Martin said:The message from the log is:
Internet Explorer URL for Search Assistant has been
blocked from being changed from http://ie.search.msn.com/
{SUB_RFC1766}/srchasst/srchcust.htm to
http://www.allcybersearch.com/ie/. This URL is in the
user's blocked Internet Explorer URL list.
The setting in the browser hijack seetings is:
Search Page
This is the default search engine when you click the
Search button in Internet Explorer.
Current setting: http://g.msn.com/0SEENUS/SAOS01?
FORM=TOOLBR
Restore setting to:
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Internet Explorer default setting:
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Technical Details:
Registry location:
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main [Search Page]
Thanks again.-----Original Message-----
VNC is fine as long as you are aware that it is in place, have it protected
by a password, and, ideally, not open through a firewall or not running the
server piece unless it is in active use.
Can you give the message you are seeing at startup as precisely as possible?
I'm wondering whether this is just a mixup with the Microsoft Antispyware IE
URL controls--have you looked to see exactly what URL's are set in Tools,
advanced tools, browser hijack settings restore?
--
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt
.
-----Original Message-----
One possibility is the critter described in this write-up:
http://www.doxdesk.com/parasite/TinyBar.html
See whether you find entries that match one of the variants described here,
and, if possible, follow the manual removal steps indicated.
--
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt
The message from the log is:
Internet Explorer URL for Search Assistant has been
blocked from being changed from http://ie.search.msn.com/
{SUB_RFC1766}/srchasst/srchcust.htm to
http://www.allcybersearch.com/ie/. This URL is in the
user's blocked Internet Explorer URL list.
The setting in the browser hijack seetings is:
Search Page
This is the default search engine when you click the
Search button in Internet Explorer.
Current setting: http://g.msn.com/0SEENUS/SAOS01?
FORM=TOOLBR
Restore setting to:
http://www.microsoft.com/isapi/redir.dll? prd=ie&ar=iesearch
Internet Explorer default setting:
http://www.microsoft.com/isapi/redir.dll? prd=ie&ar=iesearch
Technical Details:
Registry location:
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main [Search Page]
Thanks again.place,-----Original Message-----
VNC is fine as long as you are aware that it is in
have it protectedby a password, and, ideally, not open through a firewall or not running the
server piece unless it is in active use.
Can you give the message you are seeing at startup as precisely as possible?
I'm wondering whether this is just a mixup with the Microsoft Antispyware IE
URL controls--have you looked to see exactly what URL's are set in Tools,
advanced tools, browser hijack settings restore?Martin said:I tried running the scan in safe mode but it ran cleanly
except for VNC. I'll try to quarantine that and see but I
doubt this is the problem.
My browser search page still gets hijacked each time I
restart my computer.
Any more ideas? Really appreciate your help.
-----Original Message-----
Restart the machine, tapping the F8 key regularly before
anything graphic
from Windows appears on the screen. You should get a
boot menu, choose safe
mode.
This disables from startup third-party services and
drivers. This may well
mean that some startup item, which is causing the attempt
to re-hijack your
home page, will not be started. That gives Microsoft
Antispyware, or your
antivirus, a better shot at cleaning it properly.
In a perfect world, Microsoft Antispyware should identify
properly the
running processes related to such things, stop them, and
then remove the
code involved both from the startup locations and the
disk. In practice, it
doesn't always succeed at this. Scanning in safe mode is
often successful
where Microsoft Antispyware has identified a bug, says it
is cleaning it, or
has cleaned it, but the bug reappears on a successive
boot, even without an
Internet connection present.
--
FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt
message
Yes, it runs clean except for a couple of warnings
(RealVNC and Bearshare which is a veru old version
before
they added in the ads). What do you mean about running
in
safe mode? How and why? Thx.
-----Original Message-----
Have you tried scanning twice (until a full scan comes
through clean) in
safe mode?
--
FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt
message
Each time I start up I get the pop up messages saying
spyware has blocked my search page from being changed
to
allcybersearch.com. What is trying to hijack my
search
page?
.
.
.
.
Martin said:Success! I didn't find any of the abhorent register
entries, but upon following the steps to remove the
hijacker, it seemed to do the trick. The only thing I did
was:
Hijacker removal
Before the settings can be restored you must remove the
hijacker that is run on every restart. In the registry
(Start->Run->regedit), find the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run and remove any entries of the form 'regedit /s
C:\Windows\System\sp.dll'. Then delete sp.dll (or sp.reg)
in the System folder. Then use Reset Web Settings to get
the normal search page back.
...And it worked - I now get clean start-up with no
messages from MS Anti-Spyware.
Thanks for your patience (and apologies for those people
who find it necessary to be abusive).
Martin
-----Original Message-----
One possibility is the critter described in this write-up:
http://www.doxdesk.com/parasite/TinyBar.html
See whether you find entries that match one of the variants described here,
and, if possible, follow the manual removal steps indicated.
--
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt
The message from the log is:
Internet Explorer URL for Search Assistant has been
blocked from being changed from http://ie.search.msn.com/
{SUB_RFC1766}/srchasst/srchcust.htm to
http://www.allcybersearch.com/ie/. This URL is in the
user's blocked Internet Explorer URL list.
The setting in the browser hijack seetings is:
Search Page
This is the default search engine when you click the
Search button in Internet Explorer.
Current setting: http://g.msn.com/0SEENUS/SAOS01?
FORM=TOOLBR
Restore setting to:
http://www.microsoft.com/isapi/redir.dll? prd=ie&ar=iesearch
Internet Explorer default setting:
http://www.microsoft.com/isapi/redir.dll? prd=ie&ar=iesearch
Technical Details:
Registry location:
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main [Search Page]
Thanks again.
-----Original Message-----
VNC is fine as long as you are aware that it is in place,
have it protected
by a password, and, ideally, not open through a firewall
or not running the
server piece unless it is in active use.
Can you give the message you are seeing at startup as
precisely as possible?
I'm wondering whether this is just a mixup with the
Microsoft Antispyware IE
URL controls--have you looked to see exactly what URL's
are set in Tools,
advanced tools, browser hijack settings restore?
--
FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt
+
message
I tried running the scan in safe mode but it ran cleanly
except for VNC. I'll try to quarantine that and see
but I
doubt this is the problem.
My browser search page still gets hijacked each time I
restart my computer.
Any more ideas? Really appreciate your help.
-----Original Message-----
Restart the machine, tapping the F8 key regularly before
anything graphic
from Windows appears on the screen. You should get a
boot menu, choose safe
mode.
This disables from startup third-party services and
drivers. This may well
mean that some startup item, which is causing the
attempt
to re-hijack your
home page, will not be started. That gives Microsoft
Antispyware, or your
antivirus, a better shot at cleaning it properly.
In a perfect world, Microsoft Antispyware should
identify
properly the
running processes related to such things, stop them, and
then remove the
code involved both from the startup locations and the
disk. In practice, it
doesn't always succeed at this. Scanning in safe mode
is
often successful
where Microsoft Antispyware has identified a bug, says
it
is cleaning it, or
has cleaned it, but the bug reappears on a successive
boot, even without an
Internet connection present.
--
FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt
message
Yes, it runs clean except for a couple of warnings
(RealVNC and Bearshare which is a veru old version
before
they added in the ads). What do you mean about
running
in
safe mode? How and why? Thx.
-----Original Message-----
Have you tried scanning twice (until a full scan comes
through clean) in
safe mode?
--
FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt
in
message
Each time I start up I get the pop up messages
saying
spyware has blocked my search page from being
changed
to
allcybersearch.com. What is trying to hijack my
search
page?
.
.
.
.
-----Original Message-----
Terrific. Thanks for persisting. Newsgroups attract the users who are
having trouble--either with their machines or with the software. It's easy
to act out of that stress in the impersonal medium of these groups in
abusive ways. And it's just as easy for me to let it roll off. I know that
the hardware, the software, and I are none of us perfect, but I know from my
own long experience in the newsgroups that this is a useful medium for
learning things and getting technical information across, and I like
participating in that process.
--
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt
Success! I didn't find any of the abhorent register
entries, but upon following the steps to remove the
hijacker, it seemed to do the trick. The only thing I did
was:
Hijacker removal
Before the settings can be restored you must remove the
hijacker that is run on every restart. In the registry
(Start->Run->regedit), find the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run and remove any entries of the form 'regedit /s
C:\Windows\System\sp.dll'. Then delete sp.dll (or sp.reg)
in the System folder. Then use Reset Web Settings to get
the normal search page back.
...And it worked - I now get clean start-up with no
messages from MS Anti-Spyware.
Thanks for your patience (and apologies for those people
who find it necessary to be abusive).
Martin
-----Original Message-----
One possibility is the critter described in this write- up:
http://www.doxdesk.com/parasite/TinyBar.html
See whether you find entries that match one of the variants described here,
and, if possible, follow the manual removal steps indicated.
--
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt
The message from the log is:
Internet Explorer URL for Search Assistant has been
blocked from being changed from http://ie.search.msn.com/
{SUB_RFC1766}/srchasst/srchcust.htm to
http://www.allcybersearch.com/ie/. This URL is in the
user's blocked Internet Explorer URL list.
The setting in the browser hijack seetings is:
Search Page
This is the default search engine when you click the
Search button in Internet Explorer.
Current setting: http://g.msn.com/0SEENUS/SAOS01?
FORM=TOOLBR
Restore setting to:
http://www.microsoft.com/isapi/redir.dll? prd=ie&ar=iesearch
Internet Explorer default setting:
http://www.microsoft.com/isapi/redir.dll? prd=ie&ar=iesearch
Technical Details:
Registry location:
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main [Search Page]
Thanks again.
-----Original Message-----
VNC is fine as long as you are aware that it is in place,
have it protected
by a password, and, ideally, not open through a firewall
or not running the
server piece unless it is in active use.
Can you give the message you are seeing at startup as
precisely as possible?
I'm wondering whether this is just a mixup with the
Microsoft Antispyware IE
URL controls--have you looked to see exactly what URL's
are set in Tools,
advanced tools, browser hijack settings restore?
--
FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt
+
message
I tried running the scan in safe mode but it ran cleanly
except for VNC. I'll try to quarantine that and see
but I
doubt this is the problem.
My browser search page still gets hijacked each time I
restart my computer.
Any more ideas? Really appreciate your help.
-----Original Message-----
Restart the machine, tapping the F8 key regularly before
anything graphic
from Windows appears on the screen. You should get a
boot menu, choose safe
mode.
This disables from startup third-party services and
drivers. This may well
mean that some startup item, which is causing the
attempt
to re-hijack your
home page, will not be started. That gives Microsoft
Antispyware, or your
antivirus, a better shot at cleaning it properly.
In a perfect world, Microsoft Antispyware should
identify
properly the
running processes related to such things, stop them, and
then remove the
code involved both from the startup locations and the
disk. In practice, it
doesn't always succeed at this. Scanning in safe mode
is
often successful
where Microsoft Antispyware has identified a bug, says
it
is cleaning it, or
has cleaned it, but the bug reappears on a successive
boot, even without an
Internet connection present.
--
FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt
message
Yes, it runs clean except for a couple of warnings
(RealVNC and Bearshare which is a veru old version
before
they added in the ads). What do you mean about
running
in
safe mode? How and why? Thx.
-----Original Message-----
Have you tried scanning twice (until a full scan comes
through clean) in
safe mode?
--
FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt
in
message
Each time I start up I get the pop up messages
saying
spyware has blocked my search page from being
changed
to
allcybersearch.com. What is trying to hijack my
search
page?
.
.
.
.
.
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.