-
April 16th, 2004, 07:19 AM
#1
Junior Member
Problem with IE
One of my friend runs a Cyber Cafe and he has one problem. That his home page is changed and no matter if he sets it to blank again. On rebooting it reverts to that site. On some PCs the about blank page of IE has itself been changed.Anyone has got a solution for it....
Be Cool
-
April 16th, 2004, 07:27 AM
#2
tell your friend to download AdWare. That is probably what it is, some adware or malware.
I would say though, what is his default?
-
April 16th, 2004, 07:27 AM
#3
Try running spy bot search and destroy, adaware and then hijackthis if the first two don't fix it , a google search or a search on this site will find the urls and much more info about browser hijacking and how to fix and prevent such things from happening.
Do unto others as you would have them do unto you.
The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
-- true colors revealed, a brown shirt and jackboots
-
April 16th, 2004, 08:12 AM
#4
different browser
Maybe he could use a different browser then EI.
(yust a thought)
Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?
-
April 16th, 2004, 08:12 AM
#5
Just another thought,
When he gets spybot Search & destroy, also get CWShredder. This is a complimentary bit of software that specifically targets Cool Web Search scumware that the regular SpyBot and AdAware might miss. You need to update it every time as it is constantly being updated.
In spybot (advanced mode) run the "immunization" option and check the three little boxes at the bottom.
BEWARE:
AdAware will report two of these protections as malware, this is NOT correct, so don't let AdAware delete them....................it is a known "false positive" between the two products.
Good luck
-
April 16th, 2004, 01:40 PM
#6
From http://www.spywareinfo.com/~merijn/cwschronicles.html
CWS.Xmlmimefilter
Variant 34: CWS.Xmlmimefilter - About :blank hacked v2.0
Approx date first sighted: February 29, 2004
Log reference: http://computercops.biz/postt21263.html
Symptoms: IE homepage changed to about:blank, which is changed to a search engine named 'Microsoft Search the Web', mistyped URLs being redirected to this same search engine
Cleverness: 10/10
Manual removal difficulty: Involves quite some Registry editing
Identifying lines in HijackThis log:
O1 - Hosts: 213.159.117.235 auto.search.msn.com
O18 - Protocol: about - {53B95211-7D77-11D2-9F80-00104B107C96} - C:\WINDOWS\System32\msxmlpp.dll
Though the hijacking of the about :blank page was also done by the CWS.Winres variant, this new variant accomplishes it in a much more elegant way. The DLL itself used for handling the 'about :' protocol is changed to a malicious msxmlpp.dll one, displaying a search engine instead of a blank page filled with links to 66.117.38.91.
Changing the CLSID of the about protocol back to the default {3050F406-98B5-11CF-BB82-00AA00BDCE0B}, deleting the file and removing the hosts file hijack fixes this.
Easiest way to clean it up is to d/l the CWShredder from http://www.spywareinfo.com/~merijn/downloads.html and run it in safe mode.
-
April 16th, 2004, 02:57 PM
#7
Thanks for the link.................couldn't find it on this box
AdAware and SpyBot Search & Destroy should also be run in safe mode........I forgot to mention that.
Your friend needs to run ALL three suggested items, as I am willing to bet that he has more than CWS
I just fixed a PC at a local hotel...............bagged 106 of the little vermin!
The problem with a cyber cafe is the users don't care about the equipment and will click on anything, and say "OK" to anything
I would recommend that you advise your friend to get into a routine of updating and running the three items, at least once a week.
Cheers
-
April 18th, 2004, 02:57 AM
#8
Also never hurts to have a little AV protection . I also have a question for you nihil, why should I run spybot S & D in safe mode???
Thanks in advance.
-
April 18th, 2004, 03:49 AM
#9
Hello, The Duck
I recommend running AV, SpyBot, AdAware and the Shredder in safe mode because some malware (general term I use for all virus/worm/trojan/spy/ad stuff) is actually capable of "defending itself" and will interfere with the running of security programs.
If you boot into safe mode, you load minimal services, drivers etc, so there is a good chance that the bad stuff won't get loaded.
Also, your security software might have difficulty in repairing or deleting things that are actually running, so you have a better chance of killing them in "safe"
And, as you are not running so much, the whole process will go quicker.
/off topic
Defragmentation is better run in safe mode, as files that have been locked by normally running processes/services will also get defragmented. A good example would be your anti-virus pattern/signature file?
/back
Hope that helps
-
April 18th, 2004, 04:33 AM
#10
Thanks alot for the info and the advice. I generally give people advice when it comes to defending against "malware" and I have heard that it is better when running the defense programs in safe mode but I never knew why. Now I know, Thanks.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|