Google Answers Logo
View Question
Q: I can't keep as my homepage!! ( Answered,   3 Comments )
Subject: I can't keep as my homepage!!
Category: Computers > Internet
Asked by: soulnsea-ga
List Price: $2.00
Posted: 16 Apr 2004 01:05 PDT
Expires: 16 May 2004 01:05 PDT
Question ID: 331136
Hello, I still have a computer bug. I have a P4 running XP. My
Internet privacy is set on high, yet every time I log onto the
Internet, my home page is changed from (which I want!) to
this irritating page--


What is this site, how did it infect my computer, and how do I get rid
of it please?!!  No matter how many times I make google my choice as
my homepage, this site above changes my settings -- with popups
galore, etc.

Please help me kill this evil site.  I wrote to them and they have
ignored me.  Thanks from a loyal, broke google fan!
Subject: Re: I can't keep as my homepage!!
Answered By: hibiscus-ga on 16 Apr 2004 16:59 PDT
Hi soulnsea, 

I found the answer to your problem in a discussion forum here:
and I've taken the pertinent information and provided some updated
links to software below.

It appears that you have been hit by the CoolWebSearch hijacker.  You
can download the CoolWebShredder that should fix this problem here:

Once you run that you should go to the Microsoft Windows Update page
and download all the critical updates.  This should fix the
vulnerability with the Java VM that allowed this to install itself in
your system.

You should also then run HijackThis, available here: and scan your system
for any plugins installed in your Internet Explorer.  Make sure to
check off these entries for fixing, and then click the Fix Checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= res://mshp.dll/sp.html#37049

O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Documents
and Settings\Jan Russell\Application Data\sysdt\sysdt32.dll

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} -
C:\Documents and Settings\Jan Russell\Application

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} -
C:\Documents and Settings\Jan Russell\Application

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: VPN Client.lnk = ?

Once you've done that, delete this folder: C:\Documents and
Settings\[Your User Name]\Application Data\sysdt

You should then run AdAware available here: to find any other things
lurking in your system.

Finally, just to be really sure you're clean, you should run SpyBot
available here: to check for
problems.  Remove anything marked in red.

That should fix things for you.

Good luck,


Request for Answer Clarification by soulnsea-ga on 16 Apr 2004 23:45 PDT
Dear Hibiscus (the Hawaiian state flower):

You are the bomb. No, you are a big King Kamehameha Bomb (this is good
thing)!  My homepage has returned!!  Thank you!!  But now a
simple question please.  In following your complete instructions, I
went to the site below to remove java VM from my PC running XP. So how
do I find these "following items" and how do I delete them?  The
author offers no instrucions here.  I have already downloaded Sun's
java update, I hope this is okay.  Thanks again, er, Mahalo!  GF

"After the machine restarts, delete the following items: 
the \%systemroot%\java folder 
java.pnf from the \%systemroot%\inf folder 
jview.exe and wjview.exe from the \%systemroot%\system32 folder 
The HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM registry subkey 
Explorer\AdvancedOptions\JAVA_VM registry subkey (to remove the
Microsoft Internet Explorer (IE) options)"

Clarification of Answer by hibiscus-ga on 17 Apr 2004 16:50 PDT
Hi again, or maybe Aloha would be better,

The \%systemroot%\ folder is just the folder where your Windows is
installed.  Usually that's c:\Windows\

The keys you need to delete are in the registry.  You'll need to use
regedit to remove them.  Click Start -> Run and then type 'regedit'
(no quotes) and hit enter.  You'll see HKEY_LOCAL_MACHINE with a small
plus beside it.  Click that and it expands out into a big list of what
appear to be folders.  Clicking the plusses expands out the
sub-folders and eventually you'll get to the keys you're looking for. 
Then just select the key and hit the delete button and you're set.

I'm glad this has helped you out.

Subject: Re: I can't keep as my homepage!!
From: jhaire2-ga on 28 Jun 2004 12:47 PDT
Thank you, thank you for helping me get rid of coolwebsearch.    Thank
you, thank you.
Subject: Re: I can't keep as my homepage!!
From: soulnsea-ga on 20 Jul 2004 18:02 PDT
Hello Again:

The spyware program has returned.  It's worse than ever now. It
continually makes my homepage:


It's been here for almost 2 weeks. My computer is very slow now,
freezes, can't keep Google as my home page, etc.  I've tried
everything to fix this. New AdAware, new Spybot, amd CW Shredder.  I
even purchased the newest Norton AntiVirus. But still I get this on
every re-boot -- 10 entries to fix on HiJackThis, plus AdAware always
finds 7-10 problems on every re-start.

In desperation, I paid $39.95 to some ripoff company called XoftSpy. 
They took my money then sent me an email that said they would get back
to me when they could solve the problem -- this was over a week ago.

Here's a typical HiJAckThis report:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= res://C:\WINDOWS\system32\inayu.dll/sp.html#37680
O2 - BHO: (no name) - {0B1BB08E-50CD-5561-D255-BD8ED1F5FD01} -
O4 - HKLM\..\Run: [sdkyv.exe] C:\WINDOWS\system32\sdkyv.exe

Sorry for the long message.  You guys have been great.  Please help! 
I had to kill my card information after the XoftSpy ripoff.  Tell me
how to pay for your service please in a secure format.  I'm concerned
my computer security is breached.

Thank you,

Subject: Re: I can't keep as my homepage!!
From: hibiscus-ga on 21 Jul 2004 12:20 PDT
Hi Soulnsea, 

To answer the last part of your question first, in order to pay for
Google Answers you do require a valid credit card. If you have
cancelled your card you will need to get a new credit card in order to
pay for the service.  The payment process is secure, with encryption
used on the credit card information page, but if you're very concerned
about software on your computer stealing your card information you
might want to post your question using a different computer.

In the mean time I can offer two quick suggestions to you.  First, use
regedit to go to the
HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run and
delete the registry entry for this sdkyv.exe program.  This may fix
the problem (though it may be more complicated).

Second, regardless of whether that works, you may wish to stop using
Internet Explorer.  It's quite prone to this sort of thing.  You may
want to download Mozilla or Mozilla Firefox from .  Firefox (the stripped down version of
Mozilla) is very fast, very small, and works much better than IE

If this doesn't solve your problem you should post another question. 
But, as I say, you'll need a valid credit card to do so.


Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy