OT: Help to identify these Adaware messages (please!)

J

John Latter

Hi,

I ran Adaware a few days ago and picked up these two reports:

Vendor:possible Browser Hijack attempt
Category:Vulnerability
Object Type:RegData
Size:-
Location:Software\Microsoft\Internet Explorer\Main "Start Page"
("about:blank")
Last Activity:08-05-2004
Risk LevelMedium
Comment:possible browser hijack attempt
Description:possible attempt to control\redirect the browser. This
object referrs to a "blacklisted" site.

Vendor:Windows
Category:Vulnerability
Object Type:RegData
Size:-
Location:regfile\shell\open\command "" ()
Last Activity:08-05-2004
Risk LevelLow
Comment:possible virus infection, REG file extension compromised
Description:No Detail Information Available.

Not knowing a lot about software I thought I got over whatever
problems they represent by doing a systems restore.

Today, however, I downloaded the latest Adaware update, ran it, and
the two entries reappeared!

Can anyone tell me what they might be & how I might get rid of them
permanently please?

Regards,

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech
 
J

John Latter

Hi,

I ran Adaware a few days ago and picked up these two reports:

Vendor:possible Browser Hijack attempt
Category:Vulnerability
Object Type:RegData
Size:-
Location:Software\Microsoft\Internet Explorer\Main "Start Page"
("about:blank")
Last Activity:08-05-2004
Risk LevelMedium
Comment:possible browser hijack attempt
Description:possible attempt to control\redirect the browser. This
object referrs to a "blacklisted" site.

Vendor:Windows
Category:Vulnerability
Object Type:RegData
Size:-
Location:regfile\shell\open\command "" ()
Last Activity:08-05-2004
Risk LevelLow
Comment:possible virus infection, REG file extension compromised
Description:No Detail Information Available.

Not knowing a lot about software I thought I got over whatever
problems they represent by doing a systems restore.

Today, however, I downloaded the latest Adaware update, ran it, and
the two entries reappeared!

Can anyone tell me what they might be & how I might get rid of them
permanently please?

Regards,
Click to expand...

Please talk to me someone - I'll be ya friend! :)

(or can you tell of another newsgroup where I might get help?)

Regards,

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech
 
M

Mister Charlie

This is when you get routed to a site (often when the addy typed in is
incorrect) that is a 'search' page. When you go to shut the page it
asks if you want to change your home page to whatever. Even if you say
no, it changes it in your 'Internet Properties' first page (where
normally it indicates 'about:blank', which means no home page loads
automatically, just a blank screen).

Delete the offending registry element that adaware found, then go to the
Internet Properties page and check the home page designation. More than
likely it is still listed as the site they put in. Just change it back
to blank (button on the far right).

If you continue to go to these sites you will continue to get these
errors.




Unknown. (To me anyway)

Again, you will constantly have goodies dropped into your cookie and
occasionally reg file by surfing. One simply needs to run adaware
regularly, keep it updated, and you should be fine.
 
B

bassbag

Hi,

I ran Adaware a few days ago and picked up these two reports:

Vendor:possible Browser Hijack attempt
Category:Vulnerability
Object Type:RegData
Size:-
Location:Software\Microsoft\Internet Explorer\Main "Start Page"
("about:blank")
Last Activity:08-05-2004
Risk LevelMedium
Comment:possible browser hijack attempt
Description:possible attempt to control\redirect the browser. This
object referrs to a "blacklisted" site.

Vendor:Windows
Category:Vulnerability
Object Type:RegData
Size:-
Location:regfile\shell\open\command "" ()
Last Activity:08-05-2004
Risk LevelLow
Comment:possible virus infection, REG file extension compromised
Description:No Detail Information Available.

Not knowing a lot about software I thought I got over whatever
problems they represent by doing a systems restore.

Today, however, I downloaded the latest Adaware update, ran it, and
the two entries reappeared!

Can anyone tell me what they might be & how I might get rid of them
permanently please?

Regards,
Click to expand...
Sometimes programmes that can help secure systems by adding certain reg
entries can be picked up as vulnerabilities by adaware.For example the
second entry adaware picks up on ,i also have but it is caused by scriptrap
which i have installed that intercepts certain script types.If you actually
open regedit and follow the path shown in adaware you may find a different
entry.The actual regedit entry in my case is ..
"C:\PROGRAM FILES\SCRIPTRAP\SCRIPTRAP.EXE" "%1"
although adaware describes it the same as your second entry...so maybe worth
checking the actual entry.If the entries are due to some other security
source you have installed just put them in ignore list.
me
 
J

John Latter

This is when you get routed to a site (often when the addy typed in is
incorrect) that is a 'search' page. When you go to shut the page it
asks if you want to change your home page to whatever. Even if you say
no, it changes it in your 'Internet Properties' first page (where
normally it indicates 'about:blank', which means no home page loads
automatically, just a blank screen).

Delete the offending registry element that adaware found, then go to the
Internet Properties page and check the home page designation. More than
likely it is still listed as the site they put in. Just change it back
to blank (button on the far right).

If you continue to go to these sites you will continue to get these
errors.





Unknown. (To me anyway)


Again, you will constantly have goodies dropped into your cookie and
occasionally reg file by surfing. One simply needs to run adaware
regularly, keep it updated, and you should be fine.
Click to expand...

Thanks Mr Charlie - I was a bit disconcerted by the 'medium risk' cos
I've never had one before!

I'll also try & see which search page(s) is causing the problem - I'm
forever looking up items from ebay to see if I can find out more info
about them!

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech
 
J

John Latter

Sometimes programmes that can help secure systems by adding certain reg
entries can be picked up as vulnerabilities by adaware.For example the
second entry adaware picks up on ,i also have but it is caused by scriptrap
which i have installed that intercepts certain script types.If you actually
open regedit and follow the path shown in adaware you may find a different
entry.The actual regedit entry in my case is ..
"C:\PROGRAM FILES\SCRIPTRAP\SCRIPTRAP.EXE" "%1"
although adaware describes it the same as your second entry...so maybe worth
checking the actual entry.If the entries are due to some other security
source you have installed just put them in ignore list.
me
Click to expand...

Thanks Bassbag - I've got some kinda script monitor program (can't
remember which offhand) so that's probably it!

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech
 
L

Lester Horwinkle

This is a more serious problem. If I read your AdAware results correctly, it
seems that the command to be executed when you click a ".reg" file has been
nulled out. So now, when you click on a .reg file, nothing happens.

A .reg file contains information that is to be placed into the registry
(including fixes for problems like yours).

See if AdAware will fix your problem. Just let AdAware do its thing.
Then run "regedit" ... in the regedit window, navigate to the "folder"
called:
HKEY_CLASSES_ROOT\regfile\shell\open\command
and see if the right-panel entry says:
regedit.exe "%1"

If so, you've been fixed. If not, save the attached file.

Ordinarily, you'd just double-click that file to perform the fix.
But the wily person who has infected your computer has hijacked that
mechanism.
That's what you're going to fix.
So you must run a DOS prompt (Start menu > Run and then type in "cmd" with
no quotes).

In the DOS window, go to the folder where you saved the attachment
"regfilefix.reg".
It contains 4 lines of text:
REGEDIT4

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

It's easiest if you put the regfilefix.reg file in the C:\ folder
So, from the DOS window, type these 3 commands ...
C:
cd \
C:\windows\regedit regfilefix.reg

When a box pop up saying "Are you sure ...", click OK.
That's all.
 
P

Peter Seiler

John Latter - 09.05.2004 09:40 :
Thanks Mr Charlie - I was a bit disconcerted by the 'medium risk' cos
I've never had one before!

I'll also try & see which search page(s) is causing the problem - I'm
forever looking up items from ebay to see if I can find out more info
about them!
Click to expand...

John (and many others),please remember snipping unnecessary (about 80!)
quoting lines. THX.
 
J

John Latter

This is a more serious problem. If I read your AdAware results correctly, it
seems that the command to be executed when you click a ".reg" file has been
nulled out. So now, when you click on a .reg file, nothing happens.

A .reg file contains information that is to be placed into the registry
(including fixes for problems like yours).

See if AdAware will fix your problem. Just let AdAware do its thing.
Then run "regedit" ... in the regedit window, navigate to the "folder"
called:
HKEY_CLASSES_ROOT\regfile\shell\open\command
and see if the right-panel entry says:
regedit.exe "%1"

If so, you've been fixed. If not, save the attached file.

Ordinarily, you'd just double-click that file to perform the fix.
But the wily person who has infected your computer has hijacked that
mechanism.
That's what you're going to fix.
So you must run a DOS prompt (Start menu > Run and then type in "cmd" with
no quotes).

In the DOS window, go to the folder where you saved the attachment
"regfilefix.reg".
It contains 4 lines of text:
REGEDIT4

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

It's easiest if you put the regfilefix.reg file in the C:\ folder
So, from the DOS window, type these 3 commands ...
C:
cd \
C:\windows\regedit regfilefix.reg

When a box pop up saying "Are you sure ...", click OK.
That's all.
Click to expand...

Thankyou very much for your reply Lester! :)

I'm gonna wait 'til the morning, however, before I attempt to follow
your advice (my failing faculties ought to be at their peak about
then).

At the moment Adaware is quite happy to fix the problem, and if I
remember correctly, the problem stays fixed for that session but then
reappears at a later date (when I've restarted my computer - I, er,
tend only to run Adaware when there's a new update!).

I'm interested in the thingy/attachment which came with your post -
when I double clicked on it I got a warning from Forte & then one from
ScriptSentry at which point I opted out - could you tell what it is
please?

Thanks again,

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech
 
J

John Latter

John Latter - 09.05.2004 09:40 :


John (and many others),please remember snipping unnecessary (about 80!)
quoting lines. THX.
Click to expand...

Thanks Peter - I've never been too sure about how much to quote and
had gained the impression that EVERYTHING should be quoted - else
people shout at you! (John <-- 'Mr Sensitive')

I'm quite comfortable with your suggestion however! :)

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech
 
M

Maureen Goldman

Had the same problem, went to the Ad-Aware forums at lavasoft. Here's
a short discussion on the topic (you can ignore the part of the
initial post where the fellow prints his lengthy log information).

http://www.lavasoftsupport.com/index.php?showtopic=26288&hl=aboutblank

Basically the situation seems to be that spyware CoolWebSearch
sometimes commandeers about:blank. Ad-Aware is being cautious and
identifies AB as possible spyware. The response in the forum goes on
to explain how to put this into an ignore list if you don't feel your
system has been compromised.

Drove me nuts, it did.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

spyware I can't seem to find and kill!!! 2
Odd Ad-aware report - blank page 21
Ad-aware question 11
Start Page Attack? 2
Browser Hijack? 4
Possible Browser Hijack 2
IE homepage 4
disabled by system admin? 1

Top