hijaack IE by MSN

Discussion in 'other security issues & news' started by Antonina, Mar 31, 2006.

Thread Status:
Not open for further replies.
  1. Antonina

    Antonina Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    3
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Your updating of Windows probably changed the homepage in the default homepage.

    1. Open your browser IE.
    2. Choose "Tools" in the menu of IE
    3. Choose "Internet Options"
    4. You will see "Home page", change the Address in the page you want.
    5. Click on OK or Apply + OK
     
  3. Antonina

    Antonina Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    3
    Hi,
    Thanks for your attention,

    Please, let me try to explain again. Every time I load IE.exe, it make:
    http://www.microsoft.com/isapi/redir.dll?prd=ie&clcid=0x0416&pver=6.0&ar=home,

    If I change “home page” like you suggest, in the very after moment, it gets back to the line above.

    I used a registry tracer, and saw that when the ie.exe is executed, the values in registry are dynamically changed.

    Again, please, is there any solution to this?

    Than in advance,
    Best regards.
    Ricardo
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If you can't remove it with any of your scanners or you don't have scanners, than you have to do this :

    1. Download HijackThis from this website :
    http://www.merijn.org/
    2. Unzip it and put it in a separate folder, like C:\HJT
    3. Run it and the program will create a HijackThis Log file in this folder.

    4. Visit this forum : http://www.spywareinfoforum.com/
    5. Register yourself and read the FAQ.

    6. Open your HijackThis Log and copy the complete log into a new post under the subforum "Malware Removal" and explain your problem.
    7. Wait until a qualified helper will help you.

    Good luck. :)
    (Wilders doesn't solve HijackThis Logs anymore)
     
  6. Antonina

    Antonina Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    3
    Hi Erik,

    First of all, I would like to thank your time and attention with a seasoned hobbyist programmer, like myself.

    Some times, we just need some little push toward the right direction, isn’t it?

    Like this case, after your suggestions, digging here and there, I found the program “startuplist.exe (http://www.merijin.org)’, and with a little more digging, I discover that loaded in the nth process of Windows is a file ‘iereset.inf’. In one of the last lines, there is the line ‘http://www.microsoft.com/isapi/redir.dll?prd=ie&clcid=0x0416&pver=6.0&ar=home’. Every time you load ‘ie.exe’, this is executed, and dynamically changes the registry.

    Of course, it is a trick from MS. What boggles me is that, despite I have installed in my computer ‘Norton antivirus, spybot, hijaackthis, adaware’, none of this programs was capable of figuring out what is going on, and fix it.

    Even worse, none of these programs was smart enough to know that somebody changed the ‘inf’ file.

    That is the way it is!

    Best regards.

    Ricardo Machado
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    That is definetly the name of a file used when a user selects Tools\Internet Options\Programs....Reset Web Settings. It is also a file that spyware highjackers write to so that when a user resets IE's default settings the user is then re-infected with their hijacker.

    It might pay to take a close look at the enards of that file :doubt:
     
Loading...
Thread Status:
Not open for further replies.