Remove this Banner Ad

Browser Hijacking!

🥰 Love BigFooty? Join now for free.

I

iceman

Premiership Player
Veteran
Apr 1, 2001
3,433
9
Sydney, NSW
AFL Club
West Coast
My IE home page is always reverting to a pr0n site. Now, ive used ad-aware and it finds the 'possible browser hijack' and i delete it. But when i restart my PC i get the same pr0n site again.

i thought maybe adaware was dropping their standards so i downloaded spybot and updated it and ran a scan, it found the registry settings that had been changed and cleaned them - after restarting the home page is back to pr0n again

ive even looked in the msconfig startup files and there doesnt seem to be anything there, also looked in the add/remove programs and nothing there either

can anyone help?? surely somewhere there should be something to get this removed?!! ive got XP Pro as my OS (just in case) :)
 

Log in to remove this Banner Ad

Originally posted by Fwoy
This may sound stupid and simplistic, but in Tools>Internet Options, under general, what does it list your homepage address as?

Have you been a naughty boy searching pr0n sites and clicking links? :p
Click to expand...

Not that simple mate, i keep changing that but after every restart i keep getting sent to that *ahem* site
 
Suggestions

Maybe also get some advice from members at this site in the viruses and spyware forum. They should be able to lead you in the right direction.


http://pcpitstop.ibforums.com/index.php?
 
There are a few things that may be causing your problem.

Firstly scan your computer for viruses, just a precautionary measure. If the program finds any viruses then clean your system.

The most probable cause is that a website you visited changed some values in your windows registry with Javascript. This is a little more tricky to fix, so follow my instructions carefully.

Before making any changes to your registry its important to back it up. Follow the link below.

Click here for instructions on how to back up your registry

After you've backed up your registry you then make the changes. Backing up is a pain, but believe me its worth it.

So now that you've backed up the registry, its time to make the changes.

1. Click on Start then on Run
2. In the dialog box type regedit and click OK
3. A list of folders will come up. Click on the + signs of the folders. First the one named HKEY_CURRENT_USER.

- Click on software then Microsoft Internet Explorer and then Main.
- On the right hand side scroll down until you find Start Page. If you see the address of the porno page that comes up when you open Explorer then this is your problem.
- To change the value of Start Page, right click and then select Modify. A box comes up, just type in the address of the site that you want to come up in the Value Data area.

If you dont find the address of the porno site in that area. THEN:

- Go up to and click Edit and then click on Find. Type in Default_Page_URL and then click find.
- The registry will open up at the correct place and highlight your search. If tjats the address then right click and do like before.

If the address isn't there, then type the address of the porno site into the find box and remove it from your registry. Remember dont delete the categories only the value (the actual address).

That should fix things. Good Luck.

:D
 
If the above doesn't work, try checking your hosts file (windows\system32\drivers\etc\hosts and open with notepad, you may have to take off read-only status) and make sure that the only uncommented liune says"127.0.0.1 localhost" or better still, go to http://doa2.host.sk/, which is kazaalite and install the supertrick, which will replace your hosts file.

If that doesn't work, within IE go to Tools->Internet Settings->General->Settings within Temporary Internet Settings->View Objects and remove any suspect looking objects. You can't really do any damage here, if you remove something you want, such as Shockwave, it should reinstall next time you need it.
 
Firstly, thanks for all your responses!!

I had a glance around the pitstop forum and it seems that ive got a registry setting/s being changed because of a flaw in VM....

However, just went to a command prompt and typed in jview and it doesnt find it, so it seems i dont have VM installed....

Might have to look at installing all the updates from Microsoft in the hope that fixes it
 
Originally posted by ferrets79
The most probable cause is that a website you visited changed some values in your windows registry with Javascript. This is a little more tricky to fix, so follow my instructions carefully.

Before making any changes to your registry its important to back it up. Follow the link below.

Click here for instructions on how to back up your registry

After you've backed up your registry you then make the changes. Backing up is a pain, but believe me its worth it.

So now that you've backed up the registry, its time to make the changes.

1. Click on Start then on Run
2. In the dialog box type regedit and click OK
3. A list of folders will come up. Click on the + signs of the folders. First the one named HKEY_CURRENT_USER.

- Click on software then Microsoft Internet Explorer and then Main.
- On the right hand side scroll down until you find Start Page. If you see the address of the porno page that comes up when you open Explorer then this is your problem.
- To change the value of Start Page, right click and then select Modify. A box comes up, just type in the address of the site that you want to come up in the Value Data area.

Click to expand...

Hey mate,

Ive done the above already. Ive tried manually going into the registry and changing the main page and it works while my PC is still on. As soon as i restart though the IE home page is changed again. Looking at the registry shows all my changes as being undone after a restart...

Cheers
 

Remove this Banner Ad

Found this from the pitstop website which is very similar to what im getting:



Epilogue - The Origin

We are pretty sure now CoolWebSearch is part of a new strain of trojans that have recently been identified that all have one thing in common: they install through the ByteVerify exploit in the MS Java VM and change the IE homepage, search page, search bar, etc. Take a look at this snippet from the description of the Java.Shinwow trojan:

QUOTE
This is a growing family of trojans that exploits the ByteCodeVerifier vulnerability in the Microsoft Virtual Machine to execute unauthorized code on an affected machine.
The variants of this trojan that we have seen in the wild have been functionally diverse; the common factor amongst them has been the use of the ByteVerify exploit to achieve their goals. Some variants may do little more than change the user's default Internet Explorer home page and/or search page via modifications to the registry.


We strongly recommend you install the patch, available from this MS security bulletin. If you have Windows XP with Service Pack 1a, your system has no MS Java VM. Information on removing the MS Java VM completely and replacing it with the newer, safer Sun Java VM can be found here.

An a side note, some of the affiliates (Search-Meta has been verified) use another Java exploit to install their malware. It's classified as the JS.Exception.Exploit, and a patch can be downloaded from this MS security bulletin



I downloaded from their site the "Coolweb" killer and it found 2 registry settings that are related to this spyware, sorted them out and did a scan of my PC saying that BYTEVERIFY is not installed on my PC.....
 

Remove this Banner Ad

Browser Hijacking!

Similar threads

BigFootyNews
News & Events Hackers hijack US radio gear -
Replies
0
Views
21
BigFootyNews
BigFootyNews
BigFootyNews
News & Events Researchers find vulnerabilities in OpenAI's Atlas agentic browser -
Replies
0
Views
25
BigFootyNews
BigFootyNews
BigFootyNews
News & Events AI browsers fall for scams and phishing, security researchers say -
Replies
0
Views
40
BigFootyNews
BigFootyNews
BigFootyNews
News & Events New account hijacking defences for Google Workspace and Chrome -
Replies
0
Views
58
BigFootyNews
BigFootyNews
BigFootyNews
News & Events Hackers hijack a wide range of companies' Chrome extensions -
Replies
0
Views
256
BigFootyNews
BigFootyNews
BigFootyNews
News & Events Browser vulnerability can be used to breach local networks -
Replies
0
Views
207
BigFootyNews
BigFootyNews

🥰 Love BigFooty? Join now for free.

Back
Top