Internet access hijacked by mshp. How can I erase it? 3

[jab2]

Not a great problem but really annoying. I am on with Tiscali.co.uk and when I start up I have always had their homesite as my "home". Recently every time I go on the net I find myself connected to a mshp.index site which is a sort of search page. I searched my C drive and found an mshp.dll on C/ so I erased it and cleared it out of recycle bin. No good as soon as I switch on again or go on line the dll is back on C/
Obviously something has been planted somewhere but anyone any idea where to look and for what ( a find mshp search just reveals the mshp.dll mentioned above.)
Please keep it simple for a basic "can just get about" user type
Many thanks

 

[FarOut]

Check out this thread, 608-738925. Look @ the reply from Bcastner.

FarOut
V-Peace-V

 

[MCBaltimore]

Search Google for "mshp.dll" and read the tek-tips thread to find out that a program called cwshredder will get rid of it. (I'm not familiar with cwshredder.) Ad-Aware and Spy-Bot with 31.12.2003 updates don't find it yet, but I'm sure that they'll be updated.

I removed it manually from a friend's computer running Windows ME as follows:

Search the registry--using regedit--for "mshp" and edit these web page references to a different safe address (I wasn't sure if it was safe to delete them). There were two or three of them.

Then search the registry for "highjack" or "hijack" and delete all keys related to "highjack this"; there might have been two of them.

Search for and delete mshp.dll (it was in the root directory), search for and delete "highjack"-related files (if any exist, I don't remember), reset the home page in IE, reboot the computer, check and verify everything. (This process took me two hours to figure out, but shouldn't take more than 10 or 15 minutes to do.)

I also used Spy-Bot to review and remove some suspicious ActiveX programs and other internet debris, but I'm not sure if that had any effect on this problem.

WARNING: Edit the registry at your own risk. Otherwise, use a utility or have a knowledgeable friend do it.

 

[rugbyone]

I had a similar problem but seemed to have solved it by going to "add/remove programmes" and deleting a new programme that had installed itself on my machine entitled "iefeatsl". This seemed to have done the trick. I don't know how the programme works but it had the effect of taking over any searches I carried out and highlighted words like "games" and formed them into hyperlinks that redirected me to a search-company.com web site. i have also found the mshp.dll file but haven't yet uninstalled it, purely because I wasn't sure if it carried out any other functions.
Another site that I was redirected to was search-aid.com, the interesting thing is that both these sites are registered to the same guy a Brit in the south east. Surely something can be done about him as he seems to be the cause of all these problems?

 

[MCBaltimore]

This mshp hijack thing does not leave any visible tracks in the Add/Remove Programs section, but it's certainly a good place to look for getting rid of similar things.

While the redirection does not go to offensive sites, the methodology is certainly offensive, and mucking about in the registry is not the safest way to get rid of these things.

 

[VladinSea]

I had the same problem. The program did appear in my Add/Remove Programs list as iefeatsl (or something similar). I removed it and rebooted. The mshp.dll file showed up in my C:\windows directory.

I'm wondering if anyone has any more concrete info on who this guy is who created this program.

 

[jwsmith4]

I use Windows XP Professional and Internet Explorer 6.0:

iefeatsl is definitely the problem. It downloaded to my PC on December 28, 2003. I just used Windows Explorer to rename "C:\Documents and Settings\[username]\Application Data\iefeatsl" to iefeats1_ and effectively eliminated the homepage remap problem discussed in this forum. I will rename the folder back now and use Control Panel, Add Remove Programs to erase it permanently!

 

[jackbarry99]

I am brand new, here, thank you. I typed into Google "mshp dll switching", and was led here, to this thread.

I think it is typical Microsoft corporate crap.
Drives me nuts.

I await the answer.

jack barry in San Francisco.

 

[jab2]

Hi
Found this iefeats and deleted it, solves problem thanks.
However also see 2 others not mine I4q which seems to be a web application also submit url. Anyone know if these are safe?
many thanks
JAB

 

[Arrrg]

Mshp.dll I just re-named the mshp.dll file to mshp.d and solved the problem. Robert M Peternell

 

[marks54]

Troj_Iefeats.a is the malware responsible for all of these extraneous and annoying files. You will find good info regarding cleaning all the appropriate files and registry entries on Trend Micro's web site. Link is below. I noticed the responses seem to hit on partial solutions but not totally eliminating the problem. Hope this helps.
Trend's link below:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IEFEATS.A

 

[ArtVandalais]

I have erased virtually all of the infected files but I cannot erase the msiesh.dll b/c windows says that it is still in use. I cannot rename it either. Any suggestions would be greatly appreciated!

-Art

 

[Prydonian]

Art;

Boot up in safe mode. This should allow you to delete the file. Alternatively, try deleting the file from a dos window....



Mike

 

[crashax]

Reg edit
then go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

and ensure that web site is listed as any value.

 

[princessAPC]

IE6 carries spyware. it has from the start. it alwys does... put 3 in my sys in one month! I use netscape7/mozilla

 

[krisnamurali]

hi,
i had some problems similar to yours. there are couple of spyware softwares that search and destroy all spy softwares on your computer including files like mshp.dll. some of them are paid spyware. try spybot s&d. search in google.com for sypbot and download it. it's free softare. search for problems and fix them i.e. it deletes all pests from your computer including those from the registry.
regards
kris