Re: Hijack this

From: john (ccie2be@nyc.rr.com)
Date: Sat Feb 21 2004 - 13:13:31 GMT-3

• Next message: Alec: "RMON traps"
• Previous message: Brian Dennis: "RE: time-based ACL with dialer-watch and backup interface"
• Maybe in reply to: john: "Re: Hijack this"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks, Chuck. That happened to be one of the first things I tried but it
didn't work.

By any chance do you know what file(s) or registry settings IE checks on
startup?

John

----- Original Message -----
From: "Church, Chuck" <cchurch@wamnetgov.com>
To: "john" <ccie2be@nyc.rr.com>
Sent: Saturday, February 21, 2004 9:40 AM
Subject: RE: Hijack this

> John,
>
> Try going to internet options, and then programs. 'Reset Web Settings...'
button might do it.
>
> Chuck Church
> Lead Design Engineer
> CCIE #8776, MCNE, MCSE
> Wam!Net Government Services
> 13665 Dulles Technology Dr. Ste 250
> Herndon, VA 20171
> Office: 703-480-2569
> Cell: 703-819-3495
> cchurch@wamnetgov.com
> PGP key:
http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.com
>
> -----Original Message-----
> From: john [mailto:ccie2be@nyc.rr.com]
> Sent: Saturday, February 21, 2004 8:38 AM
> To: Kenneth Wygand; Larry Roberts; phase90; Group Study
> Subject: Re: Hijack this
>
>
> Hi all,
>
> So far, no success. But, I want to thank everyone who have made
> suggestions.
>
> Here's what I've done so far.
>
> I've downloaded and run the following anti-malware programs:
>
> Spybot- S&D
>
> Spy Sweeper
>
> a2
>
> Ad-Aware
>
> Prior to running the first 3 programs above, I did the following to try to
> fix and remove the problem.
>
> 1) I ran regedit and changed or deleted every reference to
> "C:/Windows/secure.html". It appears in the registry in about 9 or 10
> places - everywhere there's a reference to Start page, local page or
default
> page.
>
> I found that after doing this, if I immediately looked again at the same
> registry key - the one I had just changed - it was changed back to the
value
> "C:/Windows/secure.html".
>
> 2) I deleted the above file, C:/Windows/secure.html, from my hard drive.
As
> a result, everytime I start IE, I get an error message, "Cannot find
> 'file:///C:/Windows/secure.html'. Make sure the path or Internet address
is
> correct."
>
> Q? Does anybody know what file or what process causes IE to look for
> "C:/Windows/secure.html" when IE starts?
>
> After running all those Anti-malware programs, I again searched the
registry
> for all references to "C:/Windows/secure.html" and this time didn't find
> any. But, still, when I open IE, my Start Page still points to
> "C:/Windows/secure.html". And, then, once IE opens, I can't immediately
get
> into Tools, Internet Options. When I click on Internet Options nothing
> happens. However, once I go to any Web site, I can open Internet Options
> which, unfortunately, still points to ... Yes, you guessed it,
> "C:/Windows/secure.html".
>
> Does this remind anyone of the Dr. Suess story, the Cat in the Hat comes
> back?
>
> Anyway, any additional suggestions would be appreciated.
>
> John
>
>
>
> ----- Original Message -----
> From: "Kenneth Wygand" <KWygand@customonline.com>
> To: "Larry Roberts" <groupstudy@american-hero.com>; "john"
> <ccie2be@nyc.rr.com>; "phase90" <phase90@comcast.net>; "John"
> <net-eng@nyc.rr.com>; "Group Study" <ccielab@groupstudy.com>
> Sent: Saturday, February 21, 2004 12:55 AM
> Subject: RE: Hijack this
>
>
> > John,
> >
> > Have you tried using Ad-Aware to clean the system and then manually
change
> your home page in TOOLS --> OPTIONS... ? Even though Ad-Aware may get rid
> of the source of the problem, it might not change your home page back to
> original settings (sort of like the way when you clean a virus, it might
not
> necessarily fix any system files the virus corrupted).
> >
> > Hope this helps,
> > Ken
> >
> > -----Original Message-----
> > From: Larry Roberts [mailto:groupstudy@american-hero.com]
> > Sent: Fri 2/20/2004 7:35 PM
> > To: 'john'; 'phase90'; Kenneth Wygand; 'John'; 'Group Study'
> > Cc:
> > Subject: RE: Hijack this
> >
> >
> >
> > Try using spybot search and destroy.
> > I switched from adaware to spybot and have never went back. It seems to
be
> > updated more often and has more feature ( or at least did ) that
adaware.
> > Pad
> > Pad
> > Pad
> >
> > http://www.safer-networking.org/
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> john
> > Sent: Friday, February 20, 2004 6:18 PM
> > To: phase90; Kenneth Wygand; John; Group Study
> > Subject: Re: Hijack this
> >
> > Well, Jerry, apparently it doesn't work for my setup.
> >
> > ----- Original Message -----
> > From: "phase90" <phase90@comcast.net>
> > To: "john" <ccie2be@nyc.rr.com>; "Kenneth Wygand"
> > <KWygand@customonline.com>; "John" <net-eng@nyc.rr.com>; "Group Study"
> > <ccielab@groupstudy.com>
> > Sent: Friday, February 20, 2004 6:04 PM
> > Subject: Re: Hijack this
> >
> >
> > > I've been using Ad-aware for about 2 years and it blocks ads and
pop-ups
> > > great.
> > >
> > > I didn't even know it could be used for Spy-ware. Maybe that's how
good
> it
> > > works!
> > >
> > >
> > > Jerry
> > > ----- Original Message -----
> > > From: "john" <ccie2be@nyc.rr.com>
> > > To: "Kenneth Wygand" <KWygand@customonline.com>; "John"
> > > <net-eng@nyc.rr.com>; "Group Study" <ccielab@groupstudy.com>
> > > Sent: Friday, February 20, 2004 5:55 PM
> > > Subject: Re: Hijack this
> > >
> > >
> > > > Hey Ken,
> > > >
> > > > I wished it worked for this cause if it did, I wouldn't have this
> > problem.
> > > > I happen to like ad-aware and use often but it didn't catch this
> nasty.
> > > >
> > > > John
> > > > ----- Original Message -----
> > > > From: "Kenneth Wygand" <KWygand@customonline.com>
> > > > To: "John" <net-eng@nyc.rr.com>; "Group Study"
> <ccielab@groupstudy.com>
> > > > Sent: Friday, February 20, 2004 5:43 PM
> > > > Subject: RE: Hijack this
> > > >
> > > >
> > > > > I use Lavasoft's Ad Aware (www.ad-aware.com).
> > > > >
> > > > > Works like a charm! (Kills file sharing applications though that
> check
> > > > > for ad/spyware applications before allowing the application to be
> > > > > executed).
> > > > >
> > > > > Good luck!
> > > > >
> > > > > Kenneth E. Wygand
> > > > > Systems Engineer, Project Services
> > > > > CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design Specialist, MCP,
> CNA,
> > > > > Network+, A+
> > > > > Custom Computer Specialists, Inc.
> > > > > "The only unattainable goal is the one not attempted."
> > > > > -Anonymous
> > > > > -----Original Message-----
> > > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf
> > Of
> > > > > John
> > > > > Sent: Friday, February 20, 2004 5:33 PM
> > > > > To: Group Study
> > > > > Subject: OT: Hijack this
> > > > >
> > > > > Hi everyone,
> > > > >
> > > > > I'm trying to clean out some unauthorize crap that "Hijacking" my
> > start
> > > > > and
> > > > > default page in Internet Explorer 5.5.
> > > > >
> > > > > What this malware does is set my start and default page to:
> > > > > C:\WINDOWS\secure.html
> > > > >
> > > > > In an effort to get rid of this, I went through my registry and
> change
> > > > > ever
> > > > > setting that references secure.html to about:blank but that didn't
> > work.
> > > > > Ever
> > > > > time I started IE, the start and default pages were changed back
to
> > > > > secure.html. I don't really know how to get rid of this annoying
> > > > > malware so I
> > > > > tried google.
> > > > >
> > > > > On google I discovered there's a freeware program called
HijackThis
> > that
> > > > > gets
> > > > > rid of this nuisance but, for some reason which I still don't
know,
> I
> > > > > can't
> > > > > download this software.
> > > > >
> > > > > Whenever I try to download this software, and I've tried using
> Mozilla
> > > > > and IE,
> > > > > I get a connection refused or Page can't be displayed message. I
> > wonder
> > > > > if
> > > > > this malware is preventing me from downloading this freeware.
> > > > >
> > > > > So, I'm wondering if anyone's has already downloaded this software
> and
> > > > > knows
> > > > > if it works as advertised. Also, I wonder if this software works
if
> > > > > someone
> > > > > would be kind enough to email it to me.
> > > > >
> > > > > Thanks very much in advanced, John
> > > > >
> > > > >
> > _______________________________________________________________________
> > > > > Please help support GroupStudy by purchasing your study materials
> > from:
> > > > > http://shop.groupstudy.com
> > > > >
> > > > > Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html
> > > > >
> > > > >
> > _______________________________________________________________________
> > > > > Please help support GroupStudy by purchasing your study materials
> > from:
> > > > > http://shop.groupstudy.com
> > > > >
> > > > > Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> _______________________________________________________________________
> > > > Please help support GroupStudy by purchasing your study materials
> from:
> > > > http://shop.groupstudy.com
> > > >
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >

• Next message: Alec: "RMON traps"
• Previous message: Brian Dennis: "RE: time-based ACL with dialer-watch and backup interface"
• Maybe in reply to: john: "Re: Hijack this"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:54 GMT-3