[Antigrok]

When I do a search through the IE6 address bar, the default search now goes to Orbitz Explorer - a completely useless ad-based search engine. How can I get this off my computer? I tried to change my internet search preferences, but it does nothing. I noticed that under [System information\ System Summary\ Internet settings\ Internet Explorer\ Cache\ List of Objects] there is this line:

Loader Class.......Installed........http://www.orbitexplorer.com/OELoader.cab

I have no idea where I got this. I have never used Orbitz or been to their site. There were also several other nice little things that came with this such as a change of my start page to Orbitz Explorer and tons of ad ware. Those were no problem, but I have no idea how to fix the search feature. I've been using Spybot on these things. Is there something better?

Also, is there anywhere I can report this or at least strike a blow against these criminals ( in my eyes, they came into my home and changed the settings on my computer, stealing something I use on a regular basis)?

[TonyKlein]

Hi, and welcome to the board.

It's the Notorious Xupiter Orbitexplorer foistware.

Do this:

Download Spybot - Search & Destroy

It looks for spyware, but also targets dialers, keyloggers, and other nasties, and it's freeware.
It deals with all versions of Xupiter without a prob.

After installing, first press Online, and search for, put a check mark at, and install all updates.

Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds.

NOTE: SSD will sometimes not be able to remove all active components in the first 'run'.
In that case you will get a dialog asking you to run SSD at next start.
Click yes and reboot.
Subsequently SSD will come up before the system puts these components 'in use', and it will then be able to 'fix' the rest.


As to why you got hit, it's because your security settings are too lax.

Here are three recommendations:

1) Watch what you download!

2) Go to IE > Tools > Windows Update > Product Updates, and install ALL Critical Updates listed.

3) Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

In the ActiveX section, set the first three options ("Download signed and unsigned ActiveX controls", and 'Initialize and Script ActiveX controls not marked as safe") to prompt.

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.

Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.


And some more advice:

4) Install Javacool's SpywareBlaster

It will protect you from all spy/foistware in it's database by blocking installation of their ActiveX objects.

Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "select all", then "kill all checked", and you're done.

The spyware that you told Spywareblaster to set the "kill bit" for wont be a hazard to you any longer.

Don't forget to check for updates every week or so.

There's a small board at Wilderssecurity as well.

It won't protect you from every form of spyware known to man, but it is a very potent extra layer of protection.

BTW, SpyBot Search and Destroy has an Immunize feature which works roughly the same way.

It can't hurt to use both.

[steamwiz]

Hi Antigrok

Please Download hijackthis

http://www.spywareinfo.com/downloads.php#det

Unzip, doubleclick HijackThis.exe, and hit "Scan".

After the scan has finished the "scan" button will turn into a "save log" button

save the log file and paste it here

PLEASE NOTE: A small help file for HijackThis is located at http://tomcoyote.org/hjt

steam

Edit - all yours Tony - in his post he says he's already used spybot

[TonyKlein]

Quote:

Originally posted by steamwiz:
in his post he says he's already used spybot

I overlooked that.

However, SpyBot removes Orbitexplorer without a prob, which leads me to believe SB hasn't been updated.

Do check whether you have the latest version, and update it as we explained.

Good luck,

[TonyKlein]

But, I hasten to add, after doing that, let's have that Hijack This log anyway, to see whether anything as been overlooked.

[Antigrok]

This is a great site. It's the only place I've been where someone has seemed eager to help. Thanks guys. I'll be sending a donation soon because I will be back in the future.


I updated IE6, I updated Spybot and ran S&D. Orbitz is still hanging around like a bed-time hot dog. I also downloaded Hijack This. Here is the log file (I feel so exposed):


Logfile of HijackThis v1.93.0
Scan saved at 3:07:11 AM, on 04/22/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.sureseeker.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=212
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.sureseeker.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.sureseeker.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=212
R3 - URLSearchHook: OESearchHook Class - {341FB59F-3507-443b-8147-423B4E3B2B15} - C:\Program Files\Common Files\OE\search.dll
O2 - BHO: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\Program Files\Common Files\OE\toolbar.dll
O2 - BHO: (no name) - {D48F2E28-68E2-4920-9848-D6E6C7AB3EB7} - C:\Program Files\Common Files\OE\redirector.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\dnlocke\Desktop\FreeRAM XP Pro 1.30.exe" -win
O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: 3Com Modem Manager.lnk = C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: Win32 Classes -
O16 - DPF: {10A1B95D-5E35-4935-8BC3-D43E81E8105E} - http://www.sexdialer.com/dialers/clbmn2.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...669.1341319444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D7B3E460-9968-4191-BD6F-BEED1BC18482} (Loader Class) - http://www.orbitexplorer.com/OELoader.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yaho...bio5_0_2_7.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.getweathercast.com/WeatherAutoCAST0010.cab



I seem to also have a sex thing on there that I don't want (he said, blushing). Also the "getweathercast" is not something I asked for.

[TonyKlein]

All right.

Run Hijack This, and check ALL of the items in bold. Doublecheck so as to be sure not to miss a single one.
Next, shut down all browser Windows, and have HT fix all checked.

Reboot when you're done. This will fix your problem.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.sureseeker.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=212
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.sureseeker.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.sureseeker.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=212


R3 - URLSearchHook: OESearchHook Class - {341FB59F-3507-443b-8147-423B4E3B2B15} - C:\Program Files\Common Files\OE\search.dll

O2 - BHO: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\Program Files\Common Files\OE\toolbar.dll
O2 - BHO: (no name) - {D48F2E28-68E2-4920-9848-D6E6C7AB3EB7} - C:\Program Files\Common Files\OE\redirector.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - (no file)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O16 - DPF: Win32 Classes -
O16 - DPF: {10A1B95D-5E35-4935-8BC3-D43E81E8105E} - http://www.sexdialer.com/dialers/clbmn2.exe
O16 - DPF: {D7B3E460-9968-4191-BD6F-BEED1BC18482} (Loader Class) - http://www.orbitexplorer.com/OELoader.cab
O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http//www.getweathercast.com/WeatherAutoCAST0010.cab

Good luck,

[Antigrok]

Just did an address bar search, and it used Google. Seems all the Orbitz scum is gone.


Let me say again, this is the fastest, most efficient help I have ever gotten on a computer-related subject. I think I could have saved a lot of hair if I would have known about this site earlier.


Thanks again and keep up the good work.

[TonyKlein]

You're welcome!

Glad that worked for you.

[carltasha]

sometimes with when Spybot cant get it , dont say yes to "run this next time I boot " , say no , reboot and rerun spybot .

[Antigrok]

I don't know if this is a result of something we did here, but this just started this morning after I performed the fixes. When I right click on a link and select 'open in new window' or click on a link with target="_blank" in the a href tag, IE opens a new window that is completely blank - no address, no status bar messages, title reads only Microsoft Internet Explorer (these are links to html pages - not java). I waited just to make sure it wasn't just loading slowly, but nothing is happening. Could this be a result of a mistake in my previous problem fix?

I updated IE6 last night, but I found nothing on Microsoft's support page about anyone else reporting this problem.

[TonyKlein]

Try this:

Go to Start - Run, and type each line below separately, then press OK:

regsvr32 Shdocvw.dll
regsvr32 Oleaut32.dll
regsvr32 Actxprxy.dll
regsvr32 Mshtml.dll
regsvr32 Msjava.dll
regsvr32 Browseui.dll
regsvr32 Urlmon.dll
regsvr32 Shell32.dll

Note: you should see a brief message after each entry that the dll has been successfully registered.

Now reboot, test IE, and repost with your results.

Good luck,

[Antigrok]

Works perfectly now.

[TonyKlein]

Excellent!

[beekm]

i've scoured this post, since i have a similar problem. lycos is the culprit, though, not orbitz.

i ran 'hijack this' and went through the log, deleting things i knew i didn't want. but i don't understand a lot of the lingo. could someone explain why TonyKlein had Antigrok delete what he did? specifically, i'm having trouble deciding which O4s and O16s are harmful.

thanks in advance.