From: john (ccie2be@nyc.rr.com)
Date: Sat Feb 21 2004 - 10:37:37 GMT-3
Hi all,
So far, no success. But, I want to thank everyone who have made
suggestions.
Here's what I've done so far.
I've downloaded and run the following anti-malware programs:
Spybot- S&D
Spy Sweeper
a2
Ad-Aware
Prior to running the first 3 programs above, I did the following to try to
fix and remove the problem.
1) I ran regedit and changed or deleted every reference to
"C:/Windows/secure.html". It appears in the registry in about 9 or 10
places - everywhere there's a reference to Start page, local page or default
page.
I found that after doing this, if I immediately looked again at the same
registry key - the one I had just changed - it was changed back to the value
"C:/Windows/secure.html".
2) I deleted the above file, C:/Windows/secure.html, from my hard drive. As
a result, everytime I start IE, I get an error message, "Cannot find
'file:///C:/Windows/secure.html'. Make sure the path or Internet address is
correct."
Q? Does anybody know what file or what process causes IE to look for
"C:/Windows/secure.html" when IE starts?
After running all those Anti-malware programs, I again searched the registry
for all references to "C:/Windows/secure.html" and this time didn't find
any. But, still, when I open IE, my Start Page still points to
"C:/Windows/secure.html". And, then, once IE opens, I can't immediately get
into Tools, Internet Options. When I click on Internet Options nothing
happens. However, once I go to any Web site, I can open Internet Options
which, unfortunately, still points to ... Yes, you guessed it,
"C:/Windows/secure.html".
Does this remind anyone of the Dr. Suess story, the Cat in the Hat comes
back?
Anyway, any additional suggestions would be appreciated.
John
----- Original Message -----
From: "Kenneth Wygand" <KWygand@customonline.com>
To: "Larry Roberts" <groupstudy@american-hero.com>; "john"
<ccie2be@nyc.rr.com>; "phase90" <phase90@comcast.net>; "John"
<net-eng@nyc.rr.com>; "Group Study" <ccielab@groupstudy.com>
Sent: Saturday, February 21, 2004 12:55 AM
Subject: RE: Hijack this
> John,
>
> Have you tried using Ad-Aware to clean the system and then manually change
your home page in TOOLS --> OPTIONS... ? Even though Ad-Aware may get rid
of the source of the problem, it might not change your home page back to
original settings (sort of like the way when you clean a virus, it might not
necessarily fix any system files the virus corrupted).
>
> Hope this helps,
> Ken
>
> -----Original Message-----
> From: Larry Roberts [mailto:groupstudy@american-hero.com]
> Sent: Fri 2/20/2004 7:35 PM
> To: 'john'; 'phase90'; Kenneth Wygand; 'John'; 'Group Study'
> Cc:
> Subject: RE: Hijack this
>
>
>
> Try using spybot search and destroy.
> I switched from adaware to spybot and have never went back. It seems to be
> updated more often and has more feature ( or at least did ) that adaware.
> Pad
> Pad
> Pad
>
> http://www.safer-networking.org/
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
john
> Sent: Friday, February 20, 2004 6:18 PM
> To: phase90; Kenneth Wygand; John; Group Study
> Subject: Re: Hijack this
>
> Well, Jerry, apparently it doesn't work for my setup.
>
> ----- Original Message -----
> From: "phase90" <phase90@comcast.net>
> To: "john" <ccie2be@nyc.rr.com>; "Kenneth Wygand"
> <KWygand@customonline.com>; "John" <net-eng@nyc.rr.com>; "Group Study"
> <ccielab@groupstudy.com>
> Sent: Friday, February 20, 2004 6:04 PM
> Subject: Re: Hijack this
>
>
> > I've been using Ad-aware for about 2 years and it blocks ads and pop-ups
> > great.
> >
> > I didn't even know it could be used for Spy-ware. Maybe that's how good
it
> > works!
> >
> >
> > Jerry
> > ----- Original Message -----
> > From: "john" <ccie2be@nyc.rr.com>
> > To: "Kenneth Wygand" <KWygand@customonline.com>; "John"
> > <net-eng@nyc.rr.com>; "Group Study" <ccielab@groupstudy.com>
> > Sent: Friday, February 20, 2004 5:55 PM
> > Subject: Re: Hijack this
> >
> >
> > > Hey Ken,
> > >
> > > I wished it worked for this cause if it did, I wouldn't have this
> problem.
> > > I happen to like ad-aware and use often but it didn't catch this
nasty.
> > >
> > > John
> > > ----- Original Message -----
> > > From: "Kenneth Wygand" <KWygand@customonline.com>
> > > To: "John" <net-eng@nyc.rr.com>; "Group Study"
<ccielab@groupstudy.com>
> > > Sent: Friday, February 20, 2004 5:43 PM
> > > Subject: RE: Hijack this
> > >
> > >
> > > > I use Lavasoft's Ad Aware (www.ad-aware.com).
> > > >
> > > > Works like a charm! (Kills file sharing applications though that
check
> > > > for ad/spyware applications before allowing the application to be
> > > > executed).
> > > >
> > > > Good luck!
> > > >
> > > > Kenneth E. Wygand
> > > > Systems Engineer, Project Services
> > > > CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design Specialist, MCP,
CNA,
> > > > Network+, A+
> > > > Custom Computer Specialists, Inc.
> > > > "The only unattainable goal is the one not attempted."
> > > > -Anonymous
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > > > John
> > > > Sent: Friday, February 20, 2004 5:33 PM
> > > > To: Group Study
> > > > Subject: OT: Hijack this
> > > >
> > > > Hi everyone,
> > > >
> > > > I'm trying to clean out some unauthorize crap that "Hijacking" my
> start
> > > > and
> > > > default page in Internet Explorer 5.5.
> > > >
> > > > What this malware does is set my start and default page to:
> > > > C:\WINDOWS\secure.html
> > > >
> > > > In an effort to get rid of this, I went through my registry and
change
> > > > ever
> > > > setting that references secure.html to about:blank but that didn't
> work.
> > > > Ever
> > > > time I started IE, the start and default pages were changed back to
> > > > secure.html. I don't really know how to get rid of this annoying
> > > > malware so I
> > > > tried google.
> > > >
> > > > On google I discovered there's a freeware program called HijackThis
> that
> > > > gets
> > > > rid of this nuisance but, for some reason which I still don't know,
I
> > > > can't
> > > > download this software.
> > > >
> > > > Whenever I try to download this software, and I've tried using
Mozilla
> > > > and IE,
> > > > I get a connection refused or Page can't be displayed message. I
> wonder
> > > > if
> > > > this malware is preventing me from downloading this freeware.
> > > >
> > > > So, I'm wondering if anyone's has already downloaded this software
and
> > > > knows
> > > > if it works as advertised. Also, I wonder if this software works if
> > > > someone
> > > > would be kind enough to email it to me.
> > > >
> > > > Thanks very much in advanced, John
> > > >
> > > >
> _______________________________________________________________________
> > > > Please help support GroupStudy by purchasing your study materials
> from:
> > > > http://shop.groupstudy.com
> > > >
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> _______________________________________________________________________
> > > > Please help support GroupStudy by purchasing your study materials
> from:
> > > > http://shop.groupstudy.com
> > > >
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:54 GMT-3