Dear semianswers-ga,
There are a number of possibilities to solve this problem. The best
and first resort I would suggest is a freeware product, "Ad-Aware",
which is specifically designed to counter this type of browser
hijacking.
"Ad-aware is a powerful removal utility designed for Windows 98 / 98SE
/ ME / NT40 / 2000 / XP Home / XP Pro platforms that scans your system
for components of known Spyware/Adware parasites, Malware, Browser
hijackers, Scumware, Foistware, and allows you remove them efficiently
and safely."
- Lavasoft FAQ
http://www.lavasoftusa.com/faq.html
You can download Ad-Aware from:
http://www.lavasoftusa.com/downloads.html
or
http://www.webattack.com/get/adaware.shtml
If Ad-Aware fails to solve the problem, it is possible to resolve most
issues of this type by editing the registry; automated tools to do
this and the locations of the registry keys that control auto-starting
applications can be found at:
http://www.petri.co.il/control_auto-starting_applications.htm
(When using them, I would advise caution to avoid removing any system
applications - depending on what you have installed there may be
several that aren't immediately obvious but are necessary - and
especial caution if you chose to edit the registry manually.)
It is possible, although unlikely, that the particular web page which
is troubling you is both uncurable by Ad-Aware and not amenable to
resolution by the other technique I describe, in which case more
detailed investigation of that specific page would be required.
If this answer isn't quite what you're looking for, please feel free
to request a clarification.
Hope this helps,
cerebrate-ga
Search strategy:
startup locations - ://www.google.com/microsoft?hq=microsoft&restrict=microsoft&hl=en&lr=&ie=ISO-8859-1&q=startup+locations |
Request for Answer Clarification by
semianswers-ga
on
30 Dec 2002 08:55 PST
The fix had no affect. Basically, I altered the "regedit" file and
ran the Ad-Aware software to look for the file and delete. The file
comes up in the taskbar first, then an Internet Explorer window pops
up with the page, and an icon gets added to the desktop. Regardless
of what I delete, the file and icon returns. Obviously, the start-up
has attached itself somewhere and possibly used a different file name.
Also, the executable file is in the "All Users" folder under
documents and settings - once again, it re-appears even after I delete
it when the computer is restarted. The page is
http://www.allsex.goo.pl and the executable file is Ulubione
strony.exe. I guess I'll watch what I type in for a search name next
time.
Thank you,
|
Clarification of Answer by
cerebrate-ga
on
30 Dec 2002 12:02 PST
Sorry that didn't work for you.
I've checked out the web site in question, and I noticed that it tries
to download a piece of software onto your machine when you visit it -
I suspect that this is what is likely to be causing your problem. It
also appears to be specific to that site, which is probably why
Ad-Aware didn't handle it.
If that's the case, I'd first check in "Add/Remove Programs" to see if
there's anything you don't recognise. A long shot, but it sometimes
works.
It may also be worth checking under "\Windows\Downloaded Program
Files" to see if it's lurking in there, in which case you can simply
delete it, along with the executable, etc. that you know about, and
checking under "Internet Options/Security" in IE to ensure that both
"Download ActiveX controls" settings aren't set to "Enabled".
I've also dropped a line to the Ad-Aware people making them aware of
this particular trojan, and I'll let you know what comes of that.
Unfortunately, as there are so many places where such a malicious
piece of software could embed itself into the system, and as this
particular site and trojan appear not to have been documented anywhere
by previous sufferers, there's not really anything more that can be
done other than the above. Hopefully the note I've dropped to the
Ad-Aware authors will produce some result for you.
Apologetically,
cerebrate-ga
|
