Registry Keys

A

Andrew

Some how every time I run IE the prefix for URL's changes
to 'http://www.nkvd.us/' in the registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\URL\Prefixes

I was wondering if IE runs some sort of start up script
or something that could possibly be changing the values
of the keys each time IE is run. Every time i re-set the
value it gets set again.

Any ideas??

Andrew
 
F

Frank Saunders, MS-MVP

Andrew said:
Some how every time I run IE the prefix for URL's changes
to 'http://www.nkvd.us/' in the registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\URL\Prefixes

I was wondering if IE runs some sort of start up script
or something that could possibly be changing the values
of the keys each time IE is run. Every time i re-set the
value it gets set again.

Any ideas??

Andrew
Click to expand...

First eliminate any scumware.
See
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Note that AdAware and SpyBot S & D will each catch some things the other
won't. Also, each needs to be updated before every use, even when just
downloaded. There's also a lot more to do than just those two programs.
CWShredder is also available here:
http://www.kellys-korner-xp.com/regs_edits/cwshredder.zip
**Post your HijackThis log to
http://forums.spywareinfo.com/ or the Spyware forum at
http://forum.aumha.org/ for expert analysis, not here.**
Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder
may be found on this page:
http://aumha.org/a/parasite.htm.
If trying everything at that site does not fix the problem please post back
in the same thread.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/
 
M

Mike Burgess

Andrew,
"nkvd.us" = Coolwebsearch trojan

How to remove Coolwebsearch and affiliates
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch

Note: this type hijack indicates an unpatched machine, that is lacking
in "Defense". Please visit Windows Update to avoid these exploits.

Note: be *sure* to follow-up with HijackThis
Post back with the URL where you posted if you want help with your log.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 04-09-04]
Please post replies to this Newsgroup, email address is invalid
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

regedit and other executables run in IE 4
homepage settings in win xp registry 5
stupid adware.iefeatsl and adware.winshow 3
need help finding registry keys 11
IE Delays Caused By RE75D9C4 1
Edited registry to remove IE, nothing changes 6
IE6 with Norton Anti-Virus, and Windows Update 1
start | run |regedit opens IE with http:// prefix in address 7

Top