default homepage changed to c:\searchpage.html

C

carlos II

In my IE 6.0 browser the address in home page box is
changing by itself to c:\searchpage.html. I have tried a
regedit run to delete everything with "searchpage" in it,
yet everytime I close and reopen IE 6.0 the address in
the home page address box is changed to
c:\searchpage.html.

I would appreiciate help, thanks!

Carlos II
 
T

tvb68

The spyware on your computer hijacked the browser. Install Spybot (it is
free and works well), then choose "Lock home page" in the "Immunize" menu.

Tom
 
S

Shenan Stanley

carlos said:
In my IE 6.0 browser the address in home page box is
changing by itself to c:\searchpage.html. I have tried a
regedit run to delete everything with "searchpage" in it,
yet everytime I close and reopen IE 6.0 the address in
the home page address box is changed to
c:\searchpage.html.

I would appreiciate help, thanks!
Click to expand...

Secure your system and keep it protected/updated by following these tips:

Popups and Home Page Hijacks come in several flavors.. However, if
you use most of the items in the list I am about to give you, you will
lessen your popups, security holes and spam all with one list. Your
problem may be Messenger Popups (you should follow the firewall
advice and do a Google search on 'disable messenger service in
windows xp' to fix this) or web page popups (you should follow the
Google Toolbar advice section for these.) You may have
spyware/adware infesting your machine, follow the appropriate
section for that, making sure you use at least THREE of the tools
I list to scan and clean your machine AFTER updating them.
Cleaning up spyware/adware/malware usually solves home page
hijackers as well.

Please Notice that if you use AOL, you should at least upgrade to 9.0 or
greater before doing any of the fixes. I know you can get AOL 9.0 at almost
any convenience store, gas station, super market or other retail outlet in
the world, so this should not be a problem.


Turn on that firewall...
http://www.microsoft.com/WindowsXP/home/using/howto/homenet/icf.asp
(It has been reported that it now works with AOL 9.0+)


Make sure you have all the updates (critical) installed from:
http://windowsupdate.microsoft.com/
(Scan for updates, Review and Install)


Get rid of the spy/ad/mal-ware..
(Yes - using MORE than one of these..
I recommend at least the first three. Also..
UPDATE the definitions for them before using.)

Spybot Search and Destroy
http://www.safer-networking.net/

Lavasoft AdAware
http://www.lavasoft.de

CWSShredder
http://www.spywareinfo.com/~merijn/downloads.html

Hijack This!
http://mjc1.com/mirror/hjt/

I also like "The Cleaner" and "SpywareBlaster" and "SpywareGuard".
- http://www.moosoft.com/
- http://www.javacoolsoftware.com/

The first is a PAY product, but useable for 30 days - it has found and
eliminated problems in the past the others did not. The latter two are
prevention mechanisms. I like SpywareGuard for those with enough processor
to have something running like antivirus software - and it prevents browser
hijacking quite well.

And Assortment of Others:
http://www.merijn.org/downloads.html


After you cleanup your PC somewhat of spy/ad/mal-ware, verify your antivirus
software is updated and run a full scan of your computer. If you have no
antivirus software - get one NOW! Grisoft AntiVirus:
http://www.grisoft.com/us/us_dwnl_free.php


Empty your Temporary Internet Files and shrink the size it stores to about
80 to 120MB (seems to be an optimal size for the normal user)

- Open ONE copy of Internet Explorer.
- Select TOOLS -> Internet Options.
- Under the General tab in the "Temporary Internet Files" section,
do the following:
- Click on "Delete Cookies" (click OK)
- Click on "Settings" and change the
"Amount of disk space to use:" to something between 80MB
and 120MB. (Betting it is MUCH larger right now.)
- Click OK.
- Click on "Delete Files" and select to
"Delete all offline contents" (the checkbox) and click
OK. (If you had a LOT, this could take 2-10 minutes or
more.)
- Once it is done, click OK, close Internet Explorer
- Re-open Internet Explorer.


Uninstall any software you do not use often/ever. (If you have something
installed but never use it, uninstall it.) If you go through Control
Panel -> Add/Remove Programs and see things you seldom if ever use, it is to
your advantage to remove it.


Also, if you are tired of Web Page Pop-Ups/Unders.. You could try the
Google Toolbar.
http://toolbar.google.com/


Stop loading applications at logon.. run MSCONFIG and look under the startup
tab for things you DON'T want to startup! Search the Internet with Google
to discover what things are safe to remove and what things may even be
malware infecting your computer.


Better control your email and lessen the amount of time you spend dealing
with SPAM:
SpamBayes
http://spambayes.sourceforge.net
or
Spamihilator.
http://www.spamihilator.com
 
S

Squid

I just had fun trying to remove something similiar.
Check your msconfig for a startup item similiar to
regedit -s sysdll.reg. Uncheck this from starting.
Delete sysdll.reg which is located in C:\Windows\.
This reg file changes your internet browser settings in
the registry. It would direct to www.search-town.net or
nkvd.us/1520 or searchpage.cc/1520.

But it seems to also erasing the HOST file, so you cant
block sites. But even by stopping that reg file from
loading this malware or virus will run again. And somehow
change the internet browser settings in the registry.
Even without it residing in Run in the registry or
misconfig.

I also used CWShredder & Ad-aware. But these did not
stop the problem.

Make sure script blocking service is active in antivirus
and/or services. Also scan the services for anything
that doesnt look familar & stop it... something like NORPA
should appear listed. After I did these last 2
troubleshooting steps I regained control of the browser.
 
H

H Leboeuf

This removal tool should remove the parasite.

CoolWebSearch - CWS http://www.spywareinfo.com/articles/cws/
More: Complete list by variant with up-to-date information.
http://www.spywareinfo.com/~merijn/cwschronicles.html
More: Removal tool: http://www.spywareinfo.com/~merijn/files/cwshredder.zip
More: Removal tool:
http://www.symantec.com/avcenter/venc/data/vbs.bootconf.html
--

Henri Leboeuf
Web page: http://www.colba.net/~hlebo49/index.htm
** NOTE NEW ADDRESS **
Pages at generation.net will no longer be updated.
===
 
G

Guest

These sorts of adware/malware are able to replicate themselves. The trick is they reside in the following directory c:\recycler. You won't see this directory using explorer nor from the command prompt using the dir command. You can verify whether it is there or not by gonig to the C:\ root directory and typing "cd recycler" - you will notice that you are put in that directory. I don't know how they do this but it is pretty nasty. The way to remove the adware/malware is to go to the c:\ root directory and type the following command: "rd /s recycler" - the /s parameter removes the directory and all of it's files and subdirectories.

I have a suspiscion that some of the trial spyware that I have used in the past actually plants some of these malware programs on your PC - the demo version detects the problem, but you have to pay for the full license if you want your spyware to clear the problem

Good luck

----- Squid wrote: ----

I just had fun trying to remove something similiar.
Check your msconfig for a startup item similiar to
regedit -s sysdll.reg. Uncheck this from starting.
Delete sysdll.reg which is located in C:\Windows\.
This reg file changes your internet browser settings in
the registry. It would direct to www.search-town.net or
nkvd.us/1520 or searchpage.cc/1520

But it seems to also erasing the HOST file, so you cant
block sites. But even by stopping that reg file from
loading this malware or virus will run again. And somehow
change the internet browser settings in the registry.
Even without it residing in Run in the registry or
misconfig

I also used CWShredder & Ad-aware. But these did not
stop the problem

Make sure script blocking service is active in antivirus
and/or services. Also scan the services for anything
that doesnt look familar & stop it... something like NORP
should appear listed. After I did these last 2
troubleshooting steps I regained control of the browser
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

C:\searchpage.html? 2
Searchpage.html 3
Homepage/c:\searchpage.html#1503/can't open IE 3
Internet Explorer won't allow me to enter web address 1
Searchpage 4
PLEASE HELP!!!!! Cannot get address line to accept addresses 3
IE problem 2
Internet Explorer - won't hold "Home Page" 1

Top