G
Greg
I installed Windows 2003 (I didn't see newsgroups for Windows 2003, but this
general Windows so it should matter) and before I installed all of the
updates I got hit with a browser hijack. I avoid warez, porn, and other
sites like that so I'm not sure where I got it.
I've installed Ad-Aware, which finds it and removes it but when I reboot
it's back. Here's a snipit from the Ad-Aware log:
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/index.html#37049"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "res://mshp.dll/index.html#37049"
Possible browser hijack attempt : Software\Microsoft\Internet
Explorer\MainSearch Pagemshp.dll
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/sp.html#37049"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "res://mshp.dll/sp.html#37049"
Possible browser hijack attempt : Software\Microsoft\Internet
Explorer\MainStart Pagemshp.dll
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/index.html#37049"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "res://mshp.dll/index.html#37049"
Possible browser hijack attempt : Software\Microsoft\Internet
Explorer\MainDefault_Search_URLmshp.dll
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/sp.html#37049"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Search_URL
Data : "res://mshp.dll/sp.html#37049"
Possible browser hijack attempt : Software\Microsoft\Internet
Explorer\MainDefault_Page_URLmshp.dll
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/index.html#37049"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Page_URL
Data : "res://mshp.dll/index.html#37049"
Using ActivePorts I can see that upon boot it transmits some data to their
Web site (which I didn't write down but can get again if I reboot). I've
deleted their mshp.dll, but haven't rebooted since to see if this fixes it
or not.
Anyone know how I can completely remove this? Formatting isn't an option.
Also, wasn't Norton Anti-virus supposed to catch this? It didn't and doing
a virus scan doesn't find anything. I'm using their latest version with the
latest updates.
general Windows so it should matter) and before I installed all of the
updates I got hit with a browser hijack. I avoid warez, porn, and other
sites like that so I'm not sure where I got it.
I've installed Ad-Aware, which finds it and removes it but when I reboot
it's back. Here's a snipit from the Ad-Aware log:
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/index.html#37049"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "res://mshp.dll/index.html#37049"
Possible browser hijack attempt : Software\Microsoft\Internet
Explorer\MainSearch Pagemshp.dll
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/sp.html#37049"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "res://mshp.dll/sp.html#37049"
Possible browser hijack attempt : Software\Microsoft\Internet
Explorer\MainStart Pagemshp.dll
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/index.html#37049"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "res://mshp.dll/index.html#37049"
Possible browser hijack attempt : Software\Microsoft\Internet
Explorer\MainDefault_Search_URLmshp.dll
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/sp.html#37049"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Search_URL
Data : "res://mshp.dll/sp.html#37049"
Possible browser hijack attempt : Software\Microsoft\Internet
Explorer\MainDefault_Page_URLmshp.dll
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/index.html#37049"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Page_URL
Data : "res://mshp.dll/index.html#37049"
Using ActivePorts I can see that upon boot it transmits some data to their
Web site (which I didn't write down but can get again if I reboot). I've
deleted their mshp.dll, but haven't rebooted since to see if this fixes it
or not.
Anyone know how I can completely remove this? Formatting isn't an option.
Also, wasn't Norton Anti-virus supposed to catch this? It didn't and doing
a virus scan doesn't find anything. I'm using their latest version with the
latest updates.