spywareguard malfunction

Discussion in 'SpywareBlaster & Other Forum' started by chimpobites, Jan 22, 2004.

Thread Status:
Not open for further replies.
  1. chimpobites

    chimpobites Registered Member

    Joined:
    Jan 22, 2004
    Posts:
    3
    A spywareguard warning window comes up every time I boot up telling me that there has been an attempt to change my IE settings warning my home page has been changed from www.ebay.com to www.ebay.com which doesn't compute .
    It gives me the option to reset back to what it was or accept the new one.. I have chosen both options several times and the warning window still comes up every time I boot up..
    Can someone advise? :p
     
  2. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    What version of Windows are you running? Also, are you running the latest verson of SpywareGuard (2.2)? (You can find the version number of SpywareGuard by opening the main control panel - see the instructions below.)

    The following may help - please let me know:

    1.) Shut down SpywareGuard by double-clicking on the red "SG" icon in your system tray and choosing the File menu > Exit. (Then click "Yes" on the prompt.)
    2.) Browse to the folder you installed SpywareGuard in: by default this is C:\Program Files\SpywareGuard.
    3.) Delete the file named "config.ini".

    That may resolve the problem temporarily, completely, or not at all. Please let me know. :)

    Best regards,

    -Javacool
     
  3. chimpobites

    chimpobites Registered Member

    Joined:
    Jan 22, 2004
    Posts:
    3
    Thanks for your very prompt response .. I am using Windows XP professional..I am also using the 2.2 version of spyware guard.. I use it in conjunction with spyware blaster.. I will try the solution you suggest. This problem started around the same time as I downloaded some new definitions for the earthlink Spyware Blocker that is part of my email program...
    :) o_O
     
  4. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Ahah! You may have hit the nail on the head. :D

    This may be due to a conflict between SpywareGuard's browser hijacking protection, and Earthlink's Spyware Blocker (although I can't be sure).

    Is there a "real-time" or "Active Shield" browser protection/shield component for that Earthlink Spyware Blocker? If so, could you try disabling it to see if the problem still occurs with SpywareGuard?

    Thanks!

    -Javacool
     
  5. chimpobites

    chimpobites Registered Member

    Joined:
    Jan 22, 2004
    Posts:
    3
    I deleted the ini file but the window came up again after I did a reboot
    i got the same Spywareguard browser protection alert. window telling me about my home page..
    .
    The Earthlink spyware blocker works like adaware.. you run a scan the you can disable what it finds.. It doesn't work in the background as a shield preventing the spyware from entering it just trys to find them when you activate a scan.. So I don't know if that is the issue..
    Do you have any other suggestions.. Maybe I should just uninstall and reinstall spywareguard.. Will uninstalling through the control panel add remove programs get it all or do I need to take additional steps to clean it out. before a fresh reinstall..?
    :p
     
  6. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Could you please doubleclick on the red "SG" icon again, open the "Reports" area of the program, and copy & paste the entire log here?

    Thanks!

    -Javacool
     
  7. john poitras

    john poitras Guest

    I can highlight the log report buy when I right click on it there is no response so for whatever reason windows is not allowing me to copy and paste it..
    So I am freehanding it.. There are 8 duplications of this same paragraph the only difference being the date and time.. and the action taken... in some cases it has RESTORE OLD VALUE instead of KEEP NEW VALUE

    BROWSER HIGHJACK ALERT - BROWSER PAGE CHANGED

    On 11:20:043 01/21/2004 a browser page change was detected
    Registry location : HKCU\software\microsoft\internet\explorer\main\
    Value name: Start page
    Old Value : http://www.ebay.com
    New Value: http://www.ebay.com/
    User action taken:KEEP NEW VALUE
     
  8. john poitras

    john poitras Guest

    I don't know if this makes a difference but i noticed that the
    Old value address and new value address in every case have
    a "/ " after the com sometimes with the new value and sometimes with the old value and in all cases the old or new value paired with it lacks the "/"

    For example .. Old Value: http//www.ebay.com/
    New Value: http//www.ebay.com

    also shows.. .. Old Value: http//www.ebay.com
    New Value: http//www.ebay.com/
     
  9. jvickers01

    jvickers01 Guest

    I'm having the same problem, only mine occurs about every THIRTY SECONDS!! AAACK!

    Here's a small section of the SG report (it's way too ridiculously long to post the whole thing!!)

    Help!


    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 21:45:07 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.msn.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 21:45:37 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.msn.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 21:46:07 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.msn.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 21:46:40 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.msn.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 21:47:08 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.msn.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 21:47:38 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.msn.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE
     
  10. jvickers01

    jvickers01 Guest

    Even more intersting, I changed my default homepage setting to comcast.net, and now the SG warning looks like this:

    Old Value: http://www.comcast.net/comcast.html
    New Value: http://www.msn.com

    So....what could possibly be triggering the change to msn.com?? I don't think this is malware, it must be some default setting other than in Tools > Internet Options... > General > Home page.

    Hmmmmm....I'm going to keep poking around. It's gotta be in there somewhere!
     
  11. jvickers01

    jvickers01 Guest

    I don't know if I've completely resolved the problem or not, but I've at least been able to stop the madness temporarily.

    From the SG report below, it looks like a case of "duck season/wabbit season". I purposefully changed my default from msn.com to comcast.net, then later to dellnet.com. Look carefully at the changes from and to, and what my requested action was. Something in there just doesn't add up! However, that last one shows that I finally gave in to msn.com, and warnings stopped.

    I can't wait to see what happens when I boot up in the morning!

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:37:44 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.comcast.net/comcast.html
    New Value: http://www.dellnet.com/
    User Action Taken: KEEP NEW VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:38:06 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.dellnet.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:38:41 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.dellnet.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:38:51 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:39:22 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:39:58 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:40:22 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:41:00 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:41:26 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:43:45 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:43:58 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.dellnet.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:44:24 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:44:54 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:45:28 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:45:56 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:46:27 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:47:02 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:47:27 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.dellnet.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:47:58 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:48:28 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:48:59 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.dellnet.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:49:29 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.dellnet.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:50:02 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:50:34 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:51:02 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:51:32 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.dellnet.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:52:03 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.dellnet.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:52:33 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.dellnet.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:53:06 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:53:38 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:54:05 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.dellnet.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:54:35 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.dellnet.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:55:06 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.dellnet.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:55:39 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:56:36 01/24/2004 a browser page change was detected.
    Registry Location: HKLM\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.msn.com
    New Value: http://www.dellnet.com
    User Action Taken: RESTORE OLD VALUE

    --------------------------------------------------------------------------------
    BROWSER HIJACK ALERT - BROWSER PAGE CHANGED
    On 22:56:51 01/24/2004 a browser page change was detected.
    Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\
    Value Name: Start Page
    Old Value: http://www.dellnet.com/
    New Value: http://www.msn.com
    User Action Taken: KEEP NEW VALUE
     
  12. john poitras

    john poitras Guest

    I was unable to stop the malfunctioning hijacked browser window warning so I uninstalled spywareguard.
    Does anyone know if that bug will be fixed in the next version of spyware guard?
     
  13. PhilipCataldo

    PhilipCataldo Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    9
    I am having a similar problem when I changed my start page and default page settings in RegEdit. Did you uninstall SpywareGuard and then re install it? Did that fix the problem? I assume that SpywareGuard takes a "picture" of the settings when it is loaded and can't/won't update those settings because it can't tell the difference between a hijack and a manual change.

    Someone had a problem with a / mark in there settings. I solved that by adding the / in Regedit and it solved the problem. I don't know where the / came from but by adding it in regedit the error message went away.

    I don't want to change the start and default page settings back to the original if there is any other way to solve this problem. Did anyone find a solution?

    Thanks, Phil
     
Thread Status:
Not open for further replies.