search box defaults to about:blank

J

JON

recently, i was surfing, and got attacked by a web page
that bypassed system and posted a routine to load their
own web page product search, instead of the default MSN or
other that i would like to popup each time the IE is
opened.

my question, is that i can see "whois" listed on the
pirated page and controller of what pops up as the default.

origianlly on ie 5.5 the directory msuk was established
and an official file having the msie???.dll looked
official, but by date searched athte time of attack,
proved to be a pirate.

i removed, or thought i did, the culprit. after reloading
5.0 and upgrading to 6.02 ie; i still have the bug, but my
system is working without crashing as with 5.5 ie.

i also installed popup blocker and ad-aware 6.0.

this should almost stop any new attacks, but i still have
the ATTACKER http://1search.biz, owned by
WHOIS information for 1search.biz:

[whois.melbourneit.com]
Domain Name: 1SEARCH.BIZ
Domain ID: D6404495-BIZ
Sponsoring Registrar: GO DADDY
SOFTWARE, INC.
Domain Status: ok
Registrant ID: GODA-05678888
Registrant Name: Sergey
Zaporozhec
Registrant Organization: Unknown
Registrant Address1: Zhuljany 14
fl5
Registrant City: Lvov
Registrant State/Province: UA
Registrant Postal Code: 13729
Registrant Country: Ukraine
Registrant Country Code: UA
Registrant Phone Number: +380.48463815
Registrant Email:
(e-mail address removed)
Administrative Contact ID: GODA-25678888
Administrative Contact Name: Sergey
Zaporozhec
Administrative Contact Organization: Unknown
Administrative Contact Address1: Zhuljany 14
fl5
Administrative Contact City: Lvov
Administrative Contact State/Province: UA
Administrative Contact Postal Code: 13729
Administrative Contact Country: Ukraine
Administrative Contact Country Code: UA
Administrative Contact Phone Number: +380.48463815
Administrative Contact Email:
(e-mail address removed)

can anybody help to get this off my system?

JON S.
 
W

war17

Some website has hijacked your Search.

1. Use the following scanners to find and remove the website.

SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/
or
CoolWebShredder
http://www.spychecker.com/program/coolwebshredder.html

2. Some porn websites redirects links to their websites using your HOSTS
file. Do a search for the HOSTS (without extension) file and remove the
entry.

3. If still no joy, download HijackThis from Spywareinfo download page

http://www.spywareinfo.com/program/hijackthis.html

Run the program and you will find many entries. Most are OK. Post the log. I
will find the problem for you.

4. For future preventive maintenance, make sure programs cannot just
download on your computer without your permission. From the Internet
Toolbar, go to Tools > Internet Options > Advanced. Make sure "Enable
Install On Demand (Internet Explorer)" and "Enable Install On Demand
(Other)" are unchecked.

--
Warren
For additional help, post in
http://groups.msn.com/HelpforInternetExplorerorWindowsME/homepage

JON said:
recently, i was surfing, and got attacked by a web page
that bypassed system and posted a routine to load their
own web page product search, instead of the default MSN or
other that i would like to popup each time the IE is
opened.

my question, is that i can see "whois" listed on the
pirated page and controller of what pops up as the default.

origianlly on ie 5.5 the directory msuk was established
and an official file having the msie???.dll looked
official, but by date searched athte time of attack,
proved to be a pirate.

i removed, or thought i did, the culprit. after reloading
5.0 and upgrading to 6.02 ie; i still have the bug, but my
system is working without crashing as with 5.5 ie.

i also installed popup blocker and ad-aware 6.0.

this should almost stop any new attacks, but i still have
the ATTACKER http://1search.biz, owned by
WHOIS information for 1search.biz:

[whois.melbourneit.com]
Domain Name: 1SEARCH.BIZ
Domain ID: D6404495-BIZ
Sponsoring Registrar: GO DADDY
SOFTWARE, INC.
Domain Status: ok
Registrant ID: GODA-05678888
Registrant Name: Sergey
Zaporozhec
Registrant Organization: Unknown
Registrant Address1: Zhuljany 14
fl5
Registrant City: Lvov
Registrant State/Province: UA
Registrant Postal Code: 13729
Registrant Country: Ukraine
Registrant Country Code: UA
Registrant Phone Number: +380.48463815
Registrant Email:
(e-mail address removed)
Administrative Contact ID: GODA-25678888
Administrative Contact Name: Sergey
Zaporozhec
Administrative Contact Organization: Unknown
Administrative Contact Address1: Zhuljany 14
fl5
Administrative Contact City: Lvov
Administrative Contact State/Province: UA
Administrative Contact Postal Code: 13729
Administrative Contact Country: Ukraine
Administrative Contact Country Code: UA
Administrative Contact Phone Number: +380.48463815
Administrative Contact Email:
(e-mail address removed)

can anybody help to get this off my system?

JON S.
Click to expand...
 
M

Mike Burgess

JON,
1search.biz = Coolwebsearch trojan

How to remove Coolwebsearch and affiliates
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch

Note: this type hijack indicates an unpatched machine, that is lacking
in "Defense". Please visit Windows Update to avoid these exploits.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-21-04]
Please post replies to this Newsgroup, email address is invalid
--

JON said:
recently, i was surfing, and got attacked by a web page
that bypassed system and posted a routine to load their
own web page product search, instead of the default MSN or
other that i would like to popup each time the IE is
opened.

my question, is that i can see "whois" listed on the
pirated page and controller of what pops up as the default.

origianlly on ie 5.5 the directory msuk was established
and an official file having the msie???.dll looked
official, but by date searched athte time of attack,
proved to be a pirate.

i removed, or thought i did, the culprit. after reloading
5.0 and upgrading to 6.02 ie; i still have the bug, but my
system is working without crashing as with 5.5 ie.

i also installed popup blocker and ad-aware 6.0.

this should almost stop any new attacks, but i still have
the ATTACKER http://1search.biz, owned by
WHOIS information for 1search.biz:

[whois.melbourneit.com]
Domain Name: 1SEARCH.BIZ
Domain ID: D6404495-BIZ
Sponsoring Registrar: GO DADDY
SOFTWARE, INC.
Domain Status: ok
Registrant ID: GODA-05678888
Registrant Name: Sergey
Zaporozhec
Registrant Organization: Unknown
Registrant Address1: Zhuljany 14
fl5
Registrant City: Lvov
Registrant State/Province: UA
Registrant Postal Code: 13729
Registrant Country: Ukraine
Registrant Country Code: UA
Registrant Phone Number: +380.48463815
Registrant Email:
(e-mail address removed)
Administrative Contact ID: GODA-25678888
Administrative Contact Name: Sergey
Zaporozhec
Administrative Contact Organization: Unknown
Administrative Contact Address1: Zhuljany 14
fl5
Administrative Contact City: Lvov
Administrative Contact State/Province: UA
Administrative Contact Postal Code: 13729
Administrative Contact Country: Ukraine
Administrative Contact Country Code: UA
Administrative Contact Phone Number: +380.48463815
Administrative Contact Email:
(e-mail address removed)

can anybody help to get this off my system?

JON S.
Click to expand...
 
Top