Re: Everytime I try to search in the address bar, my browser gets spyware...

From: Bill Peng [MSFT] (v-bpeng_at_online.microsoft.com)
Date: 07/05/04

  • Next message: Tom: "Re: Internet Explorer shortcut Icon" 
    Date: Mon, 05 Jul 2004 08:25:43 GMT

    Hi Mina,

    Thanks for posting here!

    I understand that the issue to be: You're not able to change your home page
    back. If I misunderstood your concern, please don't hesitate to let me know.

    According to my experience, you need to format the disk and reinstall the
    system after being attacked by the spyware sometimes. Spyware that has
    deceptive characteristics may not follow standard practices for
    installation; some spyware will add some registry keys or files in Windows
    and reload itself when the system restarts. Therefore, it is hard to
    entirely remove some Spyware. We and some third-party companies, such as
    Ad-ware or Spybot, are fighting for totally deleting spyware.

    The issue about Spyware has been addressed in the following KB article:
    Unexplained computer behavior may be caused by third-party software
    http://support.microsoft.com/default.aspx?scid=kb;en-us;827315

    In addition, I would like to list the following article for your reference:
    5 tips for spurning spyware and browser hijackers
    http://www.microsoft.com/smallbusiness/issues/marketing/privacy_spam/5_tips_
    for_spurning_spyware_and_browser_hijackers.mspx

    What you should know about spyware
    http://www.microsoft.com/security/articles/spyware.asp

    Based on my research, please follow these steps to troubleshoot the issue:

    Step1: Refer to the following article to perform a Clean Boot
    ======================
    310353 - How to Perform a Clean Boot in Windows XP
    http://support.microsoft.com/default.aspx?scid=kb;en-us;310353

    Step 2: Clean Startup Items
    ===============================
    1. Launch Registry Editor by run Regedit
    2. Navigate to the following registry keys:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

    3. Remove all suspicious items from the registry.
    WARNING: Using Registry Editor incorrectly can cause serious problems that
    may require you to reinstall Windows. Microsoft cannot guarantee that
    problems resulting from the incorrect use of Registry Editor can be solved.
    Use Registry Editor at your own risk.

    Step 3: Restore IE and disable 3rd party extension
    ===============================

    1. Open Windows Explorer and find the C:\Program Files\Internet
    Explorer\PLUGINS folder.
    2. Create a new folder on the desktop and move all the plug-ins in the
    PLUGINS folder to the new folder.
    3. Open Control Panel->Internet Options.
    4. On the General tab, click Delete Files within the Temporary Internet
    files section.
    5. Select the Delete all offline content check box, click OK.
    6. Click Delete Cookies, and click OK.
    7. Click Clear History within the History section, click Yes.
    8. Click the Advanced tab and uncheck Enable third-party browser
    extensions.
    9. Click OK.
    10. Find and delete the following registry key.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse
    r Helper Objects
    11. Find and delete the all the sub keys in the following registry key
    (don't delete the following registry key).
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension

    Step 4: Lock the registry
    ==========================
    Please change permissions on the following registry key so that the home
    page will not be modified:
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
    Click Edit menu->Permission->Delete all accounts so that no one can change
    the home page.

    Step 5: Clean Adware/Spyware
    ================================
    I understand that you've already perform this step before. However, please
    download and launch at least two tools below to remove Adware/Spyware again
    to make sure that there won't be any Spyware/Adware on the system. (Please
    launch these tools under Safe Mode)

    Ad-Aware:
    http://www.lavasoft.de/software/adaware/
    Spybot:
    http://www.spykiller.com/index4.asp?ref=2400
    HijackThis direct Download:
    http://209.133.47.200/~merijn/files/HijackThis.exe
    CWShredder direct Download:
    http://209.133.47.200/~merijn/files/CWShredder.exe

    *IMPORTANT*: Please ONLY visit Microsoft.com, msn.com for hours to see if
    the issue persists since in most cases, home page will be changed when you
    visit certain favorite website. In other word, you will be hijacked again
    unconsciously when you visit favorite websites.

    If you have any questions or concerns, please feel free to let me know.

    Have a great day!

    Best regards,

    Bill Peng
    MCSE 2000, MCDBA
    Microsoft Online Support Engineer
    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

  • Next message: Tom: "Re: Internet Explorer shortcut Icon"