Hi Mina,
Thanks for posting here!
I understand that the issue to be: You're not able to change your home page
back. If I misunderstood your concern, please don't hesitate to let me know.
According to my experience, you need to format the disk and reinstall the
system after being attacked by the spyware sometimes. Spyware that has
deceptive characteristics may not follow standard practices for
installation; some spyware will add some registry keys or files in Windows
and reload itself when the system restarts. Therefore, it is hard to
entirely remove some Spyware. We and some third-party companies, such as
Ad-ware or Spybot, are fighting for totally deleting spyware.
The issue about Spyware has been addressed in the following KB article:
Unexplained computer behavior may be caused by third-party software
http://support.microsoft.com/default.aspx?scid=kb;en-us;827315
In addition, I would like to list the following article for your reference:
5 tips for spurning spyware and browser hijackers
http://www.microsoft.com/smallbusiness/issues/marketing/privacy_spam/5_tips_
for_spurning_spyware_and_browser_hijackers.mspx
What you should know about spyware
http://www.microsoft.com/security/articles/spyware.asp
Based on my research, please follow these steps to troubleshoot the issue:
Step1: Refer to the following article to perform a Clean Boot
======================
310353 - How to Perform a Clean Boot in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310353
Step 2: Clean Startup Items
===============================
1. Launch Registry Editor by run Regedit
2. Navigate to the following registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
3. Remove all suspicious items from the registry.
WARNING: Using Registry Editor incorrectly can cause serious problems that
may require you to reinstall Windows. Microsoft cannot guarantee that
problems resulting from the incorrect use of Registry Editor can be solved.
Use Registry Editor at your own risk.
Step 3: Restore IE and disable 3rd party extension
===============================
1. Open Windows Explorer and find the C:\Program Files\Internet
Explorer\PLUGINS folder.
2. Create a new folder on the desktop and move all the plug-ins in the
PLUGINS folder to the new folder.
3. Open Control Panel->Internet Options.
4. On the General tab, click Delete Files within the Temporary Internet
files section.
5. Select the Delete all offline content check box, click OK.
6. Click Delete Cookies, and click OK.
7. Click Clear History within the History section, click Yes.
8. Click the Advanced tab and uncheck Enable third-party browser
extensions.
9. Click OK.
10. Find and delete the following registry key.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse
r Helper Objects
11. Find and delete the all the sub keys in the following registry key
(don't delete the following registry key).
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension
Step 4: Lock the registry
==========================
Please change permissions on the following registry key so that the home
page will not be modified:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Click Edit menu->Permission->Delete all accounts so that no one can change
the home page.
Step 5: Clean Adware/Spyware
================================
I understand that you've already perform this step before. However, please
download and launch at least two tools below to remove Adware/Spyware again
to make sure that there won't be any Spyware/Adware on the system. (Please
launch these tools under Safe Mode)
Ad-Aware:
http://www.lavasoft.de/software/adaware/
Spybot:
http://www.spykiller.com/index4.asp?ref=2400
HijackThis direct Download:
http://209.133.47.200/~merijn/files/HijackThis.exe
CWShredder direct Download:
http://209.133.47.200/~merijn/files/CWShredder.exe
*IMPORTANT*: Please ONLY visit Microsoft.com, msn.com for hours to see if
the issue persists since in most cases, home page will be changed when you
visit certain favorite website. In other word, you will be hijacked again
unconsciously when you visit favorite websites.
If you have any questions or concerns, please feel free to let me know.
Have a great day!
Best regards,
Bill Peng
MCSE 2000, MCDBA
Microsoft Online Support Engineer
Get Secure! -
www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
