|
|
|
|
|
July 4th, 2004, 05:04 PM
|
|
General
|
|
Join Date: May 2002
Location: Canada
Posts: 3,227
Thanks: 7
Thanked 44 Times in 28 Posts
|
|
OT: about:blank homepage hijacker..
Hello, people
I got hit again by the 'IMPOSSIBLE' to remove hompage hijacker that set my home page to about :blank. But after all attempts to remove it, I thought of a simple solution..
I went to may Favorites folder and created a shortcut (sent to desktop) of the link I want to be and normally is my homepage. (the shrapnel forums login page.)
I then deleted the quick-launch icon for IE and replaced it with the shortcut to the shrapnel forums login page.
What is the diff? well, IE only uses the 'homepage' when no paramiters are given to it when launched. (the default settings) and therefore the about :blank keeps replacing any homepage I set. By telling IE where to go when it is alunched, I no longer goto (or use) the 'homepage option' so for all intensive purposes the about :blank hijacker no longer gets launched and is bypassed alltogeather.
Just thought I'd share this genius solution with any of you that have run into this nasty highjacker.
Cheers!
FYI: running Spybot Search & Destroy, AdAware and HijackThis, dit not succede in removing the about :blank hijacker. even booting in safe mode and deleting 'suspect' .exe's listed in the hijack log file did not fix the problem. Since the only bad thing about this hijacker seems to be the outright theft of your homepage and pointing it to ads for downloading spyware removal programs. I think it's all a conspiracy of these 'removal' program companies to scare you into purchasing their product. I find it very strange that a 'removal' program can detect the hijacker, but is not able to remove it. If you can't remove it, then what is the use of telling me I have it?
[/babble mode off]
[ July 04, 2004, 16:17: Message edited by: David E. Gervais ]
|
July 4th, 2004, 05:14 PM
|
|
Sergeant
|
|
Join Date: Jun 2002
Location: Ottawa, ON, Canada
Posts: 390
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Re: OT: about:blank homepage hijacker..
Or better yet, don't use Internet Explorer.
Grab youself a copy of Mozilla, David, before IE causes your computer to catch on fire and burn your house down.
And if you don't believe that, just wait! With all the problems and holes IE has, it's just a matter of time before some hacker can turn IE into a modern day 'Philadelphia Experiment'.
|
July 4th, 2004, 05:18 PM
|
Brigadier General
|
|
Join Date: Aug 2002
Location: Carlisle, UK
Posts: 1,826
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Re: OT: about:blank homepage hijacker..
|
July 4th, 2004, 05:47 PM
|
|
General
|
|
Join Date: May 2002
Location: Canada
Posts: 3,227
Thanks: 7
Thanked 44 Times in 28 Posts
|
|
Re: OT: about:blank homepage hijacker..
Mozilla downloaded, installed, and now running. Looks good so far. Thanks for the suggestion.
But for you IE diehard fanatic followers that refuse to change Loyalties, my solution/bypass seemed to be working fine.
Cheers!
|
July 4th, 2004, 06:32 PM
|
|
National Security Advisor
|
|
Join Date: Oct 2001
Location: Toronto, Canada
Posts: 5,623
Thanks: 1
Thanked 14 Times in 12 Posts
|
|
Re: OT: about:blank homepage hijacker..
Try using system restore if you have it.
|
July 4th, 2004, 07:02 PM
|
|
Corporal
|
|
Join Date: Jun 2004
Location: texas
Posts: 159
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Re: OT: about:blank homepage hijacker..
an easier way is to go into the system registry ad change the home page value and the home page backup value if you have the actual webpage name you can search your registry for that site name then just delete those keys this wont cause any undue problems for ie
another thing is to check the downloaded program files directory many of these programs set in java applets that automatically reset the home and search pages just click the properties and see what dependencies they have usually a file on the website is listed if so just delete the applet
__________________
Laaanndd!!!! ---lex luthor
se4 code
L+++ GDY $!+ Fr! C+++ SDS T+hot SF* TCP A&++ M++lrn Mp* RO!V Pw++ Fq Nd** RP+ G++ Au Mm+
|
July 4th, 2004, 07:09 PM
|
|
Sergeant
|
|
Join Date: Feb 2003
Location: Finland
Posts: 392
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Re: OT: about:blank homepage hijacker..
This problem can be solved by modifying Windows registry. Check out following path:
HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> Current Version -> Run.
On Run -folder you find every program which are started during windows startup. You should check it for programs you don't know and delete those keys. However, when modifying register, you have to know what you do, for deleting wrong keys can and will screw up your OS. However, it is fairly safe to modify keys in this Run -folder.
Oh, you can start registry editor by Start -> Run and write there regedt32.
__________________
If you give a man a fish, he will eat a day;
But if you teach a man to fish, he will buy an ugly hat;
And if you talk about a fish to a starving man, then you're a consultant
|
July 4th, 2004, 07:38 PM
|
|
Sergeant
|
|
Join Date: Dec 2003
Posts: 251
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Re: OT: about:blank homepage hijacker..
It's most likely CWS. Get CWShredder here: http://www.majorgeeks.com/download4086.html
And if you *must* use IE, visit this page: http://sivran.netfirms.com/IE.html
Follow the instructions, get TrustSetter, SpywareBLaster, Spywareguard, and ScriptSentry from the links provided. It's all free, and your IE browsing will be safer for it.
As others have said, and as CERT and the US Government have strongly suggested, you should switch to an alternative browser.
Edit: If CWShredder fails to clean it up (and if it is CWS, even CWShredder might fail. Some variants of CWS are very nasty), visit http://www.dslreports.com/faq/8428 - If you've followed those steps, and still you have problems, make a post here: http://www.dslreports.com/forum/security and someone will help you.
[ July 04, 2004, 18:41: Message edited by: Sivran ]
|
July 4th, 2004, 10:01 PM
|
|
General
|
|
Join Date: May 2002
Location: Canada
Posts: 3,227
Thanks: 7
Thanked 44 Times in 28 Posts
|
|
Re: OT: about:blank homepage hijacker..
FYI: I'm not a newb when it comes to compters. I did all the rededit, cwshredder etc, etc. whe the instructions say to boot in safe mode, I prefer to boot in DOS and delete the 'suspicious' files that way. I'm an old DOS school person.
It's deeper than this. When I launch my homepage with a shortcut, I check the internet settings and there is no sign of about :blank. I clean the registry and there are no instances of about :blank (I changed them all to point to the shrapnel forums login page.) When I launch IE the regular way that has it load the 'default' homepage,.. about :blank gets installed again.
as for the 'run' thing, I have nothing running in the background. That is a pet peve with me. it's the first thing I make a point to do. turn off all those useless 'boot at startup' things that you can simply acces when needed and are not needed to be running all the time.
even turning off and removing all these references to boot-up programs there are still more 'Processes' running than suits my fancy. but I don't know what processes are 'safe' to turn off.
Windows is a 'processing pig' there are too many things running that rarely get used in any of my normal sessions on my computer. One good example is the nVidia nvcpl that allways seems to manage to be running in the background. it basically is there if I want to activate the dual-display thing. I only have the one monitor so it's a useless waste of resources. e-mail to nVidia asking how to turn it off came back negative. they basically say turn off the 'nview' function in the display propeties but it is already 'Off'. So why does this boot at startup if it is not used? beats me. I even deleted the nvcpl.dll and it still managed to get back in the system.
No! it's not a virus, I have scanned my system and it comes out clean as a whistle. and this app does not seem to have adverse effects on my comp, it's just annoying that it boots and is not needed.
anyway, enough babbling, Cheers!
Edit: I'm now using Mozilla. I'll give it a good test run and see if everything stays this way.
[ July 04, 2004, 21:07: Message edited by: David E. Gervais ]
|
July 5th, 2004, 08:25 AM
|
|
Sergeant
|
|
Join Date: Feb 2003
Location: Finland
Posts: 392
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Re: OT: about:blank homepage hijacker..
Okay, this seems to be tough case. I would have bet it was something in your Run -folder in Registry. Though, once there was one exe, which would install the virus every time I booted my computer. The situation was so, that merely deleting the virus itself diidn't solve the problem, but finding out which was the virus' installation executalbe, deleting it and removing its key from Run -folder in registry.
However, you said there is nothing in your Run -folder, so this is to no help. However, I put here a link to one thread in computer discussion group (its in finnish), but you can see the links in this particular thread, and can follow them. Take a look, there propably is some programs you haven't tried yet. How to get rid of banners, pop ups, etc.
__________________
If you give a man a fish, he will eat a day;
But if you teach a man to fish, he will buy an ugly hat;
And if you talk about a fish to a starving man, then you're a consultant
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is On
|
|
|
|
|