startup triggers rogue website

P

Paulo

Hi
Everytime i boot Windows 2000, and upon booting IE6 i now
obtain a "find" subwindow pointing to a
website "searchxl.com" -- if i close this, a new instance
of the browser covers the screen, and i can't get rid of
it unless i delete IE6 in TaskManager.

Question: how do i get rid of the script that is causing
this behavior of IE6 at startup, and that also changes the
Registry settings.

It seems that this is virus/trojan, but McAfee doesnt
register this.

In advance, thanks.
Paul
 
F

Frank Saunders, MS-MVP IE/OE

Paulo said:
Hi
Everytime i boot Windows 2000, and upon booting IE6 i now
obtain a "find" subwindow pointing to a
website "searchxl.com" -- if i close this, a new instance
of the browser covers the screen, and i can't get rid of
it unless i delete IE6 in TaskManager.

Question: how do i get rid of the script that is causing
this behavior of IE6 at startup, and that also changes the
Registry settings.

It seems that this is virus/trojan, but McAfee doesnt
register this.

In advance, thanks.
Paul
Click to expand...

First eliminate any scumware.
See
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Note that AdAware and SpyBot S & D will each catch some things the other
won't. Also, each need to be updated before every use, even when just
downloaded. There's also a lot more to do than just those two programs.

If trying everything at that site does not fix the problem please post back
in the same thread.

--
Frank Saunders, MS-MVP IE/OE
http://www.fjsmjs.com
Reply to Newsgroup. I won't answer email
Protect Your PC
http://www.microsoft.com/security/protect/
 
P

Paulo

Hi Frank;

I went to the suggested website, and spent prodigious
amount of time there. I installed WinPatrol and Qwik-Fix
to detect startup behavior. Unfortunately the problems
persist.

Very well, here is what i did.
(1) entered the offending website (www.searchxl.com) to
the blocked security zone.
(2) cleaned the registry of all references to Searchxl.com
(3) rebooted... and at first i do NOT get the offending
website, but the <FIND> section within the browser is
blank (and i would like to get rid of this). Fine: i
click close the <Find> subsection.
(4) After a brief time WinPatrol kicks in stating that
there is an attempt to change IE settings, and asks
whether or not to launch an instance of SEARCHXL.com (the
options are a bit terrible here -- both implying that
searchxl.com is ok...

I don't see any startup software that looks suspicious.
Here is a list:
SynchManager (mobsync.exe)
WinFax (symantec... ok)
LoadQM (loadqm.exe)
TkBellExe (evntsvc.exe -osboot)
some McAfee programs
SystemSearch(system.reg)
WebWasher(wwasher.exe)
Unknown Title PowerReg Scheduler.exe

I would appreciate any feedback.

In advance, thanks
Paulo
 
F

Frank Saunders, MS-MVP IE/OE

Paulo said:
Hi Frank;

I went to the suggested website, and spent prodigious
amount of time there. I installed WinPatrol and Qwik-Fix
to detect startup behavior. Unfortunately the problems
persist.

Very well, here is what i did.
(1) entered the offending website (www.searchxl.com) to
the blocked security zone.
(2) cleaned the registry of all references to Searchxl.com
(3) rebooted... and at first i do NOT get the offending
website, but the <FIND> section within the browser is
blank (and i would like to get rid of this). Fine: i
click close the <Find> subsection.
(4) After a brief time WinPatrol kicks in stating that
there is an attempt to change IE settings, and asks
whether or not to launch an instance of SEARCHXL.com (the
options are a bit terrible here -- both implying that
searchxl.com is ok...

I don't see any startup software that looks suspicious.
Here is a list:
SynchManager (mobsync.exe)
WinFax (symantec... ok)
LoadQM (loadqm.exe)
TkBellExe (evntsvc.exe -osboot)
some McAfee programs
SystemSearch(system.reg)
WebWasher(wwasher.exe)
Unknown Title PowerReg Scheduler.exe

I would appreciate any feedback.

In advance, thanks
Paulo
Click to expand...

What did they say at
http://www.spywareinfo.com/forums/
after you posted your HijackThis log there?

--
Frank Saunders, MS-MVP IE/OE
http://www.fjsmjs.com
Reply to Newsgroup. I won't answer email
Protect Your PC
http://www.microsoft.com/security/protect/
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IE hijacked by another website 2
Connect to.. ad servers on website 1
My browser is hijacked on startup! 6
Does not boot consistently - Not All Startup Tasks Load 7
Top 5 Free Single File Online Virus Scan Services 1
configuration warning at startup 14
Font loss on startup 3
Regsvr.exe locks me out of task manager and regedit 7

Top