Home Page Changing Unexpectedly

Hi

I have encountered a problem whereby the home page on my Internet Browser
(Internet Explorer 6) constantly returns to a different home page from the
one I set. As I've never set the unwanted home page I can only presume that
a virus has infected this at some point.

I've followed the Microsoft Knowledge-Base Article 320159 to the letter but
this has not resolved the problem. In fact I've performed a Diagnostic
Start-up clean boot with no system services loaded and when editing the
registry the problem still cannot be resolved. I've attempted to change the
registry entries for the subkeys Default_Page_URL and Start Page and
whenever you change to another subkey and back, the value has been restored
to the unwanted value. Even deleting the values the subkeys are re-added
with the unsolicited URL.

If anyone can offer any solutions to this problem I'd be extremely grateful.

I use Norton Anti-virus auto-protection and BlackIce firewall protection and
at present no viruses are being detected.

Many thanks for your help.

Peter

On Fri, 11 Jun 2004 14:50:22 +0100, "Peter" <*email_address_deleted*> wrote:

>Hi
>
>I have encountered a problem whereby the home page on my Internet Browser
>(Internet Explorer 6) constantly returns to a different home page from the
>one I set. As I've never set the unwanted home page I can only presume that
>a virus has infected this at some point.
>
>I've followed the Microsoft Knowledge-Base Article 320159 to the letter but
>this has not resolved the problem. In fact I've performed a Diagnostic
>Start-up clean boot with no system services loaded and when editing the
>registry the problem still cannot be resolved. I've attempted to change the
>registry entries for the subkeys Default_Page_URL and Start Page and
>whenever you change to another subkey and back, the value has been restored
>to the unwanted value. Even deleting the values the subkeys are re-added
>with the unsolicited URL.
>
>If anyone can offer any solutions to this problem I'd be extremely grateful.
>
>I use Norton Anti-virus auto-protection and BlackIce firewall protection and
>at present no viruses are being detected.
>
>Many thanks for your help.
>
>Peter

Peter,

This is a browser hijack. The newer versions of this attack need very careful
analysis and removal.

First, download LSP-Fix and WinsockXPFIx from <http://www.cexx.org/lspfix.htm>,
and CWShredder from <http://www.majorgeeks.com/download4086.html>. All are
free.

Next, close all Internet Explorer and Outlook windows, then run CWShredder.
Have it fix all variants.

Now check for, and remove, spyware. Get HijackThis
<http://www.majorgeeks.com/download.php?det=3155> and Spybot S&D
<http://www.safer-networking.org/index.php?page=download>. Both free.
1) Install and run Spybot. First update it ("Search for updates"), then run a
scan ("Check for problems"). Trust Spybot, and make all recommended deletions.
2) Install and run HijackThis. Do NOT make any changes immediately. Save the
HJT Log. <http://forums.spywareinfo.com/index.php?showtopic=227>
3) Have your HJT log interpreted by experts at one or more of the following
forums (and post it, or a link to your forum post, here):
<http://forums.net-integration.net/>
<http://forums.spywareinfo.com/>
<http://forums.tomcoyote.org/>
<http://www.wilderssecurity.com/>

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.