XP SP2: Admin cannot change homepage, Hosts file, maybe more?

Hi all,

I recently got to the point of needing to re-install Windows XP on my laptop.  The base OEM install is XP Home SP1-and-a-bit, and thereafter I added SP2 (the downloaded network-install distribution) and ran Microsoft Update to get all new post-SP2 patches.  In addition to the criticals, I installed Media Player 10 and .NET Framework 2.0, and only then did I get down to personalizing my system.

One of my first actions was to change the IE homepage to http://www.google.co.uk but to my dismay, the change just wouldn't stick.  A number of attmepts, setting it in different locations, but it remained stuck on uk.msn.com (possibly my worst nightmare).  I even had a go at it in the Registry, but was prevented with an Access Denied message!  (This was as an Administrator-level user)

I found that I was able to make the change only by rebooting in Safe Mode.  It was the same story with my attempts to modify the Windows HOSTS file: only possible in Safe Mode.  Now, at this point I had installed no other software except ZoneAlarm, and I've discounted this as the issue persists with ZA disabled.  I'm behind a secure router/firewall, I didn't connect to any websites other than Windows Update and Microsoft Update (and MSN, briefly), and I overwrote the MBR when I reinstalled, so surely it can't be malware.  There was nothing suspicious in the HOSTS file - just the loopback entry - and MSN, for all its ills, isn't a phishing or malware site to my knowledge.

My only conclusion was that Windows is actually protecting itself, and quite robustly at that.  I'm a bit confused because I've run SP2 since its release (and kept up-to-date with later patches) but never faced these restrictions before.

Can anyone clear this up for me?  If this is down to new Windows security functionality, is there a web page with more information about it?  I'm keen to know what other restrictions I might run into, and whether there's any easy way to control them.

Thanks in advance.
LVL 10
Who is Participating?

Improve company productivity with a Business Account.Sign Up

LeeTutorConnect With a Mentor retiredCommented:
Here's another (and take note of the difference between ZoneAlarm Free vs. Pro):


A quote of the passage near the bottom of the thread:

If it is Zone Alarm FREE 6.5.xxx, just shutting ZA down is insufficient. You need to stop it from loading on start up, shut it down and restart your PC to change your home page as there is no option to stop it from locking the home page when the services it loads are running (and these are not stopped just by shutting down ZAclient). This is a major bug that has been reported several times on the ZA forums.

If it is ZA Pro, there is an option in Program Control -> Main -> Program Control -> Custom -> OSFirewall and make sure "...home page" isn't set to Deny.
I don't recall anything native in XP that protects the home page, but there are other antispyware tools that do. . You have not loaded any antiSpyware programs? . Windows Defender may protect against home page changes.
Greetings, Havin_it !

With Windows XP Home, you cannot use the Security tab unless you are in Safe Mode.  But nothing native to Windows XP else should block your access to IE home page and Windows Hosts file.

There was a bunch of security updates in June, including the IE June Cumalative Patch. One of the updates could have changed somethings.

Best wishes!
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Havin_itAuthor Commented:
No, just the programs mentioned above.  The only software bundled with the OEM image is WinDVD 4, which I've never used, and a couple of Toshiba utilities (which were installed before without these issues).  I'm about to install AVG Free antivirus and will run a scan when I do,  but at the moment I'd consider this a clean-room install.
Havin_itAuthor Commented:
^^That was in answer to simpswr BTW.
Sure sounds like it should be clean . . but if it works in safe mode and not in norml, it has to be something running at startup.  You could disable half of the items in msconfig to see if it changes anything . . then half of the half left and so on . . until you ID the culprit
I'm wondering if Windows Defender was installed as one of your post SP2 patches. It protects against a home page change, and it may well be doing so here.
Havin_itAuthor Commented:
@Silly_Burrito:  Defender is not installed, unless it's become a helluvalot better hidden than when I tried out the first beta.  Nothing untoward in the tasklist nor icons in the Systray.
Havin_itAuthor Commented:
A correction:  when I attempted to edit HKCU\Software\Microsoft\Internet Explorer\Main > Start Page value, the actual error message was not Access Denied. It was:

Cannot edit Start Page: Error writing value's new contents.

Looking in the various 'Run' keys, there's nothing there that wasn't there before - just the Toshiba utilities, Intel graphics driver utility, and ZoneAlarm.

One thing I did notice in MSCONFIG, was that among those same startup entries there was one completely blank line (whose box was checked).  It referred to the Run key under HKLM, same as the others, but there is no other value there (except the empty '(default)' string).  Is this normal?  I suspect not...

Wonder if my install is just royally b0rked.  The only hiccup I encountered during the reinstall was the network went down while downloading the post-SP2 patches, but the downloaded items installed without complaint and I was able to finish the remaining updates after a reboot.
Blank lines in msconfig startup are not unusual . . I just uncheck them when I encounter them.  

Have you check the update page to see if any did not install? . . look in Show installed updates
What brand is the pc? . . the XP install disc came with it?
Found this page with your error message:


The advice at the bottom of the thread may be helpful:

These steps apply to computers with Microsoft Windows XP SP2+ only.

Open the Manage Add-ons window in Internet Explorer:
Open Internet Explorer, click Tool, and then select Manage Add-ons.
Right click the Internet Explorer icon on your desktop, select Properties, click the Programs tab, and then click the Manage Add-ons button.
In the Show drop-down list, select Add-ons that have been used by Internet Explorer.
Scroll through the list of add-on programs. Suspicious add-ons may be listed as Browser Helper Objects or Toolbars in the Type column.
To disable an unwanted add-on: Click the name of the add-on in the list, select Disable, and then click OK in the message box that appears.
Click the OK button to close the Manage Add-ons window, and then close Internet Explorer or the Internet Properties window.
Looks like Lee is on to something . .
Havin_itAuthor Commented:
Yup, looks like we have a winner - thanks Lee.

It's the Free ZA I use, and having rebooted with it disabled I was able to change both the IE homepage and HOSTS file at will.

One one hand, it is a glaring bug - ZA even has a setting for 'lock hosts file' which is unchecked by default, but clearly not really!  On the other, I guess it's good to know that these things can't be wantonly changed without heavy intervention on my part even when I'm running as an Admin (not that I do unless necessary).

The Spybot item you quote mentions 'services' (plural) still running after zlclient is closed, but I thought the 'TrueVector Internet Monitor' was the only one added by ZA.  Is there another?  (Presumably I could simply stop these via services.msc rather than have to reboot.)
Marc ZConnect With a Mentor Commented:
Probably will have to reboot because ZA also has a setting, Protect Zone Alarm Client so if it shuts down, I belive it either locks up system or restarts without notice.

But you could try, look for vsmon also.
Havin_itAuthor Commented:
Apologies for dragging my heels...

Thanks Lee for the solution and mtzof4 for the further info.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.