites and or "about-blank" site that when opened opens a porn links.
how can i stop this or remove it and how do i prevent it from happening on a clean OS.

Thanks

Shomali
Avatar of scampgb
scampgb
Flag of United Kingdom of Great Britain and Northern Ireland image

Hi shomali,

I suggest that you look at AdAware (http://www.lavasoftusa.com)
This will scan and help remove SpyWare.  The paid versions include a utility that pro-actively stops Spyware infections.

I hope that this helps - let me know if you need any further help.
Some of the experts here have helped in compiling all the important spyware tools and they are listed in this thread
https://www.experts-exchange.com/questions/20975384/Standard-response-material-re-Spyware-Adware-BHOs-and-other-Malware.html

My recommendation would be to start with spybot ,ad-ware ,CWshredder and get the log from Hijackthis and save the log and paste it here http://hijackthis.de/index.php?langselect=english to analyze it  

After installing them, First Update them and then run

Since you have about:blank , try about buster
http://www.majorgeeks.com/download4289.html

SR
Avatar of PsiCop
Ah, you want to "lock down" Windoze. Which is like trying to plug swiss cheese.

First, don't use IE. Its insecure and easily hijacked. ActiveX basically gives anyone free reign on your machine. Go get Mozilla, Netscape, Opera...anything but IE. CERT, and US Dept. of Homeland Security, and any security professional worth the title will tell you not to use IE.

Next, turn off insecure technologies like JavaScript.

If you have a site you just *have* to go to and they are too stupid to support a browser other than IE, then you can crank up IE, but only if you *really* trust them. But still do not use IE for normal websurfing.

Finally, don't use insecure mailreaders like Outlook...in fact, avoid HTML-enabled mailreaders in general. Outlook uses IE as its HTML renderer, so basically this means all of IE's vulnerabilities are available to crackers from your E-Mail account. You don't have to go to their web page, all you have to do is make the mistake of previewing their E-Mail. Use Thunderbird, Netscape, PINE...anything but Outlook.

But if you insist on using M$ for your web-browsing and E-mail, you can count on getting nailed again.
Avatar of purviancej
purviancej

stop going to porn sites? they seem to be the problem
You don't necessarily have to go to the porn site to get hijacked like this. Porn operators will use spammers to send out E-Mails designed to hijack vulnerable browsers, like IE, when read by vulnerable mail readers, like Outlook.
Avatar of shomali

ASKER

I dont go to porn sites , my customers do, i have an internet cafe club .........
anyway...
i tried the about buster and spybot and they both found many spyware but i still have plenty and they didn't fix my homepage, i've tried it on 5 different machines...
Try HIjackthis and get it analyzed in the website , I had given in the first suggestion. If that doesnot help , post the log here for us to analyze

SOLUTION
Avatar of PsiCop
PsiCop
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
How about webroot spy sweeper? that protects hompage! Go here for more info http://www.webroot.com

HTH
>>i tried the about buster and spybot <<

You want to run CWShredder...
http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

...and Ad-Aware (especially if your Windows XP)
http://www.lavasoftusa.com/support/download


If your Windows XP or Windows ME you want to first disable the "System Restore" feature.

Also, all spyware killing should be done in Safe Mode. If not in Safe Mode there may be
spyware (or trojan) tasks running, and that will prevent the killing of them.
Avatar of shomali

ASKER

i tried removing from safe mode and all went well and removed all spyware from startup  but when i went back to normal and reset the homepage it always works for the first time but the next time i open IE it comes back in...anyway
i installed Mozilla Firefox on 3 machines and i will see how it works ,havent seen results yet!!!! but if i decide to install linux on all my machines will it solve this problem permenant or do i need to also install spyware removals like spybot or adaware also, and what is the best version of linux to install and anyother tips about istalling linux would be greatly apreciated

thanks
Shomali
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
use teatimer which comes with spybot. whenever it notices somechange to the registry it notifies you and you can override the homepage from being changed.

If you tick the 'remember this...'  box before you click on deny change then it will stop all further attempts by the program from changing it from your existing hompepage to that particular homepage.

hope this helps, if you need in depth info post here and i'll reply.

regards

BAFP
We take a completely different approach and we use Norton Ghost to reimage each machine back to its original state after each day.  This process takes about 5 minutes to do all machines using a second partition on the same computer.  You can also use a bootable CD-ROM/DVD or diskette.  There are a number of different options you can do with Ghost and if they do get spyware or hijacks then its goes away the next day.  Just another option, but spyware and adware tools seem to work great also.  Since your in the situation of managing computer that the public uses (as we are) then having these utilities may cause a user to disable or become confused by having them popup with messages.

Good luck!
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Yeah, "simple" until some ActiveX control (which gets the run of the machine and can change pretty much anything) changes that Registry key.

A simpler and *more-reliable* solution is to not use IE - remove it from the systems. Use Mozilla, Netscape 7, Opera....almost anything else.
I would add to this thread that the version of spy ware removal supplied by webroot has been more effective at removing really persistant infections. Like the two you have used it also had "resident" features to prevent future infections. When Spybot fails for me I get Spy Sweeper!

"Spy Sweeper"
http://www.webroot.com/