Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Problem with IE

  1. #1
    Junior Member
    Join Date
    Apr 2003
    Posts
    24

    Question Problem with IE

    One of my friend runs a Cyber Cafe and he has one problem. That his home page is changed and no matter if he sets it to blank again. On rebooting it reverts to that site. On some PCs the about blank page of IE has itself been changed.Anyone has got a solution for it....
    Be Cool

  2. #2
    tell your friend to download AdWare. That is probably what it is, some adware or malware.

    I would say though, what is his default?

  3. #3
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    Try running spy bot search and destroy, adaware and then hijackthis if the first two don't fix it , a google search or a search on this site will find the urls and much more info about browser hijacking and how to fix and prevent such things from happening.
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  4. #4
    Senior Member
    Join Date
    Feb 2004
    Posts
    270

    different browser

    Maybe he could use a different browser then EI.

    (yust a thought)
    Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Just another thought,

    When he gets spybot Search & destroy, also get CWShredder. This is a complimentary bit of software that specifically targets Cool Web Search scumware that the regular SpyBot and AdAware might miss. You need to update it every time as it is constantly being updated.

    In spybot (advanced mode) run the "immunization" option and check the three little boxes at the bottom.

    BEWARE:

    AdAware will report two of these protections as malware, this is NOT correct, so don't let AdAware delete them....................it is a known "false positive" between the two products.

    Good luck

  6. #6
    Senior Member
    Join Date
    Feb 2004
    Posts
    201
    From http://www.spywareinfo.com/~merijn/cwschronicles.html

    CWS.Xmlmimefilter
    Variant 34: CWS.Xmlmimefilter - About:blank hacked v2.0
    Approx date first sighted: February 29, 2004
    Log reference: http://computercops.biz/postt21263.html
    Symptoms: IE homepage changed to about:blank, which is changed to a search engine named 'Microsoft Search the Web', mistyped URLs being redirected to this same search engine
    Cleverness: 10/10
    Manual removal difficulty: Involves quite some Registry editing
    Identifying lines in HijackThis log:

    O1 - Hosts: 213.159.117.235 auto.search.msn.com
    O18 - Protocol: about - {53B95211-7D77-11D2-9F80-00104B107C96} - C:\WINDOWS\System32\msxmlpp.dll


    Though the hijacking of the about:blank page was also done by the CWS.Winres variant, this new variant accomplishes it in a much more elegant way. The DLL itself used for handling the 'about:' protocol is changed to a malicious msxmlpp.dll one, displaying a search engine instead of a blank page filled with links to 66.117.38.91.
    Changing the CLSID of the about protocol back to the default {3050F406-98B5-11CF-BB82-00AA00BDCE0B}, deleting the file and removing the hosts file hijack fixes this.
    Easiest way to clean it up is to d/l the CWShredder from http://www.spywareinfo.com/~merijn/downloads.html and run it in safe mode.

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Thanks for the link.................couldn't find it on this box

    AdAware and SpyBot Search & Destroy should also be run in safe mode........I forgot to mention that.

    Your friend needs to run ALL three suggested items, as I am willing to bet that he has more than CWS

    I just fixed a PC at a local hotel...............bagged 106 of the little vermin!

    The problem with a cyber cafe is the users don't care about the equipment and will click on anything, and say "OK" to anything

    I would recommend that you advise your friend to get into a routine of updating and running the three items, at least once a week.

    Cheers

  8. #8
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,066
    Also never hurts to have a little AV protection . I also have a question for you nihil, why should I run spybot S & D in safe mode???
    Thanks in advance.
    I am the uber duck!!1
    Proxy Tools

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hello, The Duck

    I recommend running AV, SpyBot, AdAware and the Shredder in safe mode because some malware (general term I use for all virus/worm/trojan/spy/ad stuff) is actually capable of "defending itself" and will interfere with the running of security programs.

    If you boot into safe mode, you load minimal services, drivers etc, so there is a good chance that the bad stuff won't get loaded.

    Also, your security software might have difficulty in repairing or deleting things that are actually running, so you have a better chance of killing them in "safe"

    And, as you are not running so much, the whole process will go quicker.

    /off topic

    Defragmentation is better run in safe mode, as files that have been locked by normally running processes/services will also get defragmented. A good example would be your anti-virus pattern/signature file?

    /back

    Hope that helps

  10. #10
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,066
    Thanks alot for the info and the advice. I generally give people advice when it comes to defending against "malware" and I have heard that it is better when running the defense programs in safe mode but I never knew why. Now I know, Thanks.
    I am the uber duck!!1
    Proxy Tools

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •