altered registry affecting the URL

[Ashley]

I was trying to remove the damage caused by some malware
that dropped the mtwirl32.dll into the registry, but I
had accidentally changed some other settings within the
registry without fully knowing their effects, so now when
I type a URL without the "http://" part (for example,
just "www.google.com"), the browser can't locate the
website.

Would anyone who knows what I should do please kindly
inform me? I have attached below some of the instructions
I followed during the procedure, although these were not
what caused my current problem, since I made extra
changes to the registry without realizing what each one
did.

I thank you in advance for helping me with this minor but
distressing situation.

Ashley

----------
To register the dropped .DLL components as a Browser
Helper Objects, this malware creates the following
registry entries:

HKEY_CLASSES_ROOT\CLSID\
{3f143c3a-1457- 6cca-03a7-7aa23b61e40f}\InProcServer32
@ = "%System32%\mtwirl32.dll"
ThreadingModel = "Apartment"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Explorer\SharedTaskScheduler
{3f143c3a-1457- 6cca-03a7-7aa23b61e40f} =
"DDE Control Module"

----
c:\windows\system32\mtwirl32.dll
c:\System Volume Information\_restore{C54B8Df7-ad4a-4890-
ba5c-21bc7165c561}\a0078997.dll


Open Registry Editor. To do this, click Start>Run, type
Regedit, then press Enter.
In the left panel, double-click the following:
HKEY_CLASSES_ROOT>CLSID>
{3f143c3a-1457- 6cca-03a7-7aa23b61e40f }>InprocServer32
In the right panel, locate and delete the entry or
entries:
%System32%\mtwirl32.dll
Note: %System32% is C:\WINNT\System32 on Windows NT and
2000, and C:\Windows\System32 on Windows XP.

In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>
CurrentVersion>Explorer>SharedTaskScheduler
In the right panel, locate and delete the entry or
entries:
{3F143C3A-1457-6CCA-03A7-7AA23B61E40F} = "DDE Control
Module"
Close Registry Editor.


Trojan.Bookmarker.C

 

[Ashley]

I just read this post (attached below) and realized it is
a very similar situation, but when I used Regedit I see
the following settings:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersi
on\Explorer\AutoComplete]
"Append Completion"="yes"

"AutoSuggest"="yes"

but I don't see the item "Use AutoComplete" under that
folder..


----------------

Subject: Re: Can't locate URLs starting with www.
From: "Frank Saunders, MS-MVP" <[email protected]>
Sent: 4/15/2004 8:33:34 AM


in message

I am experiencing a few problems with IE. First, I can no longer set
the default home page. When I set it to Google, it changes back to
some spam search engine next time I open IE. Also, my browser can no
longer locate any web page that starts with www. For example, typing
in www.microsoft.com will result in some Find Nav spam search engine.
However, if I type in http://microsoft.com, the MS home page will
open.

I run my anti-virus software (Norton) and come up with nothing. I
have reinstalled IE, even editied the registry bys etting data value
to 0, and nothing changes. I have also run Ad-Aware and removed any
spyware on my machine. I have been forced to resort to using the
free version of Opera, a web browser that I am not too fond of.
Anyone have suggestions!?

Chris

Using Regedit, browse to the following registry key and
make sure the noted
setting is correct:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersi
on\Explorer\AutoComplete]
"Append Completion"="yes"

also see the following values:

"Use AutoComplete"="yes"
"AutoSuggest"="no"

 

[Frank Saunders, MS-MVP]

Left click the AutoComplete subkey.
Right click in the right pane and choose New | String Value.
Give it the name
Use AutoComplete
and the data
yes

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/

I just read this post (attached below) and realized it is
a very similar situation, but when I used Regedit I see
the following settings:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersi
on\Explorer\AutoComplete]
"Append Completion"="yes"

"AutoSuggest"="yes"

but I don't see the item "Use AutoComplete" under that
folder..


----------------

Subject: Re: Can't locate URLs starting with www.
From: "Frank Saunders, MS-MVP" <[email protected]>
Sent: 4/15/2004 8:33:34 AM


in message

I am experiencing a few problems with IE. First, I can no longer set
the default home page. When I set it to Google, it changes back to
some spam search engine next time I open IE. Also, my browser can no
longer locate any web page that starts with www. For example, typing
in www.microsoft.com will result in some Find Nav spam search engine.
However, if I type in http://microsoft.com, the MS home page will
open.

I run my anti-virus software (Norton) and come up with nothing. I
have reinstalled IE, even editied the registry bys etting data value
to 0, and nothing changes. I have also run Ad-Aware and removed any
spyware on my machine. I have been forced to resort to using the
free version of Opera, a web browser that I am not too fond of.
Anyone have suggestions!?

Chris

Using Regedit, browse to the following registry key and
make sure the noted
setting is correct:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersi
on\Explorer\AutoComplete]
"Append Completion"="yes"

also see the following values:

"Use AutoComplete"="yes"
"AutoSuggest"="no"

 

[Ash]

Thank you so very much. You don't know how relieved I am;
the little problems are the most depressing, but your
kindness really pulled me up. You are a life saver!

I was tinkering with the regedit and I found that going
to
HKEY local machine/ software/
microsoft/windows/currentversion/url/prefixes
I saw that under the "www" value there was nothing, so I
entered "http://" instead (following the example of
ftp:// for the "ftp" item) and now when I type
www.google.com the browser no longer shows up blank.

Again, thank you very very much. I really appreciate your
generous help.