Daniel Anom said:
i-lookup.com has taken over my home page address. Every time I change it and
restart IE, it comes right back in IE address window.
It has also added a toolbar on my desktop (i-lookup.com Bar). Can someone
please tell me how I can get rid of it for good?
Thanks'
From a Jim Byrd, MS-MVP novel
Start here:
http://www.doxdesk.com/parasite/ILookup.html
Then, if you go to this page at Jim Eshelman's site, here:
http://aumha.org/a/noads.htm and wait a little bit (be
patient), an
analysis of a number of possible parasites on your machine
will be made
to help you identify and remove them. NOTE: You will
need to disable
Ad Blocking in Zone Alarm 3.x, if present or any other Ad
Blocking
software which interferes with Java Scripting for this
scan to work.
You should get a message between the two lines of ****
giving the
results of the scan.
For the general hijack case, the best way to start is to
get Ad-Aware
6.0, Build 162 or later, here:
http://www.lavasoftusa.com/support/download/. Update and
run this
regularly to get rid of most "spyware/hijackware" on your
machine.
Another excellent program for this purpose is SpyBot
Search and Destroy
available here:
http://security.kolla.de/ SpyBot Support
Forum here:
http://www.net-integration.net/cgi-
bin/forums/ikonboard.cgi. I
recommend using both normally. After fixing things with
SpyBot S&D, be
sure to re-boot and rerun SpyBot as many times as is
necessary to get a
"clean" non-red scan.
Note that sometimes you need to make a judgement call
about what these
programs report as spyware. See here, for example:
http://www.imilly.com/alexa.htm
Lastly, a very useful utility for examining your system
and correcting
problems is Hijack This, which you can download here:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
See also,
HijackThis Quick Start Help,
http://www.tomcoyote.org/hjt/
(Recommended)
This site has a number of useful references and
information also:
http://www.spywareinfo.com/articles/hijacked/ and here
http://www.spywareinfo.com/downloads.php
Another program giving a good inventory of all of the
possible start
vectors is AutostartExplorer, here:
http://www.misec.net/aexp.jsp
While it doesn't allow control of startups, it's extremely
comprehensive
in examining all of the possible sources. Highly
Recommended
Next, go here:
http://www.mlin.net/StartupCPL.shtml and
get Mike Lin's
Startup Control Panel applet. A somewhat more difficult
to use but
more extensive program to do the same thing is StartupList
from here:
http://www.lurkhere.com/~nicefiles/index.html, or even
better, Autoruns
from here:
http://www.sysinternals.com/ntw2k/source/misc.shtml#autorun
s. Be very
careful about doing any Registry modifications directly
unless you're
comfortable with this, and be sure that you BACKUP your
Registry before
making any changes, so that you can recover if something
goes wrong.
Changes made with StartUpCPL are less likely to cause
problems, and are
usually a matter of just re-enabling the particular
program. Another
program of this type that I can recommend is StartMan,
free, here:
http://www.spywareinfo.com/downloads/startman/. If you
have problems
with suspected hijackers, you can look up and investigate
suspect
programs in your StartUp lists here:
http://www.pacs-portal.co.uk/startup_pages/startup_full.htm
(Recommended)
http://www.3feetunder.com/krick/startup/list.html
(Recommended)
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
(Recommended)
Some hijackers install themselves as Browser Helper
Objects. Get BHOCop
here: BHO Cop
http://www.pcmag.com/article2/0,4149,270,00.asp
(Unfortunately, no longer free from that link but you can
read about it
there, and here is a direct download link for it:
http://websec.arcady.fr/bhocop.zip) and take a look at
what BHO's are
currently installed. Some things like AdShield and
Acrobat are normal,
but if you see something that doesn't make any sense, try
disabling it
and see if that helps. Another excellent program for this
same purpose
is BHODemon, (still free) here:
http://www.definitivesolutions.com/ or
here:
http://www.spywareinfo.com/downloads/bhod/ I would
recommend
both. You can also check/control BHO's using the Tools
function of
SpyBot S&D.
There's good information about hijacking and fixes
available here:
Andrew Clover's parasite page:
http://www.doxdesk.com/parasite/
(Highly recommended)
Robert Allen's parasite page:
http://allentech.net/parasite/index.phtml
(Highly recommended)
http://www.spywareinfo.com/hijacked.html
http://gmpservicesinc.com/Articles/hijack.asp (links here
for .reg files
to lock and unlock your homepage, BTW. You can also use
this program to
toggle locking/unlocking of your homepage:
http://www.dougknox.com/security/scripts/nosethomepage.vbs
Recommended)
http://www.mvps.org/inetexplorer/answers.htm#home_page
Also, there's a new class of hijacker using Window's
Messenger Service
(not Instant Messaging, BTW). See: Messenger Service
Window That
Contains an Internet Advertisement Appears
http://support.microsoft.com/?id=330904 which identifies
reasons to
keep this service and steps to take if you do. You can
test your system
and follow the 'Prevention' link to get additional
information here:
http://www.mynetwatchman.com/winpopuptester.asp Unless
you have very
good reasons to keep this active, it should be turned off
in Win2k and
XP. Go here and do what it says:
http://www.itc.virginia.edu/desktop/docs/messagepopup/
or, even better,
get MessageSubtract, free, here, which will give you
flexible control of
the service and viewing of these messages:
http://www.intermute.com/messagesubtract/help.html
Recommended.
Once you get this cleaned up, you might want to consider
installing the
Browser Hijack Blaster, SpywareBlaster and SpywareGuard
here to help
prevent this kind of thing from happening in the future:
http://www.wilderssecurity.com/bhblaster.html (Prevents
malware BHO's)
http://www.wilderssecurity.com/spywareblaster.html
(Prevents malware
Active X installs) (BTW, SpyWare Blaster is not memory
resident ... no
CPU or memory load - but keep it updated) The latest
version as of this
writing will prevent installation or prevent the malware
from running if
it is already installed, and it provides information and
fixit-links for
a variety of parasites.
http://www.wilderssecurity.net/spywareguard.html (Monitors
for attempts
to install malware) All three Very Highly Recommended.
See if any of this helps and post back with your results.
