I think I contracted a "Trojan" or something. I set my home page to Gixxer, apply, close, no problem, but when I reopen IE it comes up with "about:blank" in the URL field and it is a search page. I have reset it in internet options 1000 times. Ran CWshredder and Adaware 6.0, deleted everything in "Add, remove programs" that I knew didn't belong, but it still comes back EVERY time. I even tried to get smart and get the IP address for it, but it doesn't produce one !! I cleared out the temps & cookies, opened the page and then looked in the folders again, but it doesn't leave a trace. It also doesn't show up in "Processes" with Ctrl-alt-del. I can't wait to start my MCDBA/MCSE course so I can figure these things out !!
If any of you know how to help, please do !! I would greatly apprecite it !!
Thank you in advance.
P.S.~ I am running XP.
grab Spybot Search and destroy , and give that a run first.. if that doesn't do it, then crack open your registry and search for all the keys to do with the 'homepage' setting in IE.
I can't remember where it/they are right now.. but a little hunting never hurt anyone....
oh yeah... hope you've done reg work before ... if not... stay outta the registry, you might break everything
Motorcycle: 2001 GSXR 1000 modded to the hilt, 2000 GSXR 600 race bike
Posts: 88,757
Re: Need help with getting rid of home page !!!
do a search on Kazaa for a cracked version of Spy Hunter that is the best spy remover program I've used. if you just get the trial version you will have to manually go into your registry to remove the spyware, the cracked version will do it for you
I think I know what that is, little executive file that is located in C:\windows\ Directory. I found a file that didn’t belong (deleted it and anything else that looked similar to it) and after rebooting no more problems. Never seen it again but in my case it was easy because it had a black spacecraft as an icon so… I spotted it right away. It must have a string in config.sys and/or autoexec.bat If not than back up your files and reinstall everything. I do it every 8 months, too much crap (useless driver that computer has to go through to get to the right file) slows down my computer too much. Hope this helps
Thank you very much guys !!! I will try it tonight and let you know what happens. I have already went through C:\Windows and removed everything that I knew didn't belong and then add and remove programs. It is soooo frustrating. I change my home page in Internet options, run CWshredder, adaware6 and then try again and it is STILL there. It's like it's a .exe that is running everytime I open IE that changes my page. It also loads a "Lycos" program that REALLY pisses my off !!
MPD. Do you think you could help me get that program? I did a search, but nothing turned up. I am not using Kazaa anymore because of the RIAAssholes. Plus when I upgraded to XP I lost Kazaa Lite and now if you try to DL it, it makes you jump through a lot more hoops !! I'm using Blubster which SUCKS !!
Proper_Villain said:
I tried all of your suggestions, but it didn't get it !!! IDK what to do next.
So you tried Spybot S&D with no help? hrm! So you've deleted all your temp internet files and cookies. Have you checked your host file yet? about:blank could be set to something else. Have you looked through the startup (msconfig) to see if anything out of the ordinary is there? Post up a screen shot of your running processes so we can have a look. There is a registry edit to where you can change the "use default page" to whatever you want instead of the msn.com page. I don't know if that would help but I'll hunt down the string and see if that helps.
Alright. Here we are. First of all I really appreciate the help. This is soo annoying. I hate not knowing this stuff. Esp. since I have to work with it everyday. That's why I am taking the class soon (CEN 1300).
Ok, I think my problem lies with the "IST" entries and the optimizer. If you guys could explain regedit and what each of the processes are a little to me or send me to a site that I can learn about it better that would be great.
Thanx again !
Bottom half
And processes
I can see why when you bring up explorer it changes the home page. You have a bunch of strings in there for the search all proabably linking to some search page. It should have only one string the readssearch page) http://www.microsoft.com/isapi/redir...e&ar=iesearch. You also have multiple strings I have never seen before . Now this is a tough one cause there will have to be some reg. editing. Please before you go and change anything save your registry as it is so if we F'up we can go back. I'd hate to really screw you up .
First here is how my main folder looks like. It doesn't have everything in there yet, but I think this is how it is "stock"
First off you see that start page_bak, delete that. There you can change your start web page from start page: about:blank to gixxer.com. Second is I would delet the Search bar & page_bak, then change the search page back to http://www.microsoft.com/isapi/redir...e&ar=iesearch. I guess you had some sort of search bar w/ internet explorer like google or something so I have no idea what would go there. Lets try these first and see where your at. Next is check your host file under windows>system32>drivers>etc. Open that up with Notepad and see if you have a bunch of www's with IP's after them. You shouldn't have many if any at all.
It's strange that Spybot didn't pick these up cause that spyware has been out for some time. Good luck dude and keep us updated with progress. If anyone elese(beanfield, mtmra)has any other suggestions or warnings please speak up
Okay I have done all of that, but I am still getting the about:blank page.
Here is regedit now
I keep tracing down a file named hcimme.dll, but I can't delete it !! It keeps saying "file access denied" How can I?
I appreciate all that you have done. I think I'm close. I just need to figure this last bit out. I throw Spybot, CWShredder, Adaware and NIS at it. It will come up clean and then I will run it again and it will find more files !!!
Help.
Hey proper, I don't have to much time tonight so...! You see those strings that have res://.... change those. search bar i thing should be about:blank and the page to the microsoft one. Why do you want to delete the hcimme.dll? If you really want to delete it try going into safemode then try to delete it or rename the extention, then reboot and delete. I'll check back tommorow
My dad has a similar problem. Ad Aware and spybot haven't done shit. I tryed killing the .dll file and the registry entries, with no luck. I'm about to just FFR the fucker and get it over with.
I have used Adaware6, Spybot S&D, CWShredder AND N.I.S. scan. Just when I think I have killed it, I open a browser and it reappears !!! I wish I could lock down the system where nothing can be installed or redirected w/out my permission. I can up the NIS security, but then Google won't even load !!! I am soooo frustrated and I DON'T want to reformat, but that is the road I am heading down unless someone can help me out soon or I figure it out !!! So with that being said. Put in your 2 cents (about this problem) even if you don't know if it will work.
What version of SpyBot are you using? The latest beta ver. is 1.3, it finds a lot more stuff than 1.2. Hrrrm I am running out of ideas . How does your host files looks like? Were you unable to still get rid of the .dll file?
NIS did get rid of the .dll. It said "Would you like us to remove this file on your next reboot?". I am soo frustrated. This is the most effective virus I have ever seen !! Just when I think I have gotten rid of it, I open a IE browser and "Bam" it's back !!! Could you email me a larger screen shot of your regedit for me to see? I thought I was in big trouble a little while ago. I tried to delete some of the values in there and it said "access denied".
Thank you for everything you have tried !!! IDK what to do next.
search page) 
. Now this is a tough one cause there will have to be some reg. editing. Please before you go and change anything save your registry as it is so if we F'up we can go back. I'd hate to really screw you up 
. 
Linear Mode
