I was hijacked, and fixed registry entries by hand, but somthing is still blocking HiJackThis from start up in normal or safemode. But one thing at a time.
I used TDS3, for checking the complete harddrive, so I am pretty sure there are no active torjans, and the computer is stable and nothing is changing, but I still stay of internet with this computer until I can get the following fixed.
When I start up IE 5.5 Window 98 1st edition with upgrades this is what the home page says. All entires in registry (main) have been set to original settings and are not changing.
This is extended goggle search for 50 entry return I have used for a long time.
But when I fool IE at start up and it thinks it has a connection (quickly shut off cable modem), this htm file is generated in my internet temperary directory.
<frameset rows="0,*" framespacing="0" border="0">
<frame frameborder="0" name="disclaimer" src="disclaimer.html" noresize="noresize" scrolling=no>
<frame frameborder="0" name="prize" src="http://lsjmp.com/12/...tm?r=135&u=519" noresize="noresize">
<a href="http://lsjmp.com/12/...30&u=519">Clean your computer now! Click Here!</a>
Which would quickly divert me to lsjmp.com a web site associated with Spybouncer.com. This happens on IE startup.
This text is stored somewhere on my computer in compressed or crypted format, but many times I search turned up nothing.
What I would do know is what file IE is reading here, and what possible names or extensions. How can I find out.
Just looking for some useful information
ie 5.5 explorer startup
No replies to this topic