Re: Everytime I try to search in the address bar, my browser gets spyware...

From: Mina (anonymous_at_discussions.microsoft.com)
Date: 07/05/04 

Date: Mon, 5 Jul 2004 05:03:21 -0700

I did get it fixed after posting a log. Thank you for
helping me!

>-----Original Message-----
>Hi Mina,
>
>Thanks for posting here!
>
>I understand that the issue to be: You're not able to
change your home page
>back. If I misunderstood your concern, please don't
hesitate to let me know.
>
>According to my experience, you need to format the disk
and reinstall the
>system after being attacked by the spyware sometimes.
Spyware that has
>deceptive characteristics may not follow standard
practices for
>installation; some spyware will add some registry keys
or files in Windows
>and reload itself when the system restarts. Therefore,
it is hard to
>entirely remove some Spyware. We and some third-party
companies, such as
>Ad-ware or Spybot, are fighting for totally deleting
spyware.
>
>The issue about Spyware has been addressed in the
following KB article:
>Unexplained computer behavior may be caused by third-
party software
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;827315
>
>In addition, I would like to list the following article
for your reference:
>5 tips for spurning spyware and browser hijackers
>http://www.microsoft.com/smallbusiness/issues/marketing/p
rivacy_spam/5_tips_
>for_spurning_spyware_and_browser_hijackers.mspx
>
>What you should know about spyware
>http://www.microsoft.com/security/articles/spyware.asp
>
>Based on my research, please follow these steps to
troubleshoot the issue:
>
>Step1: Refer to the following article to perform a Clean
Boot
>======================
>310353 - How to Perform a Clean Boot in Windows XP
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;310353
>
>
>Step 2: Clean Startup Items
>===============================
>1. Launch Registry Editor by run Regedit
>2. Navigate to the following registry keys:
>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVers
ion\Run
>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersi
on\Run
>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVers
ion\RunOnce
>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersi
on\RunOnce
>
>3. Remove all suspicious items from the registry.
>WARNING: Using Registry Editor incorrectly can cause
serious problems that
>may require you to reinstall Windows. Microsoft cannot
guarantee that
>problems resulting from the incorrect use of Registry
Editor can be solved.
>Use Registry Editor at your own risk.
>
>Step 3: Restore IE and disable 3rd party extension
>===============================
>
>1. Open Windows Explorer and find the C:\Program
Files\Internet
>Explorer\PLUGINS folder.
>2. Create a new folder on the desktop and move all the
plug-ins in the
>PLUGINS folder to the new folder.
>3. Open Control Panel->Internet Options.
>4. On the General tab, click Delete Files within the
Temporary Internet
>files section.
>5. Select the Delete all offline content check box,
click OK.
>6. Click Delete Cookies, and click OK.
>7. Click Clear History within the History section, click
Yes.
>8. Click the Advanced tab and uncheck Enable third-party
browser
>extensions.
>9. Click OK.
>10. Find and delete the following registry key.
>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
ion\Explorer\Browse
>r Helper Objects
>11. Find and delete the all the sub keys in the
following registry key
>(don't delete the following registry key).
>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Plugins\Extension
>
>Step 4: Lock the registry
>==========================
>Please change permissions on the following registry key
so that the home
>page will not be modified:
>HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main
>Click Edit menu->Permission->Delete all accounts so that
no one can change
>the home page.
>
>Step 5: Clean Adware/Spyware
>================================
>I understand that you've already perform this step
before. However, please
>download and launch at least two tools below to remove
Adware/Spyware again
>to make sure that there won't be any Spyware/Adware on
the system. (Please
>launch these tools under Safe Mode)
>
>Ad-Aware:
>http://www.lavasoft.de/software/adaware/
>Spybot:
>http://www.spykiller.com/index4.asp?ref=2400
>HijackThis direct Download:
>http://209.133.47.200/~merijn/files/HijackThis.exe
>CWShredder direct Download:
>http://209.133.47.200/~merijn/files/CWShredder.exe
>
>*IMPORTANT*: Please ONLY visit Microsoft.com, msn.com
for hours to see if
>the issue persists since in most cases, home page will
be changed when you
>visit certain favorite website. In other word, you will
be hijacked again
>unconsciously when you visit favorite websites.
>
>If you have any questions or concerns, please feel free
to let me know.
>
>Have a great day!
>
>Best regards,
>
>Bill Peng
>MCSE 2000, MCDBA
>Microsoft Online Support Engineer
>Get Secure! - www.microsoft.com/security
>=====================================================
>When responding to posts, please "Reply to Group" via
your newsreader so
>that others may learn and benefit from your issue.
>=====================================================
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>.
>