Phillip said:
For several months, IE 6.0 has been besieged with unwanted
downloads of toolbars, search engines, etc. These
downloads automatically change my home page (
www.msn.com)
and add lots of unwanted links/folders to my Favorites. I
have my privacy setting on "high" and have deleted cookie
files and temp files and still these things get thru. I
have removed any downloaded programs and deleted all the
files I can find (some files will not allow themselves to
be deleted!!). Common names are allaboutsearching,
search.com, zestyfind, etc. I run McAfee virusscan every
several days and it finds 20-40 ad-ware files every time
(which I delete or quarantine). I really think this is a
plan on Microsoft's part to allow IE to bombard me with
ads and trouble, since this problem started right after
installing a bunch of security patches recommended by MS.
Apart from switching to Netscape, how do I make IE stop
downloading files without permission??IMPORTANT: Before trying to remove
spyware, download a copy of LSPFIX from the URL below - some malware can
kill your internet connection when it is removed, and this software should
get things going for you again:
http://www.cexx.org/lspfix.htm
Get yourself a copy of BHODemon, available at
http://www.definitivesolutions.com/bhodemon.htm .
It does not need installing - simply unzip and run the EXE programme. It is
very easy to use. It will often find the following hijackware DLL files,
and give you the ability to disable them easily.
Many people like AdAware, available at
www.lavasoft.de. Make sure you keep
the signature files up to date and remember, AdAware only removes the
current install; it can't do anything about software that reinstalls itself
(unless you want to get stuck in an endless loop of
hijack/cleanout/hijack/cleanout). Sometimes you will have to track down and
remove the software that keeps putting the hijackware back - hence this
advice section. Warning: AdAware is now version 6.181. All previous
versions are NO LONGER SUPPORTED and will not be updated.
The more experienced user can try Spybot. Again, it is a free programme
which can be downloaded from:
http://spybot.eon.net.au/. Warning: it is NOT
a good programme for the inexperienced. If you want to use this programme,
please get the advice of those more experienced before 'fixing' anything
that it finds.
Go to the link below to check your system for parasites (supplied by
Doxdesk.com):
http://www.mvps.org/inetexplorer/parasite.htm
Another excellent programme that allows you to examine your system and
*create a results log for experts to examine* is HijackThis, available from:
http://www.tomcoyote.org/hjt/
Download and run the latest version of "Cool Web Shredder"
http://www.merijn.org/files/CWShredder.exe
Here is advice specific to:
home page hijackings
http://www.mvps.org/inetexplorer/answers.htm#home_page
pop-up ads
http://www.mvps.org/inetexplorer/data/popup.htm
search engine hijackings
http://www.mvps.org/inetexplorer/answers4.htm#search_engine
IMPORTANT: The above programmes are excellent, and a lot of credit goes to
those who authored and update the programmes, but they can NOT detect
everything that is out there - as time goes on the programmes will become
more and more unwieldy if they try to maintain a standard of positive
identification for as much spyware as possible, and it will be harder and
harder for the programmes to catch everything that is out there. More and
more spyware uses RANDOM names as part of their programme making it
impossible for positive identification to occur, therefore....
It is VERY IMPORTANT that you learn how to examine your system for potential
problems as well as using 'fixit' programme such as AdAware or Spybot.
Check your startup folder and MSCONFIG (startup tab). You can also check
the following registry keys and edit as appropriate (if you have experience
with same).
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce
The following link will lead you to some Microsoft KB articles about the
basics of the Registry and working with it:
http://www.mvps.org/inetexplorer/answers.htm#Registry
An experienced computer technician can use programme such as AutoStart
Viewer for in-depth diagnosis:
http://www.diamondcs.com.au/index.php?page=asviewer
Empty your IE cache and your other temporary file folders, eg:
c:\windows\temp (if using Windows 98) or C:\Documents and
Settings\<name>\Local Settings\Temp (the path to your temp folder will
change depending on your name) - sometimes programmes can be hidden in
there - watch out for mysterious *.exe files or *.dll files in those
folders.
Go to IE Tools, Internet Options, Temporary Internet Files {Settings
Button}, View Objects, Downloaded Programme Files. Check for unusual objects
there.
Go to IE Tools, Internet Options, Accessibility. Make sure there is no
style sheet chosen (under User Style Sheet - format documents using my style
sheet). If the option is turned on, turn it OFF.
It is possible to turn off third party extensions (Enable third-party
browser extensions (requires restart) at IE tools, internet options,
advanced) to disable *all* plug-ins but troubleshooting will be difficult
and it is only a BANDAID. Nothing gets fixed. There is software that
depends on 'third party browser extensions" to work, including Acrobat,
Microsoft Money, and many other programmes.
--
Hyperlinks are used to ensure advice remains current
Do NOT send me an email. I will NOT see it (thank the spammers and viruses)
_______________________________________
Sandi - Microsoft MVP since 1999 (IE/OE)
http://inetexplorer.mvps.org/