home page is constantly taken over, why?

[jvoortman]

home page is constantly taken over, why?
I set the homepage in my internet browser "tools area",
and yet this stupid page from

"about:blank"
http://fastsearch.cc/

how do I stop it from taking over all the time?

 

[guestuser]

You've been hijacked. Download HiJack This! and get rid of the offending
malware. Always use a firewall, anti-virus software, and good malware
eliminating software like AdAware, SpyBot Search and Destroy and Pest
Patrol. Do a Google search on those names and you can download all of them
free.

 

[Mike Burgess]

jvoortman,
How to remove Coolwebsearch and affiliates
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch

Note: this type hijack indicates an unpatched machine, that is lacking in
"Defense".
Please visit Windows Update to avoid these exploits.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 11-26-03]
Please post replies to this Newsgroup, email address is invalid

 

[Guga]

You ARE NOT ALONE!

I am having the same problem and have yet to solve it. I will not go
into long detail, I can give you a temp fix, but it only lasts as long
as you don't reboot (ha ha).

It requires you to enter the registry editor. email me before I detail
the process I can wlk you through it. Remember, it is temporary but
its the best I have right now.

Guga

 

[H Leboeuf]

Rule out parasites.
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

 

[Stef]

I went nuts for almost 2 weeks scanned my computer for viruses using
not only my Norton but also every free trial
I could find online did adawere and spybot still as soon as I reboted
there it was again.
I fixed it at this site www.spywareinfo.com/~meri...redder.zip
when you are done do a windows update there is a patch for it.
and now I want to know who owns the fastsearch page, i did a whois and
I always get that the info is not available at this time.

 

[Stef]

From: (e-mail address removed) (Stef)
Newsgroups: microsoft.public.scripting.virus.discussion
Subject: Re: fastsearch.cc/ydtfs/ pop-up
References: <[email protected]>
NNTP-Posting-Host: 141.154.66.158
Message-ID: <[email protected]>

Country: Unknown

Looking up !NET-209-66-122-0-1 at whois.arin.net.

NOTE: More information appears to be available at NOC41-ORG-ARIN.

Using cached answer (or, you can get fresh results).


CustName: APS Telecom
Address: 1802 N carson street
City: Carson City
StateProv: NV
PostalCode: 89701
Country: US
RegDate: 2003-04-16
Updated: 2003-04-16

NetRange: 209.66.122.0 - 209.66.122.255
CIDR: 209.66.122.0/24
NetName: MFN-C231-209-66-122-0-24
NetHandle: NET-209-66-122-0-1
Parent: NET-209-66-64-0-1
NetType: Reassigned
Comment: Abuse issues to (e-mail address removed)
RegDate: 2003-04-16
Updated: 2003-04-16

TechHandle: NOC41-ORG-ARIN
TechName: Metromedia Fiber Networks AboveNet
TechPhone: +1-877-479-7378
TechEmail: (e-mail address removed)

OrgTechHandle: NOC41-ORG-ARIN
OrgTechName: Metromedia Fiber Networks AboveNet
OrgTechPhone: +1-877-479-7378
OrgTechEmail: (e-mail address removed)

# ARIN WHOIS database, last updated 2003-11-13 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
also------------------------------------
Country: Unknown

Looking up !NET-209-66-64-0-1 at whois.arin.net.

NOTE: More information appears to be available at NOC41-ORG-ARIN.

Using cached answer (or, you can get fresh results).


OrgName: Abovenet Communications, Inc
OrgID: ABVE
Address: 360 Hamilton Avenue
City: White Plains
StateProv: NY
PostalCode: 10601
Country: US

ReferralServer: rwhois://rwhois.above.net:4321

NetRange: 209.66.64.0 - 209.66.127.255
CIDR: 209.66.64.0/18
NetName: NETBLK-ABOVENET2
NetHandle: NET-209-66-64-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: NS.ABOVE.NET
NameServer: NS3.ABOVE.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1997-04-09
Updated: 2001-04-27

TechHandle: NOC41-ORG-ARIN
TechName: Metromedia Fiber Networks AboveNet
TechPhone: +1-877-479-7378
TechEmail: (e-mail address removed)

OrgTechHandle: NOC41-ORG-ARIN
OrgTechName: Metromedia Fiber Networks AboveNet
OrgTechPhone: +1-877-479-7378
OrgTechEmail: (e-mail address removed)

# ARIN WHOIS database, last updated 2003-10-11 19:15
# Enter ? for additional hints on searching
http://www.dnsstuff.com/tools/lookup.ch?name=FASTSEARCH.CC&type=Agot
all the info from above link and this link
http://www.dnsstuff.com/tools/whois.ch?ip=209.66.122.167calling now
they have to pay for every call so call and calltill they are out of
money I got an answer for each phone number!pay back is a mother
****er call and call and call.a pissed off bitch!

Hi, Knowledgeable Ones,

Anyone familiar with a kind of pop-up window that can't be
closed by Alt+F4, Esc., Task Manager, or anything else
besides the magic reset button? It shows up in IE6, but
not Mozilla Firebird.

The full-screen pop-up says "Hold down your enter key for
ten seconds to see something cool!" Not sure how this got
past ZA, but Network Connections/.../Internet Connection
Firewall was unchecked. All users get mail from web-based
email services, and no attachments were opened that I know of.

Needless to say, I told the users not to press enter. Upon
reset, the problem doesn't come back, but IE opens onto a
commercial website:
http://fastsearch.cc/ydtfs/

When I go to change this under Internet Options, this is
what's in the home page address field:
http://in.webcounter.cc/-/?cxl%6
f%77 about:blank


In Event Viewer, there are events which I don't fully
understand enough to know if they're suspicious or not, but
none seem to have started happening after the pop-up
appeared the first time.

Does anyone know, would running F-Prot in XP safe mode be
the thing to do (now I have to discover if XP even has safe
mode...)?

Thank you,

Thanh