Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Search engine hijacked 1

Status
Not open for further replies.
240u

240u

Technical User
Nov 8, 2002
6
US
I need help cleaning up my explorer after I was hijacked. I have read the FAQ section and reset my homepage. I deleted an unknown program from my objects menu and the sites were deleted from my favorites menu. The nasty sights no longer come up when I try to open Yahoo or Google but it put an address in my history when I go to yahoo or google. I reads something like this
( site/yahoo.com) in the drop down history menu. Can someone help me delete the program that is doing this?
Thanks
 
Sort by date Sort by votes
Howdy:

Do a search on your system for Lop.. It is spyware that has a habit of changing the search and homepage sites to those of its choosing.

Murray
 
Upvote 0 Downvote
Just delete the history folder...the system will rebuild it.
 
Upvote 0 Downvote
Are you referring to a drop down menu that appears only on those sites you mentioned? If so it sounds like an autocomplete history list. Go to tools--internet options--content tab--autocomplete button--click the clear forms button then ok out. That'll clear the autocomplete history that appears at search engine sites like Google.
 
Upvote 0 Downvote
I have just finished running the ad-aware software and it cleaned up a couple of registry keys and a few files. I am still getting some strange addresses in my history menu when I surf the net. An example is the following. I type in and yahoo comes up, but my history shows (http:// site.com/cgi-bin/proliv.cgi? I still have not been able to get rid of this. In the history menue It puts this stuff in front of every website I visit. It is no longer poping up the unwanted sites though.
 
Upvote 0 Downvote
thread748-402819
is a link to where Favorites were found in my registry and how to deal with them...just learn how to Export reg keys and save them (altho this one is relatively mild hack)
 
Upvote 0 Downvote
240u, are you referring to the History that appears when clicking the History button at the top of your browser? What's the address of the unwanted site that appears? Is it an adult site? If it's been less than 5 days of startups since the problem appeared then you could try restoring the registry to the day before the problem and see if that fixes it. To do that assuming you have 98, restart to pure dos and type scanreg /restore]/b] and hit enter. (note the space between the g and the /.) Then using the arrow keys choose a copy dated the day before the problem and hit enter. Note: choose a copy that's recent like one dated a day or two before the problem. Don't choose a copy that's weeks or months old if there's one listed there. Make sure of the date before restoring it. And if you've installed any programs after the date you choose then you may need to reinstall them after the restore since you'll lose the registry entries for them if there were any.

If that doesn't work and you have 95, 98, or ME go below and get Startlog.com and run it. It'll create 2 text files on your desktop. Copy and paste the results of just Startlog (not the stubpaths file) to your reply here. It might give us a clue.

 
Upvote 0 Downvote
Oops, the bold got messed up there. Just to clarify, the registry restore command is scanreg /restore. If you have Windows ME you could run it from start--run or start the pc using an ME startup disk and choose minimal boot from the options to get a dos prompt.
 
Upvote 0 Downvote
This is the results of the regestry on startlog1. HKLM Run - Registry

[RegPath]
"StartUp"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="c:\\windows\\scanregw.exe /autorun"
"TaskMonitor"="c:\\windows\\taskmon.exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"SystemTray"="SysTray.Exe"
"EM_EXEC"="c:\\mouse\\system\\em_exec.exe"
"CPQEASYACC"="C:\\Program Files\\Compaq\\Easy Access Button Support\\cpqeadm.exe"
"EACLEAN"="C:\\Program Files\\Compaq\\Easy Access Button Support\\eaclean.exe"
"Service Connection"="c:\\cpqs\\bwtools\\sccenter.exe"
"AvconsoleEXE"="C:\\Program Files\\Network Associates\\McAfee VirusScan\\avconsol.exe /minimize"
"VsecomrEXE"="C:\\Program Files\\Network Associates\\McAfee VirusScan\\VSECOMR.EXE"
"Vshwin32EXE"="C:\\PROGRAM FILES\\NETWORK ASSOCIATES\\MCAFEE VIRUSSCAN\\VSHWIN32.EXE"
"VsStatEXE"="C:\\Program Files\\Network Associates\\McAfee VirusScan\\VSSTAT.EXE /SHOWWARNING"
"MotiveMonitor"="C:\\Program Files\\Motive\\MotiveAssistant\\motmon.exe"
"CompaqPrinTray"="PrinTray.exe"
"CIJ3P2PSERVER"="CIJ3P2PS.EXE"
"StillImageMonitor"="C:\\WINDOWS\\SYSTEM\\STIMON.EXE"
"PP5300usb"="C:\\PROGRA~1\\VISION~1\\PAPERP~1\\FBDirect.exe"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"McAfeeWebScanX"="C:\\PROGRAM FILES\\NETWORK ASSOCIATES\\MCAFEE VIRUSSCAN\\WebScanX.Exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"


I also have looked in HKEY_LOCALMACHINE\software\microsoft\internet explorer\extentions and there is a file folder named
FFFFFFFF-ABBB-FFFF-FFFF-FFFFFFFFFFFF
within this file there are two files that look like this

MenuStatusBar ?????? ??????? ??????
MenuText ?????? ??????? ??????

Could these be my problem?



 
Upvote 0 Downvote
Clean out the Downloaded Program Files directory and if it's IE 6 go to the Advanced Tab in Options and uncheck the box labeled Enable 3rd party browser extensions.
 
Upvote 0 Downvote
gargoullie
I do not have a tab for 3rd party browser extentions.
 
Upvote 0 Downvote
With the key highlighted on the left side of the page...go to the menu at the top and choose Export...and save the key where you can find it easily, with a name you'll recognize then delete the key.
IF it turns out to NOT be the culprit...all you have to do to restore it is find the file and double click it and it'll merge back into the registry.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Google search results look different in Firefox as of today
Replies
3
Views
221
goombawaho
goombawaho
melmitts
  • Locked
  • Question
Internet Explorer Search Error
Replies
14
Views
287
ChrisHirst
ChrisHirst
Peppper
  • Locked
  • Question
Default Tab Search Results - removal?
Replies
5
Views
137
lindamartin
lindamartin
alexvidakovic
  • Locked
  • Question
help me to get rid of the ask search toolbar
Replies
1
Views
137
JustinEzequiel
JustinEzequiel
JordanWitthoft
  • Locked
  • Question
Google search still points at our website for business that was sold
Replies
6
Views
195
Sympology
Sympology

Part and Inventory Search

Sponsor

Back
Top