If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Address Bar Auto Search
When I type a bad url into my address bar it goes to: http://web.yoursearchfinder.com/apps...=search+string I however want it to go to the default... "The page cannot be displayed" screen in internet explorer. I have checked the registry every where under the branch... HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ and couldn't find any url other than Google searches... I cannot figure out how this freaking program is hijacking my IE. Ad-aware doesn't remove this... Any suggestions? Jeff |
Ads |
#2
|
|||
|
|||
Address Bar Auto Search
In Internet Explorer, go to Tools Options Clear History:
Check here for expert Advice: news://msnews.microsoft.com/microsof...er.ie6.browser Andre "Jeff M" wrote in message ... When I type a bad url into my address bar it goes to: http://web.yoursearchfinder.com/apps...=search+string I however want it to go to the default... "The page cannot be displayed" screen in internet explorer. I have checked the registry every where under the branch... HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ and couldn't find any url other than Google searches... I cannot figure out how this freaking program is hijacking my IE. Ad-aware doesn't remove this... Any suggestions? Jeff |
#3
|
|||
|
|||
Address Bar Auto Search
You might try downloading and running 'Hijack this' to remove programs
that hijack your browser. Jeff M wrote: When I type a bad url into my address bar it goes to: http://web.yoursearchfinder.com/apps...=search+string I however want it to go to the default... "The page cannot be displayed" screen in internet explorer. I have checked the registry every where under the branch... HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ and couldn't find any url other than Google searches... I cannot figure out how this freaking program is hijacking my IE. Ad-aware doesn't remove this... Any suggestions? Jeff |
#4
|
|||
|
|||
Address Bar Auto Search
Hi Jeff - Sounds like this might be a variant of some malware called
CoolWebSearch (if CWShredder doesn't fix it, then see AdAware, SpyBot, and HijackThis, below, in that order). Read all of this carefully first, then do the following in order: #########IMPORTANT######### Before you try to remove spyware using any of the programs below, download both a copy of LSPFIX he http://www.cexx.org/lspfix.htm AND a copy of Winsockfix http://www.tacktech.com/pub/winsockfix/WinsockFix.zip Directions he http://www.tacktech.com/display.cfm?ttid=257 The process of removing certain malware may kill your internet connection. If this should occur, these programs, LSPFIX and WINSOCKFIX, will enable you to regain your connection. NOTE: It is reported that in XP SP2, the command netsh winsock reset will fix this problem without the need for these programs. You can also try this if you're on XP SP1. There has also been one, as yet unconfirmed, report that this also works there. #########IMPORTANT######### #########IMPORTANT######### Show hidden files and run all of the following removal tools from Safe mode when possible. Reboot and test if the malware is fixed after using each tool. HOW TO Enable Hidden Files http://service1.symantec.com/SUPPORT...02092715262339 #########IMPORTANT######### Sometimes the tools below will find files which they are unable to delete because they are in use. A program called Copylock, here, http://noeld.com/programs.asp?cat=misc#CopyLock can aid in the process of "replacing, moving, renaming or deleting one or many files which are currently in use (e.g. system files like comctl32.dll, or virus/trojan files.)" Another is Killbox, he http://download.broadbandmedic.com/Killbox.exe Download and run Stinger.exe, he http://download.nai.com/products/mca...rt/stinger.exe or from the link on this page: http://vil.nai.com/vil/stinger/ Download sysclean.com , from Trend Micro, he http://www.trendmicro.com/download/dcs.asp along with the latest pattern file, he http://www.trendmicro.com/download/pattern.asp Be sure to read the "How-to" info he http://www.trendmicro.com/ftp/products/tsc/readme.txt (You might also want to get Art's updater, SYS-UP.Zip, here for future updating of these: http://home.epix.net/~artnpeg/). (If you download and use the updater from the beginning, it will automatically handle downloading the other files.) Place them in a dedicated folder after appropriate unzipping. Disable Restore if you're on XP or ME (directions he http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm), then boot to Safe mode (HowTo he http://service1.symantec.com/SUPPORT...01052409420406) Do a complete scan of your system in Safe mode and clean or delete anything it finds. Reboot to normal mode and re-run the scan again. This scan may take a long time, as Sysclean is VERY extensive and thorough. Download, UPDATE before running, and run: http://209.133.47.200/~merijn/files/CWShredder.exe or he http://hem.bredband.net/b157129/f/cwshredder.zip or he http://www.softpedia.com/public/scri...ero/10-17-150/ or he http://www.zerosrealm.com/downloads/CWShredder.zip to remove the parasite. Be sure to close all instances of IE and OE. There's a good tutorial about CWS and using CWShredder he http://www.bleepingcomputer.com/foru...rial=47#domain BE SURE that you get v.1.59.0.1 or later! You will need to show Hidden files first and then at the end clear the malware garbage from your System Restore backups after you've cleaned up. It's best to perform CWShredder (and most other malware fixers too) from Safe mode and then reboot. AFTER cleaning things up, then you can disable and then re-enable System Restore. See ******** below. The following links give instructions on how to do these various functions: HOW TO Restart in Safe Mode http://service1.symantec.com/SUPPORT...01052409420406 HOW TO Enable Hidden Files http://service1.symantec.com/SUPPORT...02092715262339 HOW TO Disable/Flush System Restore (do this at the end AFTER cleaning or use the suggested procedure for XP at the ******'s) http://service1.symantec.com/SUPPORT...01111912274039 (WinXP) http://service1.symantec.com/SUPPORT...01012513122239 (WinME) or http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm (Both) Then download and run: http://www.kellys-korner-xp.com/regs.../iegentabs.reg to restore your tabs and remove any restrictions that the parasite has put in place. Now download and run: http://www.kellys-korner-xp.com/regs...oreSearch2.REG to restore your search functions if they've been affected (as they probably will have been). Be sure that you also download and install hotfix Q816093, he http://support.microsoft.com/?kbid=816093 which blocks the exploit upon which this parasite family depends. Another program which performs a similar function to CWShredder (which is no longer beinging updated unfortunately) is xcleaner_free (there's a more extensive paid version also) available here which should also be freshly downloaded and run after you run CWShredder: http://www.xblock.com/download-freeware.shtml However, this also indicates that you may have acquired some other malware along the way. If you go to this page at Jim Eshelman's site, he http://aumha.org/a/noads.htm and wait a little bit (be patient), an analysis of a number of possible parasites on your machine will be made to help you identify and remove them. NOTE: You will need to disable Ad Blocking in Zone Alarm 3.x or later, if present or any other Ad Blocking software which interferes with Java Scripting for this scan to work. You should get a message between the two lines of **** giving the results of the scan. Get Ad-Aware SE Personal Edition, he http://www.lavasoftusa.com/support/download/. UPDATE, set it up in accordance with this: http://forum.aumha.org/viewtopic.php?t=5877 or the directions immediately below and run this regularly to get rid of most "spyware/hijackware" on your machine. If it has to fix things, be sure to re-boot and rerun AdAware again and repeat this cycle until you get a clean scan. The reason is that it may have to remove things which are currently "in use" before it can then clean up others. Configure Ad-aware for a customized scan, and let it remove any bad files found..... Begin Setup Directions Then, courtesy of NonSuch at Lockergnome, open Ad-aware then click the gear wheel at the top and check these options to configure Ad-aware for a customized scan: General activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal" Scanning activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry," "Scan my IE Favorites for banned sites," and "Scan my Hosts file" Tweaks Scanning Engine activate this: "Unload recognized processes during scanning." Tweaks Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot." Click "Proceed" to save your settings, then click "Start." Make sure "Activate in-depth scan" is ticked green, then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next." The bad files will be listed. Right click the pane and click "Select all objects" - This will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?" End Setup Directions Courtesy of http://www.nondisputandum.com/html/anti_spyware.html: HINT: If Ad Aware is automatically shut-down by a malicious software, first run AWCloak.exe, http://www.lavasoftnews.com/downloads/AAWCloak.exe, before opening Ad Aware. When AAWCloak is open, click “Activate Cloak”. Than open Ad Aware and scan your system. Another excellent program for this purpose is SpyBot Search and Destroy available he http://security.kolla.de/ SpyBot Support Forum he http://www.net-integration.net/cgi-b.../ikonboard.cgi. I recommend using both normally. After UPDATING and fixing ONLY RED things with SpyBot S&D, be sure to re-boot and rerun SpyBot again and repeat this cycle until you get a clean "no red" scan. The reason is that SpyBot sometimes has to remove things which are currently "in use" before it can then clean up others. Note that sometimes you need to make a judgement call about what these programs report as spyware. See here, for example: http://www.imilly.com/alexa.htm Both of these programs should normally be UPDATED and run after doing any other fix such as CWShredder and, as a minimum, normally at least once a week. If they don't fix it then start he Download HijackThis, free, he http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.) You may also get it here if that link is blocked: http://www.majorgeeks.com/downloadge...8baee6434cfc13 or he http://www.bleepingcomputer.com/file...hijackthis.zip There's a good "How-to-Use" tutorial he http://computercops.biz/HijackThis.html In Windows Explorer, click on Tools|Folder Options|View and check "Show hidden files and folders" and uncheck "Hide protected operating system files". (You may want to restore these when you're all finished with HijackThis.) Place HijackThis.exe or unzip HijackThis.zip into its own dedicated folder at the root level such as C:\HijackThis (NOT in a Temp folder or on your Desktop), reboot to Safe mode, start HT (have ONLY HT running - IE MUST be closed) then press Scan. Click on SaveLog when it's finished which will create hijackthis.log. Now click the Config button, then Misc Tools and click on Generate StartupList.log which will create Startuplist.txt Then go to one of the following forums: Spyware and Hijackware Removal Support, he http://forums.spywareinfo.com/ or Net-Integration he http://www.net-integration.net/cgi-b...ST;f=27;t=6949 or Tom Coyote he http://forums.tomcoyote.org/index.php?act=idx or Jim Eshelman's site he http://forum.aumha.org/ or Bleepingcomputer he http://www.bleepingcomputer.com/ or Computer Cops he http://www.computercops.biz/forums.html Register if necessary, then sign in and READ THE DIRECTIONS at the beginning of the particular site's HiJackThis forum, then copy and paste both files into a message asking for assistance, Someone will answer with detailed instructions for the removal of your parasite(s). Be sure you include at the beginning of your post a description of "What specific problem(s)/symptoms you're trying to solve" and "What steps you've already taken." ******* ONLY IF you've successfully eliminated the malware, you can now make a new, clean Restore Point and delete any previously saved (possibly infected) ones. The following suggested approach is courtesy of Gary Woodruff: For XP you can run a Disk Cleanup cycle and then look in the More Options tab. The System Restore option removes all but the latest Restore Point. If there hasn't been one made since the system was cleaned you should manually create one before dumping the old possibly infected ones. ******* Once you get this cleaned up, you might want to consider installing Eric Howes' IESpyAds, SpywareBlaster and SpywareGuard here to help prevent this kind of thing from happening in the futu IESpyads - https://netfiles.uiuc.edu/ehowes/www/resource.htm "IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC." Read carefully. http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active X installs) (BTW, SpyWareBlaster is not memory resident ... no CPU or memory load - but keep it UPDATED) The latest version as of this writing will prevent installation or prevent the malware from running if it is already installed, and it provides information and fixit-links for a variety of parasites. http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to install malware) Keep it UPDATED. All three Very Highly Recommended Next, install and keep updated a good HOSTS file. It can help you avoid most adware/malware. See he http://www.mvps.org/winhelp2002/hosts.htm (Be sure it's named/renamed HOSTS - all caps, no extension) Additional tutorials he http://www.bleepingcomputer.com/foru...wt utorial=51 (detailed) and he http://www.spywarewarrior.com/viewtopic.php?t=410 (overview) Finally, be sure that you have a good hardware or software firewall and an AntiVirus installed, and bring your OS up-to-date with ALL Critical updates from Windows Update. -- Please respond in the same thread. Regards, Jim Byrd, MS-MVP In , Jeff M typed: When I type a bad url into my address bar it goes to: http://web.yoursearchfinder.com/apps...=search+string I however want it to go to the default... "The page cannot be displayed" screen in internet explorer. I have checked the registry every where under the branch... HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ and couldn't find any url other than Google searches... I cannot figure out how this freaking program is hijacking my IE. Ad-aware doesn't remove this... Any suggestions? Jeff |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Search Companion does not search | Chad Harris | The Basics | 4 | October 5th 04 08:29 AM |
Search Companion does not search | Chad Harris | Windows XP Help and Support | 4 | October 5th 04 08:29 AM |
Search Companion does not search | Chad Harris | New Users to Windows XP | 4 | October 5th 04 08:29 AM |
Google Results for xp boot.ini | Judas | General XP issues or comments | 1 | August 27th 04 09:59 PM |
Why is XPSP2RES.DLL specifying a base load address? | Paul Barrett | Windows Service Pack 2 | 4 | August 26th 04 03:19 PM |