My anti-virus program detected and cleaned two trojan
horses today. Now, each time I start Windows I receive
about half a dozen error messages from Spyware Guard
reporting an attempt to "hijack" Internet Explorer by
changing my home page, default search page, etc. I have to
restore my defaults manually every time I boot -- what a
pain! I have removed the hijacking URL from my registry,
using Spyware Guard. But it re-appears the next time I
boot. I have also removed the URL by manually editing the
registry -- with the same result.

Since this occurred shortly after I booted this morning
and began browsing the web with IE, I displayed all hidden
files in Explorer and deleted everything that I didn't
recognize with today's file date. I also removed
everything from my startup directory on the Start Menu.
Finally, I re-installed IE from my Windows XP Pro CD-ROM
and installed the latest update from the MS web site. But
NOTHING has remedied this situation.

I suspect that a file or script (or, more likely now, a
setting in an existing program or service) is changing
these settings every time I boot. They appear to be added
to my registry on startup. I am trying to determine where
the culprit may be and how to disable or remove it. Any
ideas?

One thing I'd like to try is to log everything that
happens when I boot to Windows. The online help says this
is possible, but it doesn't give you a clue as to how to
do it. I have looked through every Control Panel setting
and I can't find anything that does this.

I have been going crazy for the last 3 hours trying to find something on the internet that can tell me how to fix the annoying problem I have with my home page changing on me, even after I reset the home page and reboot!! Imagine how excited I was to see that you are experiencing the same....sorry, not glad you are but rather that I am not alone in this one! I would love to know how to fix this problem as well.

----- ejr wrote: -----

My anti-virus program detected and cleaned two trojan
horses today. Now, each time I start Windows I receive
about half a dozen error messages from Spyware Guard
reporting an attempt to "hijack" Internet Explorer by
changing my home page, default search page, etc. I have to
restore my defaults manually every time I boot -- what a
pain! I have removed the hijacking URL from my registry,
using Spyware Guard. But it re-appears the next time I
boot. I have also removed the URL by manually editing the
registry -- with the same result.

Since this occurred shortly after I booted this morning
and began browsing the web with IE, I displayed all hidden
files in Explorer and deleted everything that I didn't
recognize with today's file date. I also removed
everything from my startup directory on the Start Menu.
Finally, I re-installed IE from my Windows XP Pro CD-ROM
and installed the latest update from the MS web site. But
NOTHING has remedied this situation.

I suspect that a file or script (or, more likely now, a
setting in an existing program or service) is changing
these settings every time I boot. They appear to be added
to my registry on startup. I am trying to determine where
the culprit may be and how to disable or remove it. Any
ideas?

One thing I'd like to try is to log everything that
happens when I boot to Windows. The online help says this
is possible, but it doesn't give you a clue as to how to
do it. I have looked through every Control Panel setting
and I can't find anything that does this.

I have been having the same problem, with similar tries at fixes, with the same apparent results

I think this is an invasion of my privacy and everyone else's who innocently surf the web! I wish the stupid Congress would get off its duff and get the indepedent agencies of the US Government (FCC, FTC, or some other agency) to do something about it (and I never thought I would ever say I wanted the government to get involved in policing the Internet!!!). Or maybe this could be considered a criminal act, and the FBI could become involved

It's a double-edged sword: this kind of nonsense makes you want to stop accessing the Internet for any reason, but so many services and work-related functions rely on it, that you can't. I wish I had the know-how to be able to send a Trojan Horse back to the senders of these objects, that would destroy their environments whenever they sent out something like this.

I have found an application that will fix this problem if
it was caused by the same worm that caused mine. It's
called CW Shredder and you can find it at
http://forums.spywareinfo.com/

After you get it off your system, you need to take ALL the
steps listed to prevent re-infection -- including
completely removing MS Virtual Java Machine (use Sun's
instead, via the provided link). MS Win XP service pack 1
and subsequent hot fixes apparently do not work once you
have been infected. (At least this appears to be the case
on my system.)

If all else fails, try this web site & forum for some
other ideas: http://computing.net/forums/ and search
for "browser hijack".

My antivirus program (AVG Free version) missed it.
Actually, it detetected 2 other worms that it said it
removed. (So either it triggered a false positive or I was
slammed with three of these types of programs at the same
time.) Spyware Guard detected it and allowed me to restore
the original URLs for my home and search pages -- but it
never removed the virus, which simply changed them back
every time I rebooted.



>-----Original Message-----
>I have been having the same problem, with similar tries
at fixes, with the same apparent results.
>
>I think this is an invasion of my privacy and everyone
else's who innocently surf the web! I wish the stupid
Congress would get off its duff and get the indepedent
agencies of the US Government (FCC, FTC, or some other
agency) to do something about it (and I never thought I
would ever say I wanted the government to get involved in
policing the Internet!!!). Or maybe this could be
considered a criminal act, and the FBI could become
involved.
>
>It's a double-edged sword: this kind of nonsense makes
you want to stop accessing the Internet for any reason,
but so many services and work-related functions rely on
it, that you can't. I wish I had the know-how to be able
to send a Trojan Horse back to the senders of these
objects, that would destroy their environments whenever
they sent out something like this.
>.
>

I too am having this problem. Please let me know if you
hear anything.
>-----Original Message-----
>My anti-virus program detected and cleaned two trojan
>horses today. Now, each time I start Windows I receive
>about half a dozen error messages from Spyware Guard
>reporting an attempt to "hijack" Internet Explorer by
>changing my home page, default search page, etc. I have
to
>restore my defaults manually every time I boot -- what a
>pain! I have removed the hijacking URL from my registry,
>using Spyware Guard. But it re-appears the next time I
>boot. I have also removed the URL by manually editing the
>registry -- with the same result.
>
>Since this occurred shortly after I booted this morning
>and began browsing the web with IE, I displayed all
hidden
>files in Explorer and deleted everything that I didn't
>recognize with today's file date. I also removed
>everything from my startup directory on the Start Menu.
>Finally, I re-installed IE from my Windows XP Pro CD-ROM
>and installed the latest update from the MS web site. But
>NOTHING has remedied this situation.
>
>I suspect that a file or script (or, more likely now, a
>setting in an existing program or service) is changing
>these settings every time I boot. They appear to be added
>to my registry on startup. I am trying to determine where
>the culprit may be and how to disable or remove it. Any
>ideas?
>
>One thing I'd like to try is to log everything that
>happens when I boot to Windows. The online help says this
>is possible, but it doesn't give you a clue as to how to
>do it. I have looked through every Control Panel setting
>and I can't find anything that does this.
>.
>