WTF?

Never has this happened before to me.First time I have even heard about Browser Hi Jacking.But I do know this.I can not set a Home Page.

When they say Hi-Jack they really mean it. :blink:

Cut&Pase from : http://www.tweakxp.com/display.aspx?id=123726

"Hijacked IE default Homepage
Views: 797 | Avg. Rating: 4 out of 5 (6 Votes) | 3/16/2004 2:35:56 AM | Print

When you install certain things from some websites, the application would change your default Homepage setting or even add in some URLs, into your "Favourites" folder without you knowing until your next restart.

For certain cases, a simple change of the default homepage setting at the InternetOptions could be enough. However, some hijacks are even harder to crack against. Some can't be fixed even by a useful utility "HijackThis".

To revert back to the original settings that you had, do these;

1. run 'regedit'

2. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

3. at the right window panel, look for the following strings;

* Default_Page_URL
* Default_Search_URL
* Search Bar
* Search Page
* Start Page
* Local Page

4. Double click on each of them and change the values to the URLs of the websites you want IE to start with.
Local Page's value is default as C:\WINDOWS\System32\blank.htm

5. Lastly, restart your computer, and the homepage and searchpage should be the same as what you configured it to be."

Start Page Guard (http://www.spywareinfo.com/downloads/spg/) will make sure that your start page does not get hijacked again but to cure the cause of your problem you need to run some spyware detection programs:

Spy Sweeper (http://www.webroot.com/wb/products/spysweeper/index.php) is the best one, but it's not free. SpyBot S&D (http://www.safer-networking.org/index.php?page=mirrors) is also pretty good, as is Adaware (http://www.lavasoftusa.com/software/adaware/).

A combination of those 3 normally solves the root of the problem, but if not then use CWS Shredder (http://www.spywareinfo.com/~merijn/downloads.html), this is used for tougher spyware ;)

Ok.I have used ad aware and spybot already this morning.I should of mentioned that.Sorry.I also changed the default homepage setting in the InternetOptions.First thing I tryed.

And it still did not fix the problem.I am going to try what you all have Posted and thanks for the help. :)

I just have never heard of this problem.Guess you learn something new everyday. ;)

manker posted it all lol :D

And FC use a real webbrowser :) Internet Explorer is not very secure :ph34r:

BOT

you do know what regedit is?
goto start - run - typein :regedit

Originally posted by Zedaxax@24 June 2004 - 07:30
you do know what regedit is?
goto start - run - typein :regedit
Yes I am doing all that right now.And about to try one of them programs manker talked about.


And no BOT. :P

Originally posted by FuNkY CaPrIcOrN@24 June 2004 - 13:32
And no BOT. :P
Ok but stay away from the pr0n :lol:

Check add/remove programs sometimes You find unwanted programs there.

BOT

One problem I am haveing.

* Default_Page_URL
* Default_Search_URL



I do not see them two.I see all the rest and have changed them. :huh:

http://img2.imageshack.us/img2/7122/untitled184.jpg

Ohhh and I see something that says HOMEOldSP that has that "about:blank" shit. :blink:

hello,

download hijack this here (http://www.spywareinfo.com/~merijn/files/hijackthis.zip).

unzip it into it's own folder. scan and save a log. it will open in notepad so copy and paste the contents here.

Bad thing is that those files generates random filenames and activates themself until You completly remove them.

BOT

Originally posted by dopey@24 June 2004 - 07:44
hello,

download hijack this here (http://www.spywareinfo.com/~merijn/files/hijackthis.zip).

unzip it into it's own folder. scan and save a log. it will open in notepad so copy and paste the contents here.
;) Read what Zedaxax posted that was copied from another site.....

"Some can't be fixed even by a useful utility "HijackThis"."


Now I am really lost. :blink:

that's true, but at least it's a place to start and will usually point to the direction on how to proceed. without it, i really don't know what's going on.

Originally posted by manker@24 June 2004 - 12:15
Start Page Guard (http://www.spywareinfo.com/downloads/spg/) will make sure that your start page does not get hijacked again but to cure the cause of your problem you need to run some spyware detection programs:

Spy Sweeper (http://www.webroot.com/wb/products/spysweeper/index.php) is the best one, but it's not free. SpyBot S&D (http://www.safer-networking.org/index.php?page=mirrors) is also pretty good, as is Adaware (http://www.lavasoftusa.com/software/adaware/).

A combination of those 3 normally solves the root of the problem, but if not then use CWS Shredder (http://www.spywareinfo.com/~merijn/downloads.html), this is used for tougher spyware ;)
Thanks the only thing that worked for me was "StartPage Guard"

The *default page url and search url
are here
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

guy gave wrong string.


You should also take a look at these two tweaks
http://www.tweakxp.com/display.aspx?id=2076

http://www.tweakxp.com/display.aspx?id=123864

After installing all these SpyWare Programs, running them and changeing them strings that Zedaxax listed only one thing worked.

"StartPage Guard" that manker Posted.

Donnie Darko says that is the only thing that worked for him also.

So who knows what kind of spyware it is. :blink:

Thanks to everybody. :)


:frusty: Damn it!Now it is not working.

Ohhh screw it.They can spy on me all they want.I give up!

:lol:

Yeah stoped working for me too :( :angry:

But "hijack this" worked

http://img22.imageshack.us/img22/738/untitled128.jpg


I think me and Donnie Darko got hit with something more then just spy ware. :(

This will solve ALL your Problems : http://www.mozilla.org/products/firefox/

;) :lol:

edited: mistake

Originally posted by FuNkY CaPrIcOrN@24 June 2004 - 13:33
http://img22.imageshack.us/img22/738/untitled128.jpg


I think me and Donnie Darko got hit with something more then just spy ware. :(
naw im fixed now,Did you try hijack this :huh:

Originally posted by Donnie Darko+24 June 2004 - 08:37--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Donnie Darko @ 24 June 2004 - 08:37)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-FuNkY CaPrIcOrN@24 June 2004 - 13:33
http://img22.imageshack.us/img22/738/untitled128.jpg


I think me and Donnie Darko got hit with something more then just spy ware. :(
naw im fixed now,Did you try hijack this :huh: [/b][/quote]
:blink: It says do not delete anything you are not for sure what it is.Show to people who do.It came up with alot of files.But I am not going to delete something I might need to run my PC. :blink:

Live life take changes,pluse it worked for me. :)

Originally posted by FuNkY CaPrIcOrN@24 June 2004 - 13:33
http://img22.imageshack.us/img22/738/untitled128.jpg


I think me and Donnie Darko got hit with something more then just spy ware. :(
the SPG alert is Start Page Guard telling you that something is attempting to change your start page. If you run Start Page Guard you can reset your startpage back to what you want.

however

your problem isn&#39;t fixed. I would run HiJack-This and post a log either here for someone skilled in that area (like dopey or jg427) to decipher or post it in a HiJack-This specialist forum.

Because whatever spyware you have sure is devious, I dont have any other suggestions :o

Hi Jack Log (http://5024596508.corefusion.net/Pictures/hijackthis.log)


:huh: I have no idea what that stuff is. :huh:

Originally posted by FuNkY CaPrIcOrN@24 June 2004 - 13:27
:frusty: Damn it&#33;Now it is not working.

Ohhh screw it.They can spy on me all they want.I give up&#33;

:lol:
:lol: :lol: :lol:

thats funny, but don&#39;t let the bastards win&#33; :lol:

Try this technique:

What you want to do first is reset your homepage to whatever you want it to be. Also, delete any bookmarks that has been automatically added.

Then, Open up spybot. Goup to the top and click mode and then advanced. Some more bars will appear on the left and the one you want to click is tools and then IE tweaks. Check lock IE start page and your done. You won&#39;t be able to change the homepage, they won&#39;t be able to change it. The only way to change it is if they changed the settings in spybot.

Now for the automatic favorite adder. Start up admuncher (provided you own it) and click on the OPTIONS tab and look for "prevent scripts from adding themselves to favorites". Restart, and turn off that startpage guard. See if your homepage is changed after 2 more restarts. If it isn&#39;t thank spybot :)

Originally posted by TheKiler@24 June 2004 - 09:11
Try this technique:

What you want to do first is reset your homepage to whatever you want it to be. Also, delete any bookmarks that has been automatically added.

Then, Open up spybot. Goup to the top and click mode and then advanced. Some more bars will appear on the left and the one you want to click is tools and then IE tweaks. Check lock IE start page and your done. You won&#39;t be able to change the homepage, they won&#39;t be able to change it. The only way to change it is if they changed the settings in spybot.
Damn.That did not even work.I do not know what this is.But somebody got me good. :blink:

Did you look at these two tricks?

i repeat
You should also take a look at these two tweaks
http://www.tweakxp.com/display.aspx?id=2076

http://www.tweakxp.com/display.aspx?id=123864

?
edit: the second one even has a registry package ready for u but try the first one um 1st

The best solution ever:

Get your XP cd. Boot from it. Delete your partition. Create a new partition. Sit back, relax, and follow the instructions on the screen.

Originally posted by Zedaxax@24 June 2004 - 09:36
Did you look at these two tricks?

i repeat
You should also take a look at these two tweaks
http://www.tweakxp.com/display.aspx?id=2076

http://www.tweakxp.com/display.aspx?id=123864

?
edit: the second one even has a registry package ready for u but try the first one um 1st
I am checking them out now Zedaxax.Thanks. :)


*I am going to need sleep soon.lol*

HiJackthis will make a backup copy of any file you fix with it. The backup copy will appear in your hjt folder, just in case.


Close all browser windows, run hjt and checkmark to fix:

R1 - HKCU&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Search Bar = file://C:&#092;DOCUME~1&#092;FUNKYC~1&#092;LOCALS~1&#092;Temp&#092;sp.html
R1 - HKCU&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Search Page = file://C:&#092;DOCUME~1&#092;FUNKYC~1&#092;LOCALS~1&#092;Temp&#092;sp.html
R1 - HKCU&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Search,SearchAssistant = file://C:&#092;DOCUME~1&#092;FUNKYC~1&#092;LOCALS~1&#092;Temp&#092;sp.html
R1 - HKLM&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Search Bar = file://C:&#092;DOCUME~1&#092;FUNKYC~1&#092;LOCALS~1&#092;Temp&#092;sp.html
R1 - HKLM&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Search Page = file://C:&#092;DOCUME~1&#092;FUNKYC~1&#092;LOCALS~1&#092;Temp&#092;sp.html

R0 - HKLM&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Search,SearchAssistant = file://C:&#092;DOCUME~1&#092;FUNKYC~1&#092;LOCALS~1&#092;Temp&#092;sp.html

R1 - HKCU&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {C8ECC921-A38F-4497-86F8-A1484D0C0B8C} - C:&#092;WINDOWS&#092;System32&#092;dhbknjp.dll

Reboot into safemode and delete in bold
C:&#092;WINDOWS&#092;System32&#092;dhbknjp.dll
C:&#092;Documents and Settings&#092;username&#092;Local Settings&#092;Temp&#092;sp.html

reboot in normal mode and post a new hjt log

Were you hijacked by CoolWebSearch? If so, download CWShredder. (http://www.softpedia.com/public/scripts/downloadhero/10-17-150/) It&#39;s never failed me for that particular hijack.

:ninja:

So did you fix it???????????

After all that, check your IE security settings.

One of the things nearly all of these hacks do is set your security settings to LOW. So you clean up the mess left by this attack, but your pc is wide open to the next one that comes along.

Or get a decent borwser, fire fox sake.

You haven&#39;t mentioned what your home page has been changed to.

It&#39;s not KFC.com by any chance, is it?

Trojan.StartPage (http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.html)

This just poped up tonight when I got home from the Concert.I knew it was more then ad ware. :(

FC the experts for HT&#33; are here. h**p://forums.net-integration.net

The hijacker is HomeOldSP about:blank.

The fix I posted earlier would have worked temporarily. It comes back after you reboot. The damn thing has a hidden .dll file that reinstalls it.

The best fix I have run across is in this post at Spyware Info forum. (http://forums.spywareinfo.com/index.php?showtopic=10239) It uses a program called FINDnFIX (http://freeatlast.100free.com/index.html) to track down the hidden .dll.

also "remove" any files in C:&#092;WINDOWS&#092;Downloaded Program Files that you didn&#39;t install.

Ok, the first question anyone should have asked is what do mean exactly by hijack, because there are many ways the browser can be hijacked.

Do you mean each time you start the browser you are taken to a particular page or is there a pop up when you launch the browser or do you get just multiple windows opening for no reason etc.


And very importantly which site are you taken to, because this may be a clue to what type of hijacker this is.

This is very nasty just gets worse and worse time to dump ie full stop?

http://www.theregister.co.uk/2004/06/24/sp...e_crosses_line/ (http://www.theregister.co.uk/2004/06/24/spyware_crosses_line/)

Originally posted by aoyv73@26 June 2004 - 09:28
This is very nasty just gets worse and worse time to dump ie full stop?

http://www.theregister.co.uk/2004/06/24/sp...e_crosses_line/ (http://www.theregister.co.uk/2004/06/24/spyware_crosses_line/)
Good article aoyv73.And like that person said.....




"Self-updating code. Hijacked home pages. Applications installed without your knowledge. Toolbars you don&#39;t want and never asked for. Your movements on the Web are tracked and recorded. All this, and yet we still call this stuff "spyware"?

It&#39;s a sad day for the Internet community when an 8-year-old girl, through a single click, is not only subjected to graphic pornography but has caused a nefarious, hard-to-remove application to be installed. An application that spews porn at every turn — plus gives you links to more porn that cannot be removed without a significant investment in a parent&#39;s time and frustration.

When spyware crosses the line, it&#39;s not spyware anymore. It&#39;s a virus - and in my opinion, should be dealt with by the anti-virus companies."




It is not spyware anymore.And there is a few more threads that have been poping up around here where others are getting hit also.

It bullshit when a man can not even have a good jerk after coming home from the bar at 3 in the morning anymore. :(

I just want my damn homepage back you fucks&#33;&#33; :angry:

*I know there are kids on this forum so sorry for the Language.*

I have been hijacked too :angry: Same problem as FC has :frusty:

Internet Explorer perhaps?

BOT

of course it&#39;s the f*cking MS IE

I switched to Mozilla Firefox, for now. ;)

Hijackd so manny times i just got used to it <_<

Originally posted by Donnie Darko@29 June 2004 - 18:21
Hijackd so manny times i just got used to it <_<
:lol: :lol:


But then again, it&#39;s not fun <_<

>_< damn hijacker.can&#39;t they just hijack some planes or something like that :D


That was not funny again :frusty: