Jump to content


Photo

MSN.com hijacked Homepage


  • This topic is locked This topic is locked
11 replies to this topic

#1 QSection

QSection

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 30 July 2004 - 02:16 PM

The short version -
HDD melted, obtained a new HDD and installed 98SE from disk and got all updates from MS. Obtained all updates from MS for IE 6.0. Home page setting of www.google.com refuses to stick. Upon reboot Home page always resets to www.msn.com.

We believe this to be related to a new install and msnsetup.setup.1 and/or msnsetup.dll or one similiar thereto.

HijackThis! continues to show:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

and even though it is checked and "fixed" it continues to reshow on every HJT! scan.

Ideas, please?
HMSS Q Section
Visualise World Righteousness
Semper Ad Fundum

#2 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 30 July 2004 - 02:23 PM

Go ahead and post the HijackThis log here.

Is your ISP MSN?

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#3 QSection

QSection

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 30 July 2004 - 05:53 PM

Is your ISP MSN?

There is absolutely NO possibility we would use MSN as an ISP.

Logfile of HijackThis v1.98.0
Scan saved at 18:47:51, on 30/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\SECURITY\NOD32\NOD32KRN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK\PDESK.EXE
C:\WINDOWS\SYSTEM\3DLDEMON.EXE
C:\PROGRAM FILES\SECURITY\NOD32\NOD32KUI.EXE
C:\WINDOWS\SYSTEM\PHILLIPS SOUND DRIVER\SKIN\QVECPLSK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\OFFICE TOOLS\WORDWEB\WWEB32.EXE
C:\PROGRAM FILES\DISPLAY\TRANSTEXT\TRANSTEXT.EXE
C:\PROGRAM FILES\OPERATIONS\BUFFALO\IMAGE\AIRNAVI 3.60.7\US\EZSETUP\WIZARD\APPS\CLIENTMGR2.EXE
C:\PROGRAM FILES\DISPLAY\DIGXRSIZER\DLGXRSIZER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SECURITY\HIJACKTHIS!\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SECURITY\SPYBOT~2\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [3DLabsHelperDemon] 3dldemon.exe nowakeup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Security\NOD32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QveCtl2Tray] C:\WINDOWS\SYSTEM\Phillips Sound Driver\skin\QveCplSk.EXE C:\WINDOWS\SYSTEM\Phillips Sound Driver\skin
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [RegProt] c:\program files\security\registryprot\regprot.exe /start
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Security\NOD32\nod32krn.exe"
O4 - HKCU\..\Run: [EppieDesktop] RUNDLL32.EXE C:\WINDOWS\SYSTEM\EPSHELL.CPL,RUNDLL_EpIn
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SECURITY\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\Office Tools\WordWeb\wweb32.exe
O4 - Startup: TransText.lnk = C:\Program Files\Display\TransText\TransText.exe
O4 - Startup: Client Manager.lnk = C:\Program Files\Operations\Buffalo\image\AirNavi 3.60.7\Us\EZSETUP\WIZARD\APPS\ClientMgr2.exe
O4 - Startup: DlgXRSizer.lnk = C:\Program Files\Display\DigXRSizer\DlgXRSizer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Alta&Vista - res://C:\PROGRAM FILES\SYSTEM TOOLS\CONTEXT TOOLS\LOOKITUP\LOOKITUP.EXE/AltaVista
O8 - Extra context menu item: &Dictionary - res://C:\PROGRAM FILES\SYSTEM TOOLS\CONTEXT TOOLS\LOOKITUP\LOOKITUP.EXE/Dictionary
O8 - Extra context menu item: Goto &URL - res://C:\PROGRAM FILES\SYSTEM TOOLS\CONTEXT TOOLS\LOOKITUP\LOOKITUP.EXE/GotoURL
O8 - Extra context menu item: &Google - res://C:\PROGRAM FILES\SYSTEM TOOLS\CONTEXT TOOLS\LOOKITUP\LOOKITUP.EXE/Google
O8 - Extra context menu item: I'm &Feeling Lucky - res://C:\PROGRAM FILES\SYSTEM TOOLS\CONTEXT TOOLS\LOOKITUP\LOOKITUP.EXE/ImFeelingLucky
O8 - Extra context menu item: &Thesaurus - res://C:\PROGRAM FILES\SYSTEM TOOLS\CONTEXT TOOLS\LOOKITUP\LOOKITUP.EXE/Thesaurus
O8 - Extra context menu item: Check &Spelling - res://C:\PROGRAM FILES\SYSTEM TOOLS\CONTEXT TOOLS\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\SYSTEM TOOLS\CONTEXT TOOLS\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
O8 - Extra context menu item: Google N&ews - res://C:\PROGRAM FILES\SYSTEM TOOLS\CONTEXT TOOLS\LOOKITUP\LOOKITUP.EXE/GoogleNews
O8 - Extra context menu item: Google G&roups - res://C:\PROGRAM FILES\SYSTEM TOOLS\CONTEXT TOOLS\LOOKITUP\LOOKITUP.EXE/GoogleGroups
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\PROGRAM FILES\SYSTEM TOOLS\CONTEXT TOOLS\IESPELL\IESPELL.DLL/SPELLCHECK.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\PROGRAM FILES\SYSTEM TOOLS\CONTEXT TOOLS\IESPELL\IESPELL.DLL/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\PROGRAM FILES\SYSTEM TOOLS\CONTEXT TOOLS\IESPELL\IESPELL.DLL/SPELLOPTION.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\PROGRAM FILES\SYSTEM TOOLS\CONTEXT TOOLS\IESPELL\IESPELL.DLL/SPELLOPTION.HTM (file missing)
O15 - Trusted Zone: www.wilderssecurity.com
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab

And there you are.

Thank you.
HMSS Q Section
Visualise World Righteousness
Semper Ad Fundum

#4 QSection

QSection

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 31 July 2004 - 08:45 AM

The Startup list to go along as well:

StartupList report, 31/07/2004, 09:37:53
StartupList version: 1.52.2
Started from : C:\PROGRAM FILES\SECURITY\HIJACKTHIS!\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\ESET\NOD32\NOD32KRN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK\PDESK.EXE
C:\WINDOWS\SYSTEM\3DLDEMON.EXE
C:\PROGRAM FILES\SECURITY\NOD32\NOD32KUI.EXE
C:\WINDOWS\SYSTEM\PHILLIPS SOUND DRIVER\SKIN\QVECPLSK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\OFFICE TOOLS\WORDWEB\WWEB32.EXE
C:\PROGRAM FILES\DISPLAY\TRANSTEXT\TRANSTEXT.EXE
C:\PROGRAM FILES\BUFFALO\IMAGE\AIRNAVI 3.60.7\US\EZSETUP\WIZARD\APPS\CLIENTMGR2.EXE
C:\PROGRAM FILES\DIGXRSIZER\DLGXRSIZER.EXE
C:\PROGRAM FILES\MAXTHON\MAXTHON.EXE
C:\PROGRAM FILES\HIJACKTHIS!\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
WordWeb.lnk = C:\Program Files\Office Tools\WordWeb\wweb32.exe
TransText.lnk = C:\Program Files\TransText\TransText.exe
Client Manager.lnk = C:\Program Files\Buffalo\image\AirNavi 3.60.7\Us\EZSETUP\WIZARD\APPS\ClientMgr2.exe
DlgXRSizer.lnk = C:\Program Files\DigXRSizer\DlgXRSizer.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Matrox Powerdesk = C:\WINDOWS\SYSTEM\PDesk\PDesk.exe /Autolaunch
3DLabsHelperDemon = 3dldemon.exe nowakeup
nod32kui = "C:\Program Files\ESET\NOD32\nod32kui.exe" /WAITSERVICE
QveCtl2Tray = C:\WINDOWS\SYSTEM\Phillips Sound Driver\skin\QveCplSk.EXE C:\WINDOWS\SYSTEM\Phillips Sound Driver\skin
Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
RegProt = c:\program files\registryprot\regprot.exe /start

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
NOD32kernel = "C:\Program Files\ESET\NOD32\nod32krn.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

EppieDesktop = RUNDLL32.EXE C:\WINDOWS\SYSTEM\EPSHELL.CPL,RUNDLL_EpIn
SpybotSD TeaTimer = C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exeadvpack.dll

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\SYSTEM\Rundll32.exe C:\WINDOWS\SYSTEM\mscories.dll,Install

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 31/7/2004, 1:52:36)

[rename]
C:\WINDOWS\SYSTEM\Msvbvm60.dll=C:\WINDOWS\SYSTEM\Msvbvm60.001
C:\WINDOWS\Explorer.exe=C:\WINDOWS\Explorer.001
C:\WINDOWS\SYSTEM\Mprserv.dll=C:\WINDOWS\SYSTEM\Mprserv.001
C:\WINDOWS\SYSTEM\Msnet32.dll=C:\WINDOWS\SYSTEM\Msnet32.001
C:\WINDOWS\SYSTEM\Msnp32.dll=C:\WINDOWS\SYSTEM\Msnp32.001
C:\WINDOWS\SYSTEM\Msvcrt.dll=C:\WINDOWS\SYSTEM\Msvcrt.001
C:\WINDOWS\SYSTEM\Mydocs.dll=C:\WINDOWS\SYSTEM\Mydocs.001
C:\WINDOWS\SYSTEM\Ole32.dll=C:\WINDOWS\SYSTEM\Ole32.001
C:\WINDOWS\SYSTEM\Oleaut32.dll=C:\WINDOWS\SYSTEM\Oleaut32.001
C:\WINDOWS\SYSTEM\Olepro32.dll=C:\WINDOWS\SYSTEM\Olepro32.001
C:\WINDOWS\SYSTEM\Rpcrt4.dll=C:\WINDOWS\SYSTEM\Rpcrt4.001
C:\WINDOWS\SYSTEM\Shell32.dll=C:\WINDOWS\SYSTEM\Shell32.001
C:\WINDOWS\SYSTEM\Systray.exe=C:\WINDOWS\SYSTEM\Systray.001
C:\WINDOWS\SYSTEM\User.exe=C:\WINDOWS\SYSTEM\User.001
C:\WINDOWS\SYSTEM\User32.dll=C:\WINDOWS\SYSTEM\User32.001

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\SPYBOT~2\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job

--------------------------------------------------

Enumerating Download Program Files:

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupd...8195.9955439815

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://fpdownload.ma...ash/swflash.cab

[iTunesDetector Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ITDETECTOR.OCX
CODEBASE = http://ax.phobos.app.../ITDetector.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 8,130 bytes
Report generated in 0.263 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
HMSS Q Section
Visualise World Righteousness
Semper Ad Fundum

#5 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 31 July 2004 - 12:34 PM

I didn't check your log thoroughly since you indicate it is a new install and this is the default in IE... If you fix it with HJT, it will simply be replaced by Windows unless you put in a different homepage...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

Make sure that IE is set to save your settings when you reboot so that the new homepage sticks... If it still doesn't work, you may need to run IE Repair... You can probably find more details on the MS Knowledge Base....
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#6 QSection

QSection

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 01 August 2004 - 02:03 AM

...unless you put in a different homepage...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

We have in fact changed it to www.google.com EVERY time we open IE as it refuses to open on ANY other homepage besides www.msn.com. We find it strange that we have at least four anti-homepage hijacker programmes running and there is no protection afforded here by any of them. Some of them are Ad-Aware, Tea-Timer, Resident, and RegistryProt.

Make sure that IE is set to save your settings when you reboot so that the new homepage sticks...

We are not sure where that setting might be found, sorry.

If it still doesn't work, you may need to run IE Repair...

Sorry but that did not work either. It said IE could not be repaired and we needed to re-run setup which we did. No change.

You can probably find more details on the MS Knowledge Base....

We are checking now. Anyone else know of a tool to use to monitor the changes and which programme/file is causing the homepage re-set?

Edited by QSection, 01 August 2004 - 02:06 AM.

HMSS Q Section
Visualise World Righteousness
Semper Ad Fundum

#7 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 01 August 2004 - 01:16 PM

To change the homapage:

Go to Tools->Internet Options. At the top of the box that pops up, there's a spot that shows the current homepage. Change that to www.google.com and click on the Apply button. Then click OK.

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#8 QSection

QSection

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 02 August 2004 - 01:41 AM

From first post -

Home page setting of www.google.com refuses to stick.

From our fourth post -

We have in fact changed it to www.google.com EVERY time we open IE as it refuses to open on ANY other Home page besides www.msn.com.

To change the homapage:

Go to Tools->Internet Options. At the top of the box that pops up, there's a spot that shows the current homepage. Change that to www.google.com and click on the Apply button. Then click OK.

This is exactly what we have been doing all along. We also have changed the registry to show www.google.com as our Home page. Still no results. We believe that whatever is resetting the Home page is starting early on from a re-boot and has deep permissions and/or abilities (i.e. core permissions).

We will now go to the forums for RegistryProt (DCS) and Spybot S&D as both their programmes are supposed to be guarding against this sort of thing. By the way - there are no other strange things going on - just the non stick of the Home page setting that we set.
HMSS Q Section
Visualise World Righteousness
Semper Ad Fundum

#9 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 02 August 2004 - 06:06 PM

Actually, the protection programs may be identifying that as your intended homepage and thus are changing it back whenever you change it... If you have two programs that do essentially the same thing, that may be why... You could try turning them both off, reset your homepage, reboot and see if it has stayed the same... If that works, turn one or the other back on, but not both... It seems unlikely that it is a malware problem, so it is more likely to be a software conflict...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#10 QSection

QSection

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 06 August 2004 - 09:40 AM

Interestingly enough we fried a second HDD so we obtained a third! We then installed 98SE again but this time from a different disk! Well guess what? Everything is working quite perfectly just as it is supposed to. It seems some versions of some MS O/S disks have a built-in msn.com hijack! The setting is at a Ring 0 / kernal level so that is why the other programmes had a hard time to prevent the change!

Everything is great now. Thank you to those who tried to assist.
HMSS Q Section
Visualise World Righteousness
Semper Ad Fundum

#11 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 06 August 2004 - 05:48 PM

Well, congratulations on getting it fixed even if it did take another copy of Windoze.... :lol: :thumbsup:
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#12 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 28 October 2004 - 02:12 PM

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button