Hi,

Can someone explain this to me if I just open IE 6 using
a blank start page it creates this data miner that Lava
soft Adware program has decided that this is no good to
have on my computer seems to me that that IE 6 program
itself is creating this data miner.

Here is the text that Adware says about the item it found

Vendor:Possible Browser Hijack attempt
Categoryata Miner
Object Type:RegData
Size:12 Bytes
Location:...\Software\Microsoft\Internet
Explorer\Main "Start Page" ("about:blank")
Last Activity:8-25-2004
Risk Level:Moderate
TAC index:3
Comment:Possible Browser Hijack attempt
Description:Possible attempt to control/redirect the
browser. This object referrs to a "blacklisted" site. If
the site listed is the site intended (in other words, it
is set to the setting you wish it to be set to), add this
listing to your ignorelist. If not, then selecting this
item will reset your browser to the default setting for
this item.

Thanks

This may be caused by spyware/malware that's gotten installed on
your system. Use Ad-Aware and/or Spybot Search & Destroy to remove it.

Ad-Aware: http://www.lavasoftusa.com/ (but I see you've already tried this
one)
Spybot: http://security.kolla.de/
Good sites on how to install and use Spybot -
http://www.net-integration.net/reviews/spybot1.html
http://tomcoyote.com/SPYBOT/index1.php

More information here:
http://www.spywareinfo.com/
http://www.mvps.org/inetexplorer/Darnit.htm
http://www.doxdesk.com/parasite/ - runs a little script when loading page to
check for common parasites

If no joy, in IE go to Tools...Internet Options...Advanced tab, Browsing
section, uncheck "Enable third-party browser extensions", click Apply, click
Okay, reboot. If that solves your problem, then more troubleshooting is
needed to find out exactly which program, or Browser Helper Object (BHO) is
causing this problem. You don't want to leave it at that, as some BHOs are
useful or necessary - like Adobe Acrobat for reading .pdf files or an
essential component of Norton AV. Get BHODemon -
http://www.definitivesolutions.com/bhodemon.htm - read all about BHOs.
Disable all items, and then gradually replace one or two at a time to narrow
down the culprit.

If all the above fails, then the problem could be something new that the
spyware cleaners above don't have in their databases yet. In that case....
HijackThis direct download:
http://209.133.47.200/~merijn/files/HijackThis.exe
Tutorial on how to use HijackThis:
http://www.spywareinfo.com/~merijn/htlogtutorial.html
Then post it's output log to the forum here for analysis and feedback by the
parasite experts:
http://www.spywareinfo.com/forums/
Or the other HijackThis Logs forums listed here:
http://www.spywareinfo.com/~merijn/forums.html

Or try this program to get some of the most nasty malware:
CWShredder direct download:
http://aumha.org/downloads/cwshredder.zip

An alternate resource for all of this and more:
http://www.aumha.org/secure.htm


--

Jon R. Kennedy
Charlotte, NC, USA
(E-Mail Removed)

"Bufurd" <(E-Mail Removed)> wrote in message
news:017001c48ade$f9979450$(E-Mail Removed)...
> Hi,
>
> Can someone explain this to me if I just open IE 6 using
> a blank start page it creates this data miner that Lava
> soft Adware program has decided that this is no good to
> have on my computer seems to me that that IE 6 program
> itself is creating this data miner.
>
> Here is the text that Adware says about the item it found
>
> Vendor:Possible Browser Hijack attempt
> Categoryata Miner
> Object Type:RegData
> Size:12 Bytes
> Location:...\Software\Microsoft\Internet
> Explorer\Main "Start Page" ("about:blank")
> Last Activity:8-25-2004
> Risk Level:Moderate
> TAC index:3
> Comment:Possible Browser Hijack attempt
> Description:Possible attempt to control/redirect the
> browser. This object referrs to a "blacklisted" site. If
> the site listed is the site intended (in other words, it
> is set to the setting you wish it to be set to), add this
> listing to your ignorelist. If not, then selecting this
> item will reset your browser to the default setting for
> this item.
>
> Thanks

Thats how I know its there have AD-Ware SE and every time
I open IE it makes this file that AD-Ware has removed
several times and when I use ad watch part of AD-Ware it
dectects it and blocks as soon I open IE.

>-----Original Message-----
>This may be caused by spyware/malware that's gotten
installed on
>your system. Use Ad-Aware and/or Spybot Search &
Destroy to remove it.
>
>Ad-Aware: http://www.lavasoftusa.com/ (but I see you've
already tried this
>one)
>Spybot: http://security.kolla.de/
>Good sites on how to install and use Spybot -
>http://www.net-integration.net/reviews/spybot1.html
>http://tomcoyote.com/SPYBOT/index1.php
>
>More information here:
>http://www.spywareinfo.com/
>http://www.mvps.org/inetexplorer/Darnit.htm
>http://www.doxdesk.com/parasite/ - runs a little script
when loading page to
>check for common parasites
>
>If no joy, in IE go to Tools...Internet
Options...Advanced tab, Browsing
>section, uncheck "Enable third-party browser
extensions", click Apply, click
>Okay, reboot. If that solves your problem, then more
troubleshooting is
>needed to find out exactly which program, or Browser
Helper Object (BHO) is
>causing this problem. You don't want to leave it at
that, as some BHOs are
>useful or necessary - like Adobe Acrobat for
reading .pdf files or an
>essential component of Norton AV. Get BHODemon -
>http://www.definitivesolutions.com/bhodemon.htm - read
all about BHOs.
>Disable all items, and then gradually replace one or two
at a time to narrow
>down the culprit.
>
>If all the above fails, then the problem could be
something new that the
>spyware cleaners above don't have in their databases
yet. In that case....
>HijackThis direct download:
>http://209.133.47.200/~merijn/files/HijackThis.exe
>Tutorial on how to use HijackThis:
>http://www.spywareinfo.com/~merijn/htlogtutorial.html
>Then post it's output log to the forum here for analysis
and feedback by the
>parasite experts:
>http://www.spywareinfo.com/forums/
>Or the other HijackThis Logs forums listed here:
>http://www.spywareinfo.com/~merijn/forums.html
>
>Or try this program to get some of the most nasty
malware:
>CWShredder direct download:
>http://aumha.org/downloads/cwshredder.zip
>
>An alternate resource for all of this and more:
>http://www.aumha.org/secure.htm
>
>
>--
>
>Jon R. Kennedy
>Charlotte, NC, USA
>(E-Mail Removed)
>
>"Bufurd" <(E-Mail Removed)> wrote in
message
>news:017001c48ade$f9979450$(E-Mail Removed)...
>> Hi,
>>
>> Can someone explain this to me if I just open IE 6
using
>> a blank start page it creates this data miner that Lava
>> soft Adware program has decided that this is no good to
>> have on my computer seems to me that that IE 6 program
>> itself is creating this data miner.
>>
>> Here is the text that Adware says about the item it
found
>>
>> Vendor:Possible Browser Hijack attempt
>> Categoryata Miner
>> Object Type:RegData
>> Size:12 Bytes
>> Location:...\Software\Microsoft\Internet
>> Explorer\Main "Start Page" ("about:blank")
>> Last Activity:8-25-2004
>> Risk Level:Moderate
>> TAC index:3
>> Comment:Possible Browser Hijack attempt
>> Description:Possible attempt to control/redirect the
>> browser. This object referrs to a "blacklisted" site.
If
>> the site listed is the site intended (in other words,
it
>> is set to the setting you wish it to be set to), add
this
>> listing to your ignorelist. If not, then selecting
this
>> item will reset your browser to the default setting for
>> this item.
>>
>> Thanks
>
>.
>

This from: http://www.webopedia.com/TERM/D/data_miner.html

data miner
Last modified: Monday, March 29, 2004

(n.) A software application that monitors and/or analyzes the activities of
a computer, and subsequently its user, of the purpose of collecting
information that typically will be used for marketing purposes. The two most
common forms of data miners are data mining programs that an organization
uses to analyze its own data to look for significant patterns, and spyware
programs that are uploaded to a user's computer to monitor the user's
activity and send the data back to the organization, typically so that the
organization can send the user targeted advertising.

--
~john aka: jopa

Use the links in the enclosed article to rid your machine of Malware. I
suggest you start with the CWShredder.


--
WARNING: If your PC is already infested with spyware/adware, resist the
temptation to impulse buying of anti-spyware products that you see on the
Net or receive as e-mail Spam. Vendors of "rogue/suspect" anti-spyware
products advertise heavily via Google's "AdWords" ("Sponsored Links" on
Google's own search pages) and "AdSense" (Google-driven advertising
delivered to third-party web sites)," otherwise known as "Sponsored Links."
And many are known to create problems or your machine just to try and sell
you the way to "fix" it. There are a variety of anti-spyware products and
web sites -- some reliable and trustworthy, some not.

Instead, you can get help online from a corps of savvy volunteers who
specialize in busting spyware.

First:
I suggest you start by going here:
http://forums.spywareinfo.com/index.....com/index.php
OR
http://www.spywarewarrior.com/

The folks at these forums have a lot of experience in dealing with
Hijackers/Spyware/Malware. There is no charge for the help and information
available although donations are accepted. Be sure to read the guidelines,
and following their instructions you will download a little program called
HijackThis. Its purpose is simply to scan your computer and generate a log
of everything that is running at that moment. It does not decide what is
Good or Bad. That's what the experts at the forums will do. So *DO NOT* just
arbitrarily start deleting what it finds.

Next:
Set up a user account and post your LOG there, not here. Someone will
analyze it and let you know if anything is amuck and what you can do to fix
it. In the event the site is down -- DDOS attack, whatever, go here for a
list of other Security Analysis sites and/or forums: http://a-sap.org/

Check your browser settings here:
http://www.jasons-toolbox.com/BrowserSecurity/
A series of "tests" (and suggested fixes) to help tweak IE's settings to
help prevent infections when surfing the web.


***Always follow safe Internet practices:***

1. Keep your virus definitions up to date, and scan your system regularly.

2. Keep your anti-spyware up to date, and scan your system regularly.

3. Don't open email, or download attachments from unrecognized email
addresses.

4. Be careful when downloading email attachments, EVEN FROM PEOPLE YOU KNOW!
Many viruses, worms, and trojans infect a person's system then immediately
spread themselves to the people in the infected person's address book via
email attachments.

5. Be careful downloading files from the Internet. Scan all downloaded files
with a reliable UP-TO-DATE antivirus program. Scan "zip" files BEFORE
unzipping, and scan all unzipped files BEFORE USING THEM.

6. Keep your Windows and IE current with all the latest patches and updates.

7. USE A FIREWALL.


Scumware Removal & Protection Tools:

BEWARE of Rogue/Suspect Anti-Spyware Products & Web Sites
One surprising and depressing aspect of the anti-spyware scene is the sheer
number of applications that are mere rip-offs of Spybot Search & Destroy or
Ad-Aware (two of the most recognized and trusted anti-spyware apps on the
Net). Proof of this can be found here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
http://www.spywarewarrior.com/family_resemblances.htm
but, the following list contains a number of (mostly) FREE programs that can
be used to eliminate immediate threats as well as secure your system.


CWShredder (FREE)
Removes all variations of the spyware/hijacker ""CoolWebSearch".
This is the first line of defense whenever you suspect possible parasite
infestation. Some current variations of CoolWebSearch block Ad-Aware and
Spybot from catching everything.
http://aumha.org/downloads/cwshredder.zip
http://majorgeeks.com/download4086.html

There is a new, really ugly variant of CoolWebSearch. Infected machines will
close every browser window visiting many anti-spyware sites. Possibly
anti-virus sites or even Windows Update. It will even close Spybot S&D and
some other anti-spyware applications when you try to use them. To eliminate
this threat, use CWS.SmartKiller Removal Utility:
http://www.safer-networking.org/minifiles.html
http://majorgeeks.com/download4113.html

Spybot FREE
Removes hijackers, spyware, adware, usage tracks and more. Resident
""TeaTimer"" feature monitors crucial processes on your machine. It
immediately detects known malicious processes wanting to start and
terminates them. In addition, TeaTimer detects, when something wants to
change some critical registry keys. It can protect you against such changes
giving you an option to "Allow" or "Deny" the change.
http://www.safer-networking.org/en/index.html
http://majorgeeks.com/download2471.html

Ad-Aware (FREE) & Pro
Protects against Data-mining, Ad-Ware, Parasites, Scumware, selected
Trojans, Dialers, Malware, Browser hijackers, and tracking components.
http://www.lavasoftusa.com/software/adaware/
http://majorgeeks.com/download506.html

HijackThis (FREE)
As mentioned above -- USE WITH CAUTION -- Just scan your machine, then save
& post the log to: Spywareinfo
http://majorgeeks.com/download3155.html
Tutorial and download:
http://www.tomcoyote.org/hjt/

SpywareBlaster 3.2 (FREE)
Prevent spyware from installing in the first place! Prevent the installation
of ActiveX-based spyware, adware, browser hijackers, dialers, and other
potentially unwanted pests. Block spyware/tracking cookies in Internet
Explorer and Mozilla/Firefox
http://www.javacoolsoftware.com/spywareblaster.html
http://majorgeeks.com/download2859.html


If you need a good (FREE) antivirus:

AVG
http://free.grisoft.com/freeweb.php

AVAST
http://www.avast.com/eng/avast_4_home.html


Online Virus Scanner:

Trendmicro
http://housecall.trendmicro.com/

Panda
http://www.pandasoftware.com/activescan/


This may sound like a lot of work and it is. But, if you follow this
outline, you'll learn a whole lot in the process and have a much more secure
computer.

--
~john aka: jopa


"Bufurd" <(E-Mail Removed)> wrote in message
news:017001c48ade$f9979450$(E-Mail Removed)...
> Hi,
>
> Can someone explain this to me if I just open IE 6 using
> a blank start page it creates this data miner that Lava
> soft Adware program has decided that this is no good to
> have on my computer seems to me that that IE 6 program
> itself is creating this data miner.
>
> Here is the text that Adware says about the item it found
>
> Vendor:Possible Browser Hijack attempt
> Categoryata Miner
> Object Type:RegData
> Size:12 Bytes
> Location:...\Software\Microsoft\Internet
> Explorer\Main "Start Page" ("about:blank")
> Last Activity:8-25-2004
> Risk Level:Moderate
> TAC index:3
> Comment:Possible Browser Hijack attempt
> Description:Possible attempt to control/redirect the
> browser. This object referrs to a "blacklisted" site. If
> the site listed is the site intended (in other words, it
> is set to the setting you wish it to be set to), add this
> listing to your ignorelist. If not, then selecting this
> item will reset your browser to the default setting for
> this item.
>
> Thanks

On Wed, 25 Aug 2004 13:06:14 -0700, "Bufurd"
<(E-Mail Removed)>
mysteriously appeared thru the usenet mist to inform us thus...

>Hi,
>
> Can someone explain this to me if I just open IE 6 using
>a blank start page it creates this data miner that Lava
>soft Adware program has decided that this is no good to
>have on my computer seems to me that that IE 6 program
>itself is creating this data miner.
>
>Here is the text that Adware says about the item it found
>
>Vendor:Possible Browser Hijack attempt
>Categoryata Miner
>Object Type:RegData
>Size:12 Bytes
>Location:...\Software\Microsoft\Internet
>Explorer\Main "Start Page" ("about:blank")
>Last Activity:8-25-2004
>Risk Level:Moderate
>TAC index:3
>Comment:Possible Browser Hijack attempt
>Description:Possible attempt to control/redirect the
>browser. This object referrs to a "blacklisted" site. If
>the site listed is the site intended (in other words, it
>is set to the setting you wish it to be set to), add this
>listing to your ignorelist. If not, then selecting this
>item will reset your browser to the default setting for
>this item.

I've noticed exactly the same issue as I have my default home page
in IE v6 set to "about:blank" in Tools/Options. However, I believe
AdAware picks it up as a data miner intrusion because it checks for
any change from the standard IE settings. IOW it's a minor problem
with A/A, not IE.
My 2 cents worth and I may be wrong...