AndrewB Posted May 5, 2004 Upon opening a new IE browser window, I am greeted with a web page that has every general link to search for. (I.E. Art, Entertainment, Shopping, Electronics, etc...) I also get a pop-up (looks like an ordinary spam pop-up) that says "ALERT !!!! SPYWARE ACTIVITY DETECTED ON YOUR COMPUTER FIND OUT HOW TO REMOVE SPYWARE" The home page on the browser is still set at about:blank, so I'm not sure what the actual address of this annoying general-link site is. AVG keeps detecting spyware and fixing it, but cannot otherwise solve the problem. 0 Share this post Link to post
Liam Posted May 5, 2004 in before "ie sux use moz firephoenix" posts i don't think i've had control of my homepage for a while. i don't really use a homepage, but every few weeks a new spyware changes it to some random half-ass search engine or web portal. hell, right now it's a 404. also, it took spybot a good month to update it's reference file with the solution for this and this. 0 Share this post Link to post
Ichor Posted May 5, 2004 In Tools/Internet Options, what's the address list for the starting page? 0 Share this post Link to post
Captain Red Posted May 5, 2004 I think I had that exact problem. I did manage to fix it with something called "BPS Spyware Remover" uhh, but is also stopped Systray from starting automatically. 0 Share this post Link to post
Use Posted May 5, 2004 Sounds like a browser hijack. Try this tool for scanning and removing them. Be sure to update its signature file after installing. Another useful tool for removing annoying hijacks is called HijackThis, you can google it if this one doesn't work. http://www.softpedia.com/public/scripts/downloadhero/10-17-150/ 0 Share this post Link to post
AndrewB Posted May 5, 2004 What do you mean by update its signature file? Ichor said:In Tools/Internet Options, what's the address list for the starting page? Like I told you, it's about:blank. 0 Share this post Link to post
Bashe Posted May 5, 2004 http://www.doomworld.com/vb/showthread.php?s=&threadid=23262 Check that thread out. It has some stuff in there that might be useful. 0 Share this post Link to post
Ichor Posted May 5, 2004 Oh ok. Have you tried searching for 'about:blank' in your registry? Usually these programs add or change something in the registry anything with 'about:blank' was probably put there by the program. I removed more spyware programs this way. 0 Share this post Link to post
AndrewB Posted May 5, 2004 Well, I ran USE3D's utility, and it fixed my home page, but it did not find any infection for that particular thingy. I guess the problem is half-solved. And no, I don't search the registry for things, because really, nothing productive ever comes out of that. 0 Share this post Link to post
Ichor Posted May 5, 2004 Same here, but in cases like this, it may be necessary. 0 Share this post Link to post
AndrewB Posted May 5, 2004 Search it and what? "Oh, I found an entry that matches my search criteria. Great." 0 Share this post Link to post
Ichor Posted May 5, 2004 Delete it so it won't reset to that website anymore. 0 Share this post Link to post
AndrewB Posted May 5, 2004 You don't just go into the registry and delete things willy-nilly. 0 Share this post Link to post
Ichor Posted May 5, 2004 No, but the last time one of these things changed my home page, I searched for that address in the registry. Then I deleted all instances of that website. Also, there is usually a reference to a strange .exe program (it turned out to be a .reg file on mine). I would then find, and either delete or rename that file so that next time my computer is restarted, the program isn't activated anymore and the home page is no longer being changed. 0 Share this post Link to post
insertwackynamehere Posted May 5, 2004 about:blank is just a link to a blank page I thought, if you don't want anything to popup when you start your browser. 0 Share this post Link to post
AndrewB Posted May 5, 2004 ... Which is exactly why there's something wrong with your computer when about:blank leads to a lame spam search page. 0 Share this post Link to post
Ultraviolet Posted May 5, 2004 Check your hosts file (%systemroot%\Hosts in Win95/98, %systemroot\system32\drivers\etc\hosts in 2k/XP AFAIK) for things being resolved to domains unnecessarily. The only use I can really see for that hosts file when we now have most resolution done by external services is so we can locally block other domains by resolving to localhost (where the data will not be found, and thus nothing loads), but MS has kept it in for whatever reason and now it is used for hijack attempts. I think it can be made read-only, but what you'd really have to do is give access to Administrator only and log in as a restricted account with no permission to modify all that in order to prevent spyware from installing. I don't know if spyware exploits the OS in such a way that it can bypass the permissions system supplied by NTFS, though. Best solution: Don't use an OS of any kind. :P 0 Share this post Link to post
myk Posted May 5, 2004 To fix such a thing manually: Look for the patch editing your registry. Remove it from the INI or config file that deals with additions to the registry (don't recall the name, might vary with the OS anyway.) Then look up the info in that registry patch and fix up the registry entries it fucked with or added. 0 Share this post Link to post
Mordeth Posted May 5, 2004 Could you people please for the love of god use a decent firewall (try ZoneAlarm, it's free!) and browse with all ActiveX / Java options disabled (IE > Tools > Security > Internet Icon + Custom level). Also, run Windows Update once every month or whenever there's news about the next big hole having been plugged. Hijackers are a clear signal that your internet security is not up to par. Patch up, before you catch something really nasty. 0 Share this post Link to post
The Ultimate DooMer Posted May 5, 2004 Ichor said:Oh ok. Have you tried searching for 'about:blank' in your registry? Usually these programs add or change something in the registry anything with 'about:blank' was probably put there by the program. I removed more spyware programs this way. Do you run that from the normal search program (there isn't one in the control panel for searching the registry) or do you just search it manually? 0 Share this post Link to post
Bucket Posted May 5, 2004 Or do this: press ctrl+alt+delete. Go to Task Manager, then Processes. Some processes are obviously from Windows, some less obvious. You have to go through each file, and Google it under the Message Boards. If you get a hit, then someone will be talking about what the file does/where it hides/how to remove it. The simplest solution is to go into the DOS prompt and delete the file manually. 0 Share this post Link to post
Sephiroth Posted May 5, 2004 i HATE spyware, infact i would rather deal with a virus. while some is easy to get rid of, many are a total bitch. if you dont know what you are doing many can and will kill window's networking abilities. once that happens it is just easier to reinstall. the simple fact is that IE is not good to use in this day and age. use of mozilla has cut down 90% of the spyware that my brother would get, and he is an abid porn addict. however mozilla is in no way perfect, there are programs that will get thru it. it helps to be paraniod when working with computers, and mainly with windows. the other fact is this issue will only get worse before it gets better. keep vigilant and do checks every few days. IE may be good but it is also the worlds biggest target, so use something else or live with it. you could use linux/unix but there has to be spyware for that aswell, i have seen none, but that doesnt mean there isnt any. hell i am sure those fuckers at gator/claria are even trying to make a linux version 0 Share this post Link to post
Bashe Posted May 8, 2004 My homepage is getting switched all the time. It's no problem, as it still goes to the homepage I want, just with a little extra nonsense in the http adrress. But, when the homepage comes up, it gives me this gay toolbar. Ad-aware and (amazingly) CWShredder haven't done anything to it. Will it be here forever!? 0 Share this post Link to post
NightmareZer0 Posted May 8, 2004 get a program called zeropopup....do a google search...or get winpatrol 0 Share this post Link to post
Reisal Posted May 9, 2004 Ct_red_pants said:I think I had that exact problem. I did manage to fix it with something called "BPS Spyware Remover" uhh, but is also stopped Systray from starting automatically. BPS Spyware Remover is an illegal ripoff of Spybot S&D, which is free and BPS SW is not. Ad-Aware should get rid of the garbage, and SpywareBlaster should prevent such crap from getting on anymore. 0 Share this post Link to post
Megalyth Posted May 10, 2004 Ad-Aware It checks running processes and deep scans the hard drive and registry for data miners, hijacks, and spyware/malware. When it's done scanning it gives you a list of suspicious objects and a description of each, and allows you to decide which to delete or keep (for instance if you need certain cookies, you can leave them). 0 Share this post Link to post
iori Posted May 11, 2004 I rarely have problems with spyware/shitware/kitchensinkware, and the only things that I've gotten so far have been this damn N-Case shit which has two noticeable programs that it runs constantly: Optimize.exe and ..some other one that resides in the temp folder. I could delete those to no end, so I used spybots 'immunize' feature to get rid of the shit perminantly. 0 Share this post Link to post