home search hijack etc

  rsturbo 05:33 27 Nov 2004

have been hijacked, i can't get into the trusted sites applet in tools/internet options/security - its greyed out? i bet this crap hijack has something lurking in there. any ideas how to get access to this applet would be greatly appreciated. have followed various links on this subjectfrom this and google searches - nothing seems to work for me :(

  smudge101 06:38 27 Nov 2004

I take it you have tried the available programs such as; Hijack this, Spybot, adaware etc?

  smudge101 06:54 27 Nov 2004

It sounds as if a good virus scan is needed, if you run Hijack this it may pay to do it in safe mode.

  JoeC 08:50 27 Nov 2004
  Andsome 09:15 27 Nov 2004

Go to this website and follow the instructions for downloading and running a program called Hijack this. DO NOT attempt to do any deleting yourself. Post your scan on the site, and you are virtually certain to get your problem resolved. There are several experts on the site who are geniuses at sorting out these problems. Several of them also visit here. The problem here is that due to restrictions you have to split your scan into two halves for posting, whereas on Windows forum you can post it all in one go.

click here

  Taff36 09:38 27 Nov 2004

You definately need Adaware & Spybot search and destroy when you`ve sorted out the problem. In Spybot S & D you can select a setting that specifically prevents anyone (Including you) resetting the homepage - you have to manually turn it off before doing so.

  Nellie2 10:55 27 Nov 2004

Home Search is a particularly nasty hijack. Adaware and Spybot won't be able to clear it completely although they will get rid of other dross you may have collected.

I will need to see a hijackthis log before I could advise you how to progress on this, as andsome says, the board formatting makes it easier to deal with at the other place but it's up to you where you prefer to post. click here for hijackthis download and info.

  JaßîsFaß ˜ 20:29 27 Nov 2004

Have you tried CW Shredder? free from click here

  Dorsai 20:46 27 Nov 2004

And with a hijack this reply, you will need to split the report into more than one bit, or the 800 word limit may be passed.

Double space it so it reads right. this site does not allow you to post a line by line thing, without a gap...

like this is,

a line

and a gap.

then a line.

  rsturbo 00:38 28 Nov 2004

used hijack this before so have used that, got rid of main infection - can now keep hold of home page. However i run spybot and it comes up with 4 or 5 changes in zones section of registry: WebTrends live: Tracking cookie (Internet Explorer: user) (Cookie, nothing done)

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1606980848-839522115-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

i now have control of my zones applet in security tab - removed suspicious ip address.
in add/remove programs i can'trid myself of:
home search assistant, shopping wizard, windows task aid, search extender when i try i get sent to a website and asked to click a link to download removal program. yeh right!!

  Nellie2 00:44 28 Nov 2004

Ignore the DSO exploit from Spybot, it is a bug... hopefully it will be fixed in the next release.

With Home Search.. unless you get everything all in one go then you will just be re-infected on reboot... some variants have a super hidden dll that needs to be unhidden and killed.

I need to see a hijack log to see which variant you have and then we can take it from there.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 6 review

Best art and design exhibitions in 2018

MacBook Pro keyboard issues and other problems

E3 2018 : dates, conférences de presse, billets et plus