Solved

XP SP2: Admin cannot change homepage, Hosts file, maybe more?

Posted on 2006-07-04
17
2,375 Views
Last Modified: 2008-01-09
Hi all,

I recently got to the point of needing to re-install Windows XP on my laptop.  The base OEM install is XP Home SP1-and-a-bit, and thereafter I added SP2 (the downloaded network-install distribution) and ran Microsoft Update to get all new post-SP2 patches.  In addition to the criticals, I installed Media Player 10 and .NET Framework 2.0, and only then did I get down to personalizing my system.

One of my first actions was to change the IE homepage to http://www.google.co.uk but to my dismay, the change just wouldn't stick.  A number of attmepts, setting it in different locations, but it remained stuck on uk.msn.com (possibly my worst nightmare).  I even had a go at it in the Registry, but was prevented with an Access Denied message!  (This was as an Administrator-level user)

I found that I was able to make the change only by rebooting in Safe Mode.  It was the same story with my attempts to modify the Windows HOSTS file: only possible in Safe Mode.  Now, at this point I had installed no other software except ZoneAlarm, and I've discounted this as the issue persists with ZA disabled.  I'm behind a secure router/firewall, I didn't connect to any websites other than Windows Update and Microsoft Update (and MSN, briefly), and I overwrote the MBR when I reinstalled, so surely it can't be malware.  There was nothing suspicious in the HOSTS file - just the loopback entry - and MSN, for all its ills, isn't a phishing or malware site to my knowledge.

My only conclusion was that Windows is actually protecting itself, and quite robustly at that.  I'm a bit confused because I've run SP2 since its release (and kept up-to-date with later patches) but never faced these restrictions before.

Can anyone clear this up for me?  If this is down to new Windows security functionality, is there a web page with more information about it?  I'm keen to know what other restrictions I might run into, and whether there's any easy way to control them.

Thanks in advance.
0
Comment
Question by:Havin_it
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
  • +3
17 Comments
 
LVL 19

Expert Comment

by:simpswr
ID: 17038632
I don't recall anything native in XP that protects the home page, but there are other antispyware tools that do. . You have not loaded any antiSpyware programs? . Windows Defender may protect against home page changes.
0
 
LVL 97

Expert Comment

by:war1
ID: 17038671
Greetings, Havin_it !

With Windows XP Home, you cannot use the Security tab unless you are in Safe Mode.  But nothing native to Windows XP else should block your access to IE home page and Windows Hosts file.

There was a bunch of security updates in June, including the IE June Cumalative Patch. One of the updates could have changed somethings.

Best wishes!
0
 
LVL 10

Author Comment

by:Havin_it
ID: 17038722
No, just the programs mentioned above.  The only software bundled with the OEM image is WinDVD 4, which I've never used, and a couple of Toshiba utilities (which were installed before without these issues).  I'm about to install AVG Free antivirus and will run a scan when I do,  but at the moment I'd consider this a clean-room install.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Author Comment

by:Havin_it
ID: 17038731
^^That was in answer to simpswr BTW.
0
 
LVL 19

Expert Comment

by:simpswr
ID: 17038759
Sure sounds like it should be clean . . but if it works in safe mode and not in norml, it has to be something running at startup.  You could disable half of the items in msconfig to see if it changes anything . . then half of the half left and so on . . until you ID the culprit
0
 
LVL 5

Expert Comment

by:Silly_Burrito
ID: 17038778
I'm wondering if Windows Defender was installed as one of your post SP2 patches. It protects against a home page change, and it may well be doing so here.
0
 
LVL 10

Author Comment

by:Havin_it
ID: 17038834
@Silly_Burrito:  Defender is not installed, unless it's become a helluvalot better hidden than when I tried out the first beta.  Nothing untoward in the tasklist nor icons in the Systray.
0
 
LVL 10

Author Comment

by:Havin_it
ID: 17039104
A correction:  when I attempted to edit HKCU\Software\Microsoft\Internet Explorer\Main > Start Page value, the actual error message was not Access Denied. It was:

Cannot edit Start Page: Error writing value's new contents.

Looking in the various 'Run' keys, there's nothing there that wasn't there before - just the Toshiba utilities, Intel graphics driver utility, and ZoneAlarm.

One thing I did notice in MSCONFIG, was that among those same startup entries there was one completely blank line (whose box was checked).  It referred to the Run key under HKLM, same as the others, but there is no other value there (except the empty '(default)' string).  Is this normal?  I suspect not...

Wonder if my install is just royally b0rked.  The only hiccup I encountered during the reinstall was the network went down while downloading the post-SP2 patches, but the downloaded items installed without complaint and I was able to finish the remaining updates after a reboot.
0
 
LVL 19

Expert Comment

by:simpswr
ID: 17039188
Blank lines in msconfig startup are not unusual . . I just uncheck them when I encounter them.  

Have you check the update page to see if any did not install? . . look in Show installed updates
0
 
LVL 19

Expert Comment

by:simpswr
ID: 17039195
What brand is the pc? . . the XP install disc came with it?
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 17039226
Found this page with your error message:

http://forums.techguy.org/web-email/474543-solved-cannot-alter-default-hp-3.html

The advice at the bottom of the thread may be helpful:

These steps apply to computers with Microsoft Windows XP SP2+ only.

Open the Manage Add-ons window in Internet Explorer:
Open Internet Explorer, click Tool, and then select Manage Add-ons.
Or
Right click the Internet Explorer icon on your desktop, select Properties, click the Programs tab, and then click the Manage Add-ons button.
In the Show drop-down list, select Add-ons that have been used by Internet Explorer.
Scroll through the list of add-on programs. Suspicious add-ons may be listed as Browser Helper Objects or Toolbars in the Type column.
To disable an unwanted add-on: Click the name of the add-on in the list, select Disable, and then click OK in the message box that appears.
Click the OK button to close the Manage Add-ons window, and then close Internet Explorer or the Internet Properties window.
0
 
LVL 59

Accepted Solution

by:
LeeTutor earned 200 total points
ID: 17039258
Here's another (and take note of the difference between ZoneAlarm Free vs. Pro):

http://forums.spybot.info/showthread.php?p=31552

A quote of the passage near the bottom of the thread:

If it is Zone Alarm FREE 6.5.xxx, just shutting ZA down is insufficient. You need to stop it from loading on start up, shut it down and restart your PC to change your home page as there is no option to stop it from locking the home page when the services it loads are running (and these are not stopped just by shutting down ZAclient). This is a major bug that has been reported several times on the ZA forums.

If it is ZA Pro, there is an option in Program Control -> Main -> Program Control -> Custom -> OSFirewall and make sure "...home page" isn't set to Deny.
0
 
LVL 19

Expert Comment

by:simpswr
ID: 17039291
Looks like Lee is on to something . .
0
 
LVL 10

Author Comment

by:Havin_it
ID: 17039815
Yup, looks like we have a winner - thanks Lee.

It's the Free ZA I use, and having rebooted with it disabled I was able to change both the IE homepage and HOSTS file at will.

One one hand, it is a glaring bug - ZA even has a setting for 'lock hosts file' which is unchecked by default, but clearly not really!  On the other, I guess it's good to know that these things can't be wantonly changed without heavy intervention on my part even when I'm running as an Admin (not that I do unless necessary).

The Spybot item you quote mentions 'services' (plural) still running after zlclient is closed, but I thought the 'TrueVector Internet Monitor' was the only one added by ZA.  Is there another?  (Presumably I could simply stop these via services.msc rather than have to reboot.)
0
 
LVL 30

Assisted Solution

by:Marc Z
Marc Z earned 50 total points
ID: 17040020
Probably will have to reboot because ZA also has a setting, Protect Zone Alarm Client so if it shuts down, I belive it either locks up system or restarts without notice.

But you could try, look for vsmon also.
0
 
LVL 10

Author Comment

by:Havin_it
ID: 17048988
Apologies for dragging my heels...

Thanks Lee for the solution and mtzof4 for the further info.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question