Posted on 07/19/2004 11:15:57 PM PDT by jra
Does anyone have a fix for this homepage hijacker BESIDES telling me to load Mozilla?
Don't visit Drudge is the first step you can take. His sight is riddled with unsafe spyware. That's likely where you picked it up.
Go to what was once your homepage in Internet Explorer by typing the URL in the address bar. Once the page has loaded, locate the icon in the Address bar, hold the left mouse key down and drag it over the "home" icon and drop it there, that will set that page as your home page.
I've been going to the Drudge Report for about 6 years.
I've never picked up spyware or anything else dangerous from it in all that time.
Not exactly sure to what you are referring, but try AdAware, SpyBot Search & Destroy 1.3, and CW Shredder.
Get thee behind a firewall, preferably hardware and software.
Check out this site: http://www.zone-x.com/spybot.php for some other helpful info.
Load Opera? ;-)
His site is riddled with popup advertising. Popup advertising and spyware are two different beasts.
Could you give a little more detail about your problem? It sounds like you just need to set your homepage to some URL - whatever you want.
Here's even more:
http://computercops.biz/article-5199-nested-0-0.html
Thanks for calling this to attention; I learned something.
Good luck!
Drudge is necessary for me too. Never had a problem.
Download a program called "Hijack This". I fix many of my friends computers, and they'll pick up this problem sometimes at questionable websites. More than likely, besides hijacking your current home page setting, the javascript or active x component also changed registry settings which will change it back again after you fix it when you reboot. You'll likely need to change those registry settings to prevent a re-occurance. The easiest way for a novice is third-party utilities such as Hijack This. I believe the utility is still available as freeware at cnet.com, for example.
What operating system do you have?
Is your "About Blank" home page being hijacked to MSN.com?
Details here:
http://www.freerepublic.com/focus/f-news/1168134/posts
Hijacked! New Browser Exploits Plague Web
various sites | 07-09-04 | The Heavy Equipment Guy
The good news? It can be fixed-
The not-so-good?
You will have to learn a lot of new stuff, probably join the forums listed, quit using Internet Exploder, except for MS updates. But it can be cured, only took me 2-3 weeks...
My provisional theory is that a programmer at AdAware has a rectal-cranial inversion. Yes, there is a hack that uses the name "about:blank," but that is also the name of the default blank page. Surely any programmer who can find Russian spies on your computer could figure out a way to tell the difference between the default blank page and a box of malware named "about:blank." |
ping
Any time you have something like this come up, just put the name into GOOGLE.. You will get any number of sites that are dedicated to getting rid of this trash..
http://computercops.biz/article-5199-nested-0-0.html
The above link contains the following instructions...
1) With “Reglite.exe” find name of hidden file:
Double Click on “AppInit_DLLs” located in “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows” The “value” window reveals the hidden file name. (mine was “hlpl.dll”, yours may be different!) In this example let’s call it “hidden.dll”
2) Rename the hidden file:
Close Windows and reboot using “Windows Recovery Console” Go to “c:Windowssystem32” and do two things. Change file from read only by typing “attrib –r hidden.dll” Then rename it (I don’t know why, but this procedure did not work until I renamed it) type “rename hidden.dll nasty.dll” (and remember that “hidden.dll” is for this explanation only use the name you found earlier) Type “exit” and reboot to Windows.
3) Edit registry to remove hidden file
Run “reglite.exe” again. Double Click on “AppInit_DLLs” located in “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows” Delete the file in “value” window, the “size” window changes also. “Apply” changes and exit “reglite.exe”
4) Edit registry to remove the second file
Run “HiJackThis.exe” and scan the registry. Check the boxes to remove the following entries:
“R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank” (as you can see my second .dll was called “jheckb.dll” yours may be different) For this example let’s call it “obvious.dll”.
Finally delete the two .dlls (“hidden.dll” and “obvious.dll”) You should be running again.
By the way, if you go offline with Internet Explorer and type OK To these nasty adware windows you will see the guys who benefit. From this hijacker. I found:
www.palsol.com
www.likesurfing.com
www.vn.msie.cc (the real web page)
They seem to be selling “adware/spyware protection” Pass the word, Boycott them, Who needs to be extorted for “protection money”?
I wouldn't suggest messing around in the registry file unless you know what you are doing. The slightest typo will possibly render your system unbootable.
Laugh!
Or telling you to get a Mac or switch to Linux. I know what you mean. You ask for help with a tune-up and folks tell you to get a new car.
From what I have been reading, that is where the spyware comes from. But no matter, a visit to Drudge will result in anywhere from 3 to 7 spyware programs being desposited into your computer. A debate over where they came from only clouds the issues.
It is easy enough to test for. Do you have a spyware removal program?
Use Firefox, like me. I only use IE for sites that refuse to use standard html style.
That periodically happens to me, whenever I remove a "data miner" via Ad-Aware. What's up with that? I just assume it's some form of crap I get for using Media Player.
The Mac folks are the best. You ask for help with your Chevy, and they tell you to buy a Lexus.
"I wouldn't suggest messing around in the registry file unless you know what you are doing. The slightest typo will possibly render your system unbootable."
Neither do I, that's why I use Hijack This. It prints out a registry log and you simply check the registry files you wish deleted.
Checking the wrong file could be a problem, but there is risk in everything we do...just be careful and double check.
If you use “about Blank” as your home page and it’s getting hijacked to MSN.com, it may be Lavasoft’s Ad-aware doing it.
It seems that some hacker is disguising itself with the “About Blank” home page setting.
To combat this, Ad-aware version 6.181 flags the “About Blank” home page setting as a “Possible” hijack attempt. If you allow Ad-aware to fix it, Ad-aware will reset your home page to the Windows default, MSN.com.
To avoid this, when the Ad-aware scan is done and the bad guys are listed, right click on possible browser attempt and select “Add selection to the ignore list” this will stop Ad-aware from resetting your home page to MSN.com.
Ad-aware and SpyBot.
I've never been infected. The only thing they ever find is tracking cookies. No big deal there.
I visit Drudge several times a day. Never have I picked up any Spyware or browser Hijackers.
As far as browsers go, I have Netscape 4.7, Opera, Mozilla, IE and iRider all installed and used at one time or another. They've all been to Drudge Report one time or another. No program installations of any kind short of temporary Java stuff.
Pop-up ads and cookies are another matter. iRider is very effective with pop-up ads so I very rarely ever see one. Cookies are deposited on my machine by nearly every Web site I visit. I don't consider that much of an issue. I let Ad-aware and SpyBot clean those up every so often.
I do keep my MS security patches current along with Norton AV.
http://www.lavasoftusa.com/software/adaware/
http://www.spybot.info/en/index.html
And no, I'm not getting programs loaded onto my computer from the Web (other than the usual Java scripts).
I've been a heavy user of computers for the last 20 years. I'm an engineer as well. I pay close attention to what is on my computer as it is my primary work tool.
Perhaps you should simply accept the fact that the Drudge Report isn't the real source of your infestations.
I would accept it if that were true. But I have tested it. You can too.
1. Clear your computer of all spybots/spyware using a program like Adaware (Lavasoft).
2. Go to Drudge's site and no other site.
3. Run your spybot/spyware program again.
4. You will find anywhere from 3 to 7 programs have been loaded on to your computer.
Repeat the process going to a site like MyWay.com or GoGov.com that do not put spyware on your computer and see what happens.
If you have a way to prevent Drudge from loading up your computer then by all means let us know about it. There are many dial-up connection people that would love it if their computers were not coming to a grinding halt from all the junk loaded and runniing on their systems by Drudge. Many have reported back that their systems are significantly faster after clearing their computers of spyware and after they stopped using Drudge as their home page.
Really, you should share your secret. Why are you keeping it from everyone?
Without serious security holes in your system hijack/malware/spy programs don't just find their way onto your system easily.
Perhaps you don't know the difference between cookies and "programs".
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
Are you talking about the thing where Ad Aware insists that "about:blank" is a malicious web site, and that some Evil Bad Guy is trying to take over your machine because IE is set to wake up in about:blank?