Problem with - Possible browser highJack-

I have run the scan it detects a possible browser High
jack, and selected to be removed, and it tells me it has
been removed. But is still there after i run the scan
again. I t never gets rid of it.

How can this be fix?

Best recommendation then would be to restart in safe mode and do a deep
scan. On the Scan Page choose Scan Options > Full System Scan. Do this at
least two times until detects something. Also, before you restart in safe
mode, disable System Restore, some trojans and spyware programs are likely
to restore themselves with system snap shots:

Right click My Computer > Properties > System Restore, check the "Disable
System Restore" check box and restart in safe mode.

Restart in safe mode instructions:
www.microsoft.com/resources/documentation/
windows/xp/all/proddocs/en-us/boot_failsafe.mspx

Remember, this is still beta and cannot be judged as a finished shipping
product.

--

Andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"enriqueskater@hotmail.com" <anonymous@discussions.microsoft.com> wrote in
message news:020001c53347$74c96f20$a501280a@phx.gbl...
>I have run the scan it detects a possible browser High
> jack, and selected to be removed, and it tells me it has
> been removed. But is still there after i run the scan
> again. I t never gets rid of it.
>
> How can this be fix?

Andre; I tried running the deep scan twice in safe mode
with restore turned off. Anti-spyware caught the
hijacker on the first try in the registry and removed
it. Second time through the scan, Anti-spyware found no
threats. I restarted in normal mode and the about:blank
is back (restore is still turned off). This hijacker
sends me to a bunch of links for nyam-nyam.biz, which, of
course, I do not want. I get kicked into a search using
http://huyavrot.biz/search when I do not want it. Also,
this spyware uses nihuyandex.biz to hijack legitimate
search engines including microsoft MSN. Interestingly,
the AOL search engine is not compromised. Any ideas?
Where can I look for this nasty bug? I would appreciate
any help you can give. John

Go to Tools > and send in a Suspect SpyReport. In the mean time try this
program:
http://www.ccleaner.com/

--

Andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"John Feick" <feickjw@cs.com> wrote in message
news:016201c533d1$a3e989e0$a601280a@phx.gbl...
> Andre; I tried running the deep scan twice in safe mode
> with restore turned off. Anti-spyware caught the
> hijacker on the first try in the registry and removed
> it. Second time through the scan, Anti-spyware found no
> threats. I restarted in normal mode and the about:blank
> is back (restore is still turned off). This hijacker
> sends me to a bunch of links for nyam-nyam.biz, which, of
> course, I do not want. I get kicked into a search using
> http://huyavrot.biz/search when I do not want it. Also,
> this spyware uses nihuyandex.biz to hijack legitimate
> search engines including microsoft MSN. Interestingly,
> the AOL search engine is not compromised. Any ideas?
> Where can I look for this nasty bug? I would appreciate
> any help you can give. John

Please go to advanced tools and select browser restore.
Many times people are not using the advanced tools for browser hijacks. Let
us know if this is not working so we can address it.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
"John Feick" <feickjw@cs.com> wrote in message
news:016201c533d1$a3e989e0$a601280a@phx.gbl...
> Andre; I tried running the deep scan twice in safe mode
> with restore turned off. Anti-spyware caught the
> hijacker on the first try in the registry and removed
> it. Second time through the scan, Anti-spyware found no
> threats. I restarted in normal mode and the about:blank
> is back (restore is still turned off). This hijacker
> sends me to a bunch of links for nyam-nyam.biz, which, of
> course, I do not want. I get kicked into a search using
> http://huyavrot.biz/search when I do not want it. Also,
> this spyware uses nihuyandex.biz to hijack legitimate
> search engines including microsoft MSN. Interestingly,
> the AOL search engine is not compromised. Any ideas?
> Where can I look for this nasty bug? I would appreciate
> any help you can give. John

John Feick wrote:
> Andre; I tried running the deep scan twice in safe mode
> with restore turned off. Anti-spyware caught the
> hijacker on the first try in the registry and removed
> it. Second time through the scan, Anti-spyware found no
> threats. I restarted in normal mode and the about:blank
> is back (restore is still turned off). This hijacker
> sends me to a bunch of links for nyam-nyam.biz, which, of
> course, I do not want. I get kicked into a search using
> http://huyavrot.biz/search when I do not want it. Also,
> this spyware uses nihuyandex.biz to hijack legitimate
> search engines including microsoft MSN. Interestingly,
> the AOL search engine is not compromised. Any ideas?
> Where can I look for this nasty bug? I would appreciate
> any help you can give. John

Hi

- Send a suspected spywarereport about this to MS, menu tools

Then try this:

http://www.besttechie.net/forums/in...?showtopic=1488

Then go to Aumha for real HijackThis help if above doesnt work.

http://www.aumha.org/a/quickfix.htm

--
plun

Steve, Thanks for the suggestion. When I use browser
restore it shows me that the hijacker has changed Start
Page and Start Page (all users). Browser restore
reporets that all 22 settings have been restored to the
IE defaults. The first time that I use IE, the homepage
is MSN. The next time I open IE, the start page has been
changed back to about:blank. AntiSpy Deep Scan finds the
registry setting that has been hijacked, but it does not
seem to find the dll that is doing the damage. Any more
ideas you have would be appreciated. thanks, john
>-----Original Message-----
>Please go to advanced tools and select browser restore.
>Many times people are not using the advanced tools for
browser hijacks. Let
>us know if this is not working so we can address it.
>
>--
>-steve
>
>Steve Dodson [MSFT]
>MCSE, CISSP
>PSS Security
>
>--
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>Use of included script samples are subject to the terms
specified at
>http://www.microsoft.com/info/cpyright.htm
>
>Note: For the benefit of the community-at-large, all
responses to this
>message are best directed to the newsgroup/thread from
which they
>originated.
>"John Feick" <feickjw@cs.com> wrote in message
>news:016201c533d1$a3e989e0$a601280a@phx.gbl...
>> Andre; I tried running the deep scan twice in safe mode
>> with restore turned off. Anti-spyware caught the
>> hijacker on the first try in the registry and removed
>> it. Second time through the scan, Anti-spyware found
no
>> threats. I restarted in normal mode and the
about:blank
>> is back (restore is still turned off). This hijacker
>> sends me to a bunch of links for nyam-nyam.biz, which,
of
>> course, I do not want. I get kicked into a search
using
>> http://huyavrot.biz/search when I do not want it.
Also,
>> this spyware uses nihuyandex.biz to hijack legitimate
>> search engines including microsoft MSN. Interestingly,
>> the AOL search engine is not compromised. Any ideas?
>> Where can I look for this nasty bug? I would appreciate
>> any help you can give. John
>
>
>.
>

Andre, Thanks for your ideas. I downloaded and ran
ccleaner. It did clean up a bunch of stuff on my dard
drive. Unfortunately, this hijacker was not one of the
things that it found. I have tried several times to send
in a SpyReport with no luck. I get a message that says
An error occurred submitting the scan results. Please
check your Internet Proxy settings and try again. Since
I do not use a proxy server (I use CompuServe dialup), I
do not know what settings to change. Thanks for your
time. Any suggestions would be appreciated. john

>-----Original Message-----
>Go to Tools > and send in a Suspect SpyReport. In the
mean time try this
>program:
>http://www.ccleaner.com/
>
>--
>
>Andre
>http://spaces.msn.com/members/adacosta
>FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
>
>"John Feick" <feickjw@cs.com> wrote in message
>news:016201c533d1$a3e989e0$a601280a@phx.gbl...
>> Andre; I tried running the deep scan twice in safe mode
>> with restore turned off. Anti-spyware caught the
>> hijacker on the first try in the registry and removed
>> it. Second time through the scan, Anti-spyware found
no
>> threats. I restarted in normal mode and the
about:blank
>> is back (restore is still turned off). This hijacker
>> sends me to a bunch of links for nyam-nyam.biz, which,
of
>> course, I do not want. I get kicked into a search
using
>> http://huyavrot.biz/search when I do not want it.
Also,
>> this spyware uses nihuyandex.biz to hijack legitimate
>> search engines including microsoft MSN. Interestingly,
>> the AOL search engine is not compromised. Any ideas?
>> Where can I look for this nasty bug? I would appreciate
>> any help you can give. John
>
>
>.
>

John wrote:
> Steve, Thanks for the suggestion. When I use browser
> restore it shows me that the hijacker has changed Start
> Page and Start Page (all users). Browser restore
> reporets that all 22 settings have been restored to the
> IE defaults. The first time that I use IE, the homepage
> is MSN. The next time I open IE, the start page has been
> changed back to about:blank. AntiSpy Deep Scan finds the
> registry setting that has been hijacked, but it does not
> seem to find the dll that is doing the damage. Any more
> ideas you have would be appreciated. thanks, john

Try about:Buster

http://www.besttechie.net/forums/in...?showtopic=1488

Please report back if it works.


--
plun

>-----Original Message-----
>John Feick wrote:
>> Andre; I tried running the deep scan twice in safe
mode
>> with restore turned off. Anti-spyware caught the
>> hijacker on the first try in the registry and removed
>> it. Second time through the scan, Anti-spyware found
no
>> threats. I restarted in normal mode and the
about:blank
>> is back (restore is still turned off). This hijacker
>> sends me to a bunch of links for nyam-nyam.biz, which,
of
>> course, I do not want. I get kicked into a search
using
>> http://huyavrot.biz/search when I do not want it.
Also,
>> this spyware uses nihuyandex.biz to hijack legitimate
>> search engines including microsoft MSN.
Interestingly,
>> the AOL search engine is not compromised. Any ideas?
>> Where can I look for this nasty bug? I would
appreciate
>> any help you can give. John
>
>Hi
>
>- Send a suspected spywarereport about this to MS, menu
tools
>
>Then try this:
>
>http://www.besttechie.net/forums/in...?showtopic=1488
>
>Then go to Aumha for real HijackThis help if above
doesnt work.
>
>http://www.aumha.org/a/quickfix.htm
>
>--
>plun
>.
>Plun; Thanks for the ideas. I tried besttechie and
downloded and ran the software. It seemed to find the
about:blank registry and changed it to google for me.
AntiSpy followed the changes and reported them to me as
expected and allowed me to decide if I wanted the google
change, which I accepted. Unfoutunately, after the first
run of IE, the about:blank was back in the registry. I
used AntiSpy advanced tools to change the settings to the
IE default, and it seemed to work. The next time I used
IE, though, the problem was back. I then downloaded
and ran cwshredder. As soon as I started running
cwshredder, my machine crashed. I got the 'Your system
has just recovered from a serious error' message, went on
line, and sent in the resulting error report to MS. The
MS Online Crash Analysis page told me that I had a device
driver failure; but, it could not tell me which device
had failed. My passport name is the same as my email, so
you are welcome to check it if you think it will do any
good. I am now a little reluctant to run anything else
from aumha.org. Any suggestions would be appreciated.
Thanks for your time, john