Hijacked home page- MSITStore

G

Guest

I CAN"T TAKE IT ANYMORE!!!!! Going absolutely nuts trying to get rid of this hijacked homepage. Every time I restart mey computer, it goes back to this home page and I cannot get rid of it (mk:MSITStore:c:windows\start.chm::/spad.html) SOMEONE PLEASE HELP!!!!!!!!

I have tried running Norton's antivirus, adaware, spybot a&d, and even gone into my hkey areas and reset the home page defaults, etc...HOWEVER.. This pain in the ass website keeps coming back!!! If ANYONE knows how to get rid if it for go (beside using a shotgun on my computer!!!) Please help!!--Mike B
 
B

Black Baptist

=?Utf-8?B?TVNCMTExMA==?= rambled on in
microsoft.public.windowsxp.help_and_support:
I CAN"T TAKE IT ANYMORE!!!!! Going absolutely nuts trying to get rid of
Click to expand...
this hijacked homepage. Every time I restart mey computer, it goes back to
this home page and I cannot get rid of it (mk:MSITStore:c:windows
\start.chm::/spad.html) SOMEONE PLEASE HELP!!!!!!!!
I have tried running Norton's antivirus, adaware, spybot a&d, and even
Click to expand...
gone into my hkey areas and reset the home page defaults, etc...HOWEVER..
This pain in the ass website keeps coming back!!! If ANYONE knows how to
get rid if it for go (beside using a shotgun on my computer!!!) Please
help!!--Mike B
What you have is the new variant of the CWS TROJAN,and it installs itself
through a zero day exploit in the IE HTML help system,and This seems to be
another variation of some previous vulnerabilities regarding MHTML in
Internet Explorer. This one uses the MS-ITS InfoTech Protocol to force
redirection of MHTML. Exploiting this vulnerability is believed to allow
the attacker to execute code on the target machine in the context of Local
Zone which generally has much less restrictive security settings.
The zero-day exploit that is out there is reported to download a handful of
components to the target computer, including a backdoor and a component
that will attempt to terminate most antivirus, firewall and other security
software.

That is just one exploit though. There is no existing patch to defend
against this at this time. One caveat is that in order for this exploit to
work a user with a vulnerable system must somehow be tricked or lured into
visiting a web page containing the malicious code.

A possible workaround would be to remove the file association in Windows
that allows CHM files to be executable. Follow these steps:

* Open Windows Explorer
* Click on Tools
* Click on Folder Options
* Click on File Types tab
* Scroll to the CHM type
* Either delete or modify it so it isn't executable

The problem with this is that you will be disabling all CHM files so
Windows Help will be effectively disabled.

You could also filter incoming HTML for specific lines of code once
exploits are identified, but that is tedious and high-maintenance and may
impact the speed and performance of your network. One of the best things to
do for now is to just be very cautious about what web sites you visit. As
exploits are discovered they should be identified and included in antivirus
software updates. That should work to protect users in the short term until
Microsoft can issue a patch which protects against the vulnerability
altogether.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Hijacked homepage-MSITStore 1
home page hijacked 7
Home page Hijacked??? 4
hijacked home page 2
Home Page 2
Hijacked registry keys 1
Get rid of MSN default home page IE6 1
Hijacked home page 9

Top