Browser hijacking

[Ken]

My browser is having the "Default" and "Current" home
pages hijacked to a home page called cool-homepage.com. I
have scanned my system with Norton AV 2003, with updated
virus definitions, several times with no "hits". I've
searched my system (including system and hidden files)
for any containing the phrase "cool-homepage" and gotten
no results other than browser history. This has happened
several times (after I went into the registry and changed
back to my preferred defaults). I'm on a single computer,
behind a router/firewall and I'm the only user. I haven't
seen any prompts to switch my home page.

I'm at a loss as to what to do next... any thought?

 

[YoKenny]

My browser is having the "Default" and "Current" home
pages hijacked to a home page called cool-homepage.com. I
have scanned my system with Norton AV 2003, with updated
virus definitions, several times with no "hits". I've
searched my system (including system and hidden files)
for any containing the phrase "cool-homepage" and gotten
no results other than browser history. This has happened
several times (after I went into the registry and changed
back to my preferred defaults). I'm on a single computer,
behind a router/firewall and I'm the only user. I haven't
seen any prompts to switch my home page.

I'm at a loss as to what to do next... any thought?

Get the CWShredder unpack and run it.
http://www.spywareinfo.com/~merijn/files/cwshredder.zip

Read about it.
http://www.spywareinfo.com/~merijn/cwschronicles.html

Read the following pages to get advice on how to stop it
happening again:
http://www.mvps.org/winhelp2002/unwanted.htm

Get and update then run frequently after checking for new updates:
http://www.javacoolsoftware.com/spywareblaster.html

 

[anonymous]

Dealing with Unwanted Spyware and Parasites.
http://mvps.org/winhelp2002/unwanted.htm

Home Page Setting Changes Unexpectedly, or You Cannot
Change your Home Page
Setting
http://support.microsoft.com/?kbid=320159

The problem may be due to a spyware.

Download Ad-Aware from www.lavasoftusa.com, scan the
system and eliminate
the malware products. Re-apply the above fix if necessary.
** Remember to update the pattern file using WebUpdate in
Ad-Aware **

( Caused by a malware called CoolWebSearch) Also,
Download:
http://www.spywareinfo.com/~merijn/files/cwshredder.zip )
----------------------------------------------------------
---
http://komando.master.com/texis/master/search/?
q=spyware&s=SS
----------------------------------------------------------
----------------------
Spychecker
(www.spychecker.com)
or
Pest Patrol
(www.pestpatrol.com).

Download HijackThis, free, here:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Spybot Search & Destroy
http://www.safer-networking.org
http://www.spywareinfo.com

http://security.kolla.de <-germany

SpyBot Support Forum
http://www.net-integration.net/cgi-
bin/forums/ikonboard.cgi

Ad-aware
http://www.lavasoftusa.com/software/adaware/

 

[=?iso-8859-1?Q?Cl=E1udio_Rodrigues?=]

Run REGEDT32 on your machine and go to
HKLM\Software\Microsoft\Windows\CurrentVersion\Run and
check what you have there. You probably have an
executable there that is setting the page everytime.

Cláudio Rodrigues

Microsoft MVP
Windows Technologies - Terminal Services

-----Original Message-----
My browser is having the "Default" and "Current" home
pages hijacked to a home page called cool-homepage.com.

I

 

[Ken]

Thanks all Some good advice... so far no hits.. I've
run Adaware, Spybot and CWShredder with no hits. I
checked the register under "Run" and found one item I
wasn't sure about, "Nerocheck" and removed it. I don't
have or use Nero, so that was a bit suspicious.. although
I think I did download a demo and install, a while back.
I really appreciate all the help guys (or girls. I'm
learning a bit on this one

 

[anonymous]

Very strange. I did google search for cool-homepage
and came up with this:
------------------------------------
CoolHomePage.com
User Pages: Mike Claussen Steve Lewis Charlie Payne
Want to have your own coolhomepage.com address?
([email protected])
www.coolhomepage.com/
------------------------------------------------
You might want to send email to webmaster and ask them
how to remove it. I did this with comet and they were
real nice and gave me detailed removal stuff. I would
not visit the site because it might happen again.
----------------------------------------------------

 

[siljaline]

Run REGEDT32 on your machine and go to
HKLM\Software\Microsoft\Windows\CurrentVersion\Run and
check what you have there. You probably have an
executable there that is setting the page everytime.

Cláudio Rodrigues

Spyware does more than install to HKLM\ ... Run\ , Cláudio.

An interesting read -
http://www.spywareinfo.com/~merijn/cwschronicles.html

Regards,

--

siljaline MS - MVP IE/OE

(Please reply to group, as reply address is invalid,
so that we can all benefit)

 

[Cristal]

Ken, I had the same problem. I even contacted my ISP for
help and they informed me it was a result of a trojan
virus called "qhost". My virus program did rid me of the
issue. I also found a site that should provide you a
fix. Here is the link.
http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshr
edder