RE: Idgsearch.com styleclickinc.com browser hijack.

From: Brian [MSFT] (bschafer_at_online.microsoft.com)
Date: 12/05/03 

Date: Fri, 05 Dec 2003 09:57:24 GMT

More than likely, there is a batch file or exe which is kicked off by one
of serveral different methods... this process may employ several different
methods to enforce/reapply the obnoxious settings. A good place to start
is the System Configuration Utility which can be accessed via Start > Run >
"msconfig" (without the quotes). On the Startup Tab, I would scrutinize
each of the items... paying special attention to the "Command" column. I
would be highly suspicious of anything that ends with a .bat. If you find
a .bat in an entry, locate the file and open it with a text viewer. To
some this may be an advanced task. Be sure not to make changes that you do
not know how they will affect the machine. But my bet would be that there
is a .bat file that is running a .reg file and modifying the registy...
specifically the IE home page settings.

Hope this helps.

Brian Schafer, MCSE, MCSA, CISSP, Security+
bschafer@online.microsoft.com

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
> >I have some type of trojan horse, spyware, or java
> >browser hijack software on my system. It keeps
> resetting
> >my home page to idgsearch.com, putting ponographic links
> >in my favorites, installing an online dialer program,
> and
> >changing my IE settings. I am running IE 6 SP1 on XP
> Pro
> >SP1 with every update installed! I have run ad-aware,
> >Norton anti-virus, and deleted numerous "infected
> >files." I have searched for days now for a soulution
> >that works. If anyone has **__successfuly__** removed
> >this software, please send an e-mail my way.
> >
> >Thanks a lot!
> >stech85 [at] hotpop.com
> >.
> >
>

Relevant Pages

  • Process opens program window when outside Visual Studio
    ... When I run my program inside Visual Studio the bat and exe ... redirected to my stream reader. ... Why does this work when I'm inside Visual Studio but not outside?! ...
    (microsoft.public.dotnet.languages.csharp)
  • Unknown Publisher from network drive
    ... Anytime I click on a *.bat or *.exe or ever *.hlp on a Novell network drive. ... I have another box identical to the WinXP SP2, Novell Client 4.91 SP2, ...
    (microsoft.public.windowsxp.general)
  • Running a .bat file via AppActivate
    ... I'm trying to run a .bat file from a macro. ... AppActivate" code). ... I can even call a .exe renamed as ... shows a return value from the shell function of -610925 ...
    (microsoft.public.excel.programming)
  • Mission statement: Ruby application for Windows
    ... Obtain Windows executable file from my Ruby script. ... Why not .bat? ... As far as I undrestand, .exe files created by RubyScript2Exe, are ... libraries from exe resources can be require'd. ...
    (comp.lang.ruby)