Jump to content


Photo

ie 5.5 explorer startup


  • Please log in to reply
No replies to this topic

#1 intheusa

intheusa

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 08 November 2004 - 01:29 AM

I was hijacked, and fixed registry entries by hand, but somthing is still blocking HiJackThis from start up in normal or safemode. But one thing at a time.

I used TDS3, for checking the complete harddrive, so I am pretty sure there are no active torjans, and the computer is stable and nothing is changing, but I still stay of internet with this computer until I can get the following fixed.

When I start up IE 5.5 Window 98 1st edition with upgrades this is what the home page says. All entires in registry (main) have been set to original settings and are not changing.

Home page
http://www.google.com/search?num=50&hl=en&lr=&ie=ISO-8859-1&as_qdr=all&q=&btnG=Google+Search
This is extended goggle search for 50 entry return I have used for a long time.

But when I fool IE at start up and it thinks it has a connection (quickly shut off cable modem), this htm file is generated in my internet temperary directory.

<html>
<head>
<title>Goggle.com</title>
</head>
<frameset rows="0,*" framespacing="0" border="0">
<frame frameborder="0" name="disclaimer" src="disclaimer.html" noresize="noresize" scrolling=no>
<frame frameborder="0" name="prize" src="http://lsjmp.com/12/...tm?r=135&u=519" noresize="noresize">
<noframes>
<body>
<br>
<br>
<br>
<a href="http://lsjmp.com/12/...30&u=519">Clean your computer now! Click Here!</a>
</body>
</noframes>
</frameset>
</html>



Which would quickly divert me to lsjmp.com a web site associated with Spybouncer.com. This happens on IE startup.

This text is stored somewhere on my computer in compressed or crypted format, but many times I search turned up nothing.

What I would do know is what file IE is reading here, and what possible names or extensions. How can I find out.

Just looking for some useful information




Member of UNITE
Support SpywareInfo Forum - click the button