EXTREAME HELP NEEDED
Posted by Ellis
Yo Sup
Ok, my comp has been hijacked
Read this (sorry for the lenght):
The Problem
There is a despicable trend in recent months where the browser settings of web surfers are being hijacked. Browser hijacking is where malicious code of some sort, whether it be javascript, ActiveX, or some other sort of scripting, modifies your browser settings. It can also mean that your default start page has been reset from your choice to something else. Sometimes javascripts will add ready-made internet shortcuts to your favorites folder without asking you.
In some cases, these changes are reversible simply by going into internet options and switching them back. Not always however. Sometimes it's necessary to edit the windows registry (gasp!) to undo the changes made. Sometimes there is even a combination of registry setting and files clandestinely placed on your hard drive that redo your settings every time you reboot the computer. No matter how often you change your settings back, they are changed again the next time you restart. There have even been cases where internet options have been removed from the tools menu by registry hacking to prevent you from controlling your own web browser!
AOL has started doing something similar recently by placing it's web site free.aol.com in IE's trusted sites security zone, thereby bypassing the most frequently used security settings. This occurs after installing their AOL software, AOL Instant Messenger, Netscape 6.x, and even the latest ICQ2001b has reportedly done this.
--------------------------------------------------------------------------------
Some examples of this
Peter's search page was being reset to something other than his choice every time he rebooted his computer.
Read the story.
A person trying to fix a client's hijacked computer ended up getting hijacked himself!
Read the story.
Something similar even happened to me.
Read the story.
--------------------------------------------------------------------------------
Prevention
A product called Start Page Guard has been made that will protect your browser settings. You can get this free product from the maker's site, or from right here at downloads/spg13.zip.
There is also a beta version of more powerful product from the maker of Spyblocker. You can read about it on this message board topic.
There is a new product out called Guard-IE that also combats this problem. Guard-IE will prevent scripts from resetting your home page, and allows you to prevent sites from moving or resizing your browser window. This product is a 20-day trial. Read about it at Failsafe Technologies.
These products should protect you from this problem. If this has already happened to you, I have my own solutions below that I've come up with after fixing this same problem countless times. Read on...
--------------------------------------------------------------------------------
How to fix this
Please read the disclaimer below before doing anything described here. By following any of these instructions, you agree to be bound by the disclaimer. If you do not agree, do not follow these instructions. Also note that with Windows NT/2K/XP you will likely need to be logged in as an administrator for much of this. Go ahead and do that now. If you are using Internet Explorer, you can click here to bookmark this page so that you can come right back after logging back in.
--------------------------------------------------------------------------------
Let's do this by fixing an imaginary "worst case scenario".
The situation: Your browser now has a new start page and a new search page. You go to Tools > Internet Options to fix this, only to find that option grayed out. You open the control panel, only to find Internet Options missing from there too. You try to open regedit to start hacking away at the registry, but you're given the message that "your administrator has not given you that privilege". Some scumbag webmaster has gotten a scumbag script kiddie to truly mess up your browser settings, and has made it next to impossible for you to change it back.
Notice that I said "next to impossible"...........
So, what you do here?
If you can not run REGEDIT: Right-click the link and choose save as to download this .reg file. Once downloaded, right-click the file and select merge. That will undo the registry hack that has disabled REGEDIT.
Second, you have to get Internet Options back into the control panel. Do a file search and look for a file named "control.ini". Open it in Notepad. You may see something like this:
[don't load]
inetcpl.cpl=yes
Delete everything underneath "[don't load]" until just before you come to another entry in brackets []. Save and close the file, then try control panel again. If it's still not there, restart your machine and it should be there.
Next you have to unlock all of the options you have been locked out of.
Go to the start menu > RUN command > type REGEDIT and press enter.
To avoid confusion from this point on, I will call registry hives and nodes "Folders" since that's what they look like in the most common registry editors. Navigate through the folders until you get to HKEY_CURRENT_USER\software\policies\microsoft\internet explorer. If there are sub folders called "restricted" and/or "control panel", delete them. Close regedit and all open Internet Explorer browser windows. You now have access to your internet options again.
Now you need to reclaim your search settings. If you want to reset them to Internet Explorer's default, you can right-click the link and choose save as to download the .reg file. Right-click on it and merge it into your registry. This will set Internet Explorer to use MSN.com, which is the default setting.
Lock your home page. Open Internet Explorer options and reset your start page from the general tab. Click OK to save it. Then, right-click the link to download this .reg file and merge it into your registry. This will lock your start page so that no web site will be capable of resetting it. Note: This step does not always work. I'm not clear on why this is.
Note: The following is the text of the previous .reg file. The registry paths may be different depending on your machine and how many users are set up on it. If there is more than one user account on your machine, you will need to change .DEFAULT to each user name (you will find the user name(s) in the place of .DEFAULT in your registry editor).
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Control Panel]
"Homepage"=dword:00000001
This fixes (I hope) all the problems associated with using your settings as you choose. So you're all set now, right? Well, not really. The next time you reboot, the hijack comes right back.
The reason for this is an entry in the Per User Run section of the registry. In all but one case, it has either been "regedit.exe /s filename" or "c:\windows\regedit.exe /s filename". That command will cause regedit to import whatever text is in the file into the registry if it's in the right format, regardless of the filename and extension. It does this registry merge with no prompting at all, so the user never realizes it has happened.
Here's how you fix this:
Start menu --> Run --> type MSCONFIG --> press enter. (Note: Windows 95 and 2000 do not ship with MSCONFIG, so you will need to download Startup Control Panel by Mike Lin which does a much better job of managing startup programs than MSCONFIG. Download the standalone version and open it to the HKCU / Run tab).
Click the "startup" tab and look for an entry with "regedit.exe /s" in it. If you find it, disable that entry by clearing the checkbox on the left, then press OK. MSCONFIG will tell you that you need to restart the machine. Don't, as there is no reason to do so.
Again, it will be absolutely necessary for you to close all open Internet Explorer windows before any of these changes take effect.
Email the webmaster of this web site with the URLs of the sites you were hijacked to. As soon as this list grows to a substantial size, I will offer a downloadable list so that people who like to know which sites are using these despicable methods may have it. I need the URL that was set, and I need to know whether it was the home page that was set, and/or if it was the search URL. The address is mikeh@nlcomputers.com.
-------------------------
OK I have tried all of the soulutions but i cant fix this.
My home page is stuck on some weird site
I cant login to any email accounts wjislt in Win98, it keeps telling me to activate the cookies even though they are already actaivated
PLEASE PLEASE PLEASE help, if someone doesnt reply im going to have to be reinstalling Win 98, which i dont want to do cos thats ment to be installed FIRST on a dual boot OS but i already have XP installed and cant afford to have to install that again
HELP HELP HELP HELP HELP HELP
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
Ok, my comp has been hijacked
Read this (sorry for the lenght):
The Problem
There is a despicable trend in recent months where the browser settings of web surfers are being hijacked. Browser hijacking is where malicious code of some sort, whether it be javascript, ActiveX, or some other sort of scripting, modifies your browser settings. It can also mean that your default start page has been reset from your choice to something else. Sometimes javascripts will add ready-made internet shortcuts to your favorites folder without asking you.
In some cases, these changes are reversible simply by going into internet options and switching them back. Not always however. Sometimes it's necessary to edit the windows registry (gasp!) to undo the changes made. Sometimes there is even a combination of registry setting and files clandestinely placed on your hard drive that redo your settings every time you reboot the computer. No matter how often you change your settings back, they are changed again the next time you restart. There have even been cases where internet options have been removed from the tools menu by registry hacking to prevent you from controlling your own web browser!
AOL has started doing something similar recently by placing it's web site free.aol.com in IE's trusted sites security zone, thereby bypassing the most frequently used security settings. This occurs after installing their AOL software, AOL Instant Messenger, Netscape 6.x, and even the latest ICQ2001b has reportedly done this.
--------------------------------------------------------------------------------
Some examples of this
Peter's search page was being reset to something other than his choice every time he rebooted his computer.
Read the story.
A person trying to fix a client's hijacked computer ended up getting hijacked himself!
Read the story.
Something similar even happened to me.
Read the story.
--------------------------------------------------------------------------------
Prevention
A product called Start Page Guard has been made that will protect your browser settings. You can get this free product from the maker's site, or from right here at downloads/spg13.zip.
There is also a beta version of more powerful product from the maker of Spyblocker. You can read about it on this message board topic.
There is a new product out called Guard-IE that also combats this problem. Guard-IE will prevent scripts from resetting your home page, and allows you to prevent sites from moving or resizing your browser window. This product is a 20-day trial. Read about it at Failsafe Technologies.
These products should protect you from this problem. If this has already happened to you, I have my own solutions below that I've come up with after fixing this same problem countless times. Read on...
--------------------------------------------------------------------------------
How to fix this
Please read the disclaimer below before doing anything described here. By following any of these instructions, you agree to be bound by the disclaimer. If you do not agree, do not follow these instructions. Also note that with Windows NT/2K/XP you will likely need to be logged in as an administrator for much of this. Go ahead and do that now. If you are using Internet Explorer, you can click here to bookmark this page so that you can come right back after logging back in.
--------------------------------------------------------------------------------
Let's do this by fixing an imaginary "worst case scenario".
The situation: Your browser now has a new start page and a new search page. You go to Tools > Internet Options to fix this, only to find that option grayed out. You open the control panel, only to find Internet Options missing from there too. You try to open regedit to start hacking away at the registry, but you're given the message that "your administrator has not given you that privilege". Some scumbag webmaster has gotten a scumbag script kiddie to truly mess up your browser settings, and has made it next to impossible for you to change it back.
Notice that I said "next to impossible"...........
So, what you do here?
If you can not run REGEDIT: Right-click the link and choose save as to download this .reg file. Once downloaded, right-click the file and select merge. That will undo the registry hack that has disabled REGEDIT.
Second, you have to get Internet Options back into the control panel. Do a file search and look for a file named "control.ini". Open it in Notepad. You may see something like this:
[don't load]
inetcpl.cpl=yes
Delete everything underneath "[don't load]" until just before you come to another entry in brackets []. Save and close the file, then try control panel again. If it's still not there, restart your machine and it should be there.
Next you have to unlock all of the options you have been locked out of.
Go to the start menu > RUN command > type REGEDIT and press enter.
To avoid confusion from this point on, I will call registry hives and nodes "Folders" since that's what they look like in the most common registry editors. Navigate through the folders until you get to HKEY_CURRENT_USER\software\policies\microsoft\internet explorer. If there are sub folders called "restricted" and/or "control panel", delete them. Close regedit and all open Internet Explorer browser windows. You now have access to your internet options again.
Now you need to reclaim your search settings. If you want to reset them to Internet Explorer's default, you can right-click the link and choose save as to download the .reg file. Right-click on it and merge it into your registry. This will set Internet Explorer to use MSN.com, which is the default setting.
Lock your home page. Open Internet Explorer options and reset your start page from the general tab. Click OK to save it. Then, right-click the link to download this .reg file and merge it into your registry. This will lock your start page so that no web site will be capable of resetting it. Note: This step does not always work. I'm not clear on why this is.
Note: The following is the text of the previous .reg file. The registry paths may be different depending on your machine and how many users are set up on it. If there is more than one user account on your machine, you will need to change .DEFAULT to each user name (you will find the user name(s) in the place of .DEFAULT in your registry editor).
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Control Panel]
"Homepage"=dword:00000001
This fixes (I hope) all the problems associated with using your settings as you choose. So you're all set now, right? Well, not really. The next time you reboot, the hijack comes right back.
The reason for this is an entry in the Per User Run section of the registry. In all but one case, it has either been "regedit.exe /s filename" or "c:\windows\regedit.exe /s filename". That command will cause regedit to import whatever text is in the file into the registry if it's in the right format, regardless of the filename and extension. It does this registry merge with no prompting at all, so the user never realizes it has happened.
Here's how you fix this:
Start menu --> Run --> type MSCONFIG --> press enter. (Note: Windows 95 and 2000 do not ship with MSCONFIG, so you will need to download Startup Control Panel by Mike Lin which does a much better job of managing startup programs than MSCONFIG. Download the standalone version and open it to the HKCU / Run tab).
Click the "startup" tab and look for an entry with "regedit.exe /s" in it. If you find it, disable that entry by clearing the checkbox on the left, then press OK. MSCONFIG will tell you that you need to restart the machine. Don't, as there is no reason to do so.
Again, it will be absolutely necessary for you to close all open Internet Explorer windows before any of these changes take effect.
Email the webmaster of this web site with the URLs of the sites you were hijacked to. As soon as this list grows to a substantial size, I will offer a downloadable list so that people who like to know which sites are using these despicable methods may have it. I need the URL that was set, and I need to know whether it was the home page that was set, and/or if it was the search URL. The address is mikeh@nlcomputers.com.
-------------------------
OK I have tried all of the soulutions but i cant fix this.
My home page is stuck on some weird site
I cant login to any email accounts wjislt in Win98, it keeps telling me to activate the cookies even though they are already actaivated
PLEASE PLEASE PLEASE help, if someone doesnt reply im going to have to be reinstalling Win 98, which i dont want to do cos thats ment to be installed FIRST on a dual boot OS but i already have XP installed and cant afford to have to install that again
HELP HELP HELP HELP HELP HELP
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
Yo Sup
I have opera and this affects all browsers on the OS, opera inculded and Netscape too.
IMPORTANT QUESTION : CAN 98SE BE INSTALLED AFTER I HAVE INSTALLED XP PRO ON DUAL BOOT, I KNOW 98 (first edition) CANT BUT CAN SE?????
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
I have opera and this affects all browsers on the OS, opera inculded and Netscape too.
IMPORTANT QUESTION : CAN 98SE BE INSTALLED AFTER I HAVE INSTALLED XP PRO ON DUAL BOOT, I KNOW 98 (first edition) CANT BUT CAN SE?????
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
o Sup
*sniff sniff* i think im going to cry.......my comp is now terminally ill........
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
*sniff sniff* i think im going to cry.......my comp is now terminally ill........
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
a simple solution to all your problems ellis, buy a mac 
LS's Tip of the week
ESSENTIAL OILS aren't essential unless you're an engine, a gearbox or a twat
LS's Tip of the week
ESSENTIAL OILS aren't essential unless you're an engine, a gearbox or a twat
Yo Sup
another problem jsut occured
The XP disc i have does NOT have a boot loader on it so this means i have to have an OS installed if i want to reinstall XP
The boot loader on my 98 disc is damaged. The guy who copied it for me did a drop and drag copy and since some of the CD is invisible it didnt copy right and the boot loader bit is damaged
So i dont have a CD that i can install from so Format C: is out of the question
UNLESS a boot disc would work? If so how do i create a 98 boot disc so i can install that first then install XP afterwards?
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
another problem jsut occured
The XP disc i have does NOT have a boot loader on it so this means i have to have an OS installed if i want to reinstall XP
The boot loader on my 98 disc is damaged. The guy who copied it for me did a drop and drag copy and since some of the CD is invisible it didnt copy right and the boot loader bit is damaged
So i dont have a CD that i can install from so Format C: is out of the question
UNLESS a boot disc would work? If so how do i create a 98 boot disc so i can install that first then install XP afterwards?
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
Yo Sup
Next question
How do i unistall an OS, say 98 for example?
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
Next question
How do i unistall an OS, say 98 for example?
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
Yo Sup
Right, after alot of talking on the phone to a friend who is down in Sheffiled (so nice long distance phone call) i know how to do it
First make an XP Boot disc
then Format C: (98 is on C:, XP is on the D
then reinstll 98 SE onto the C:, this will over-right the boot sector and it will only give the option for me to use 98
Then Boot with the XP boot disc, this will give me the option to restore the old record
Then when i start the computer i will get the otpion of using XP or windows 98
Great, i get to play around with stuff i dont really understand, oh joy, sounds like fun :p
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
Right, after alot of talking on the phone to a friend who is down in Sheffiled (so nice long distance phone call) i know how to do it
First make an XP Boot disc
then Format C: (98 is on C:, XP is on the D
then reinstll 98 SE onto the C:, this will over-right the boot sector and it will only give the option for me to use 98
Then Boot with the XP boot disc, this will give me the option to restore the old record
Then when i start the computer i will get the otpion of using XP or windows 98
Great, i get to play around with stuff i dont really understand, oh joy, sounds like fun :p
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
Good luck 
Poor Ellis. He allways gets some viruses and bugs and erros and... huh
buy yourself one of these new keyboards ellis
look on the plus side, it'll stop all the bother of going into a dos window
LS's Tip of the week
ESSENTIAL OILS aren't essential unless you're an engine, a gearbox or a twat
look on the plus side, it'll stop all the bother of going into a dos window
LS's Tip of the week
ESSENTIAL OILS aren't essential unless you're an engine, a gearbox or a twat
or failing that, get one of these keyboards
LS's Tip of the week
ESSENTIAL OILS aren't essential unless you're an engine, a gearbox or a twat
All very interesting, you must be on the alert for unwanted intruders, run a firewall like zonealarm and a traceroute program to hunt down sites that attempt to connect and plant unwanted items on yr system, use adaware by lavasoft.de to remove spyware, my bet is you all have some. I remove 2 a week usually. Also go check out grc.com for security info, downloads, links etc.
[www.mediafire.com] Some say you should click it, you know you want to. [www.gp4central.com] <----GP4 Central
[www.mediafire.com] Some say you should click it, you know you want to.
[www.gp4central.com] <----GP4 CentralYo Sup
I run the firewall in XP and thats fine, my dad uses 98 and he doesnt run one >
Im at school, going to try this thinkg tonight, oh joy, i get to mess bout in dos
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
I run the firewall in XP and thats fine, my dad uses 98 and he doesnt run one >
Im at school, going to try this thinkg tonight, oh joy, i get to mess bout in dos
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
Yo Sup
cant see that pic LS, in school they have blocked all pictures on fourms and when i go to the URL it denies access.
I have checked the 98SE documentation
It says that if planning a daul boot 98 must be installed fisrt, then further down the document it says it can be installed second if required
So the documentation is so bad it contradicts itself :S
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
cant see that pic LS, in school they have blocked all pictures on fourms and when i go to the URL it denies access.
I have checked the 98SE documentation
It says that if planning a daul boot 98 must be installed fisrt, then further down the document it says it can be installed second if required
So the documentation is so bad it contradicts itself :S
Racing Is Life. Anything that happens before or after is just waiting
Jesus may be able to heal the sick and bring the dead back to life, but he can't do shît for low fps
try [www.zonelabs.com] if you have'nt got a firewall
LS's Tip of the week
ESSENTIAL OILS aren't essential unless you're an engine, a gearbox or a twat
LS's Tip of the week
ESSENTIAL OILS aren't essential unless you're an engine, a gearbox or a twat
Sorry, only registered users may post in this forum.