1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

IE default search page runs malicious script – ‘about:blank’ responsible?

Discussion in 'Web & Email' started by basic, Oct 4, 2002.

Thread Status:
Not open for further replies.
Advertisement
  1. basic

    basic Thread Starter

    Joined:
    Oct 4, 2002
    Messages:
    2
    First time poster long time lurker here…

    I’d like to start out by saying thanks to all you nice people out there on the Tech Support Guy forums. I’ve found these pages to be an invaluable resource (particularly when an aborted installation of the bundled malware in Kazaa screwed up Winsock 32 and left me without TCP/IP functionality)…

    I’ve done a couple of searches and can’t find any topics that cover the problem I am currently trying to deal with. My IE default search page appears to have been set to one of those sites that redirects to Yahoo! (or whatever) after creating a ‘hidden’ secondary browser instance for serving pop-up ads. I’m guessing that this happened due to the ActiveX controls defaulting back to “leave as many security holes open as possible” when I last upgraded IE. I rarely use the default search page, so this could have gone unnoticed for months.

    Anyway, when I click the search button on the IE toolbar I get the regular search sidebar - but with the aforementioned secondary browser instance running in the background. I have Norton Anti-Virus installed, and an alert appears onscreen telling me that IEXPLORE.EXE is attempting to call on the ‘RegWrite’ method (which I’m guessing writes a value to / somehow changes the Registry) as soon as the sidebar has loaded. I have not allowed the script to run, because I don’t particularly want anything else to be changed around on me.

    Here’s where it gets weird: I took a look with RegEdit, and as far as I can tell the default search page is set to ‘about:blank’. Could about:blank have been altered or replaced so that it runs this script? Or is something else going on?


    I’m running Win98 and IE6. Ad-Aware and SpyBot have both failed to address this problem. Norton Anti-Virus alerts me when the script tries to call RegWrite, but does not identify it otherwise. I can run StartupList when I get home (I’m in work right now) and post the results if anyone thinks that might be useful.

    Thanks!
     
  2. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    first Ill tell you that about:blank is not responsible. This opens a completely empty, blank, instance of IE. about:Hello opens a page with the word hello.
     
  3. ddraigcoch

    ddraigcoch

    Joined:
    Mar 3, 2001
    Messages:
    373
    Can I suggest you run Hijack This from http://www.lurkhere.com/~nicefiles/. If that doesn't solve it, then download Start Up List from the same place, and copy and paste the log contents for us to ascertain what's going on.
     
  4. basic

    basic Thread Starter

    Joined:
    Oct 4, 2002
    Messages:
    2
    I've attached a screenshot of the Norton script warning I get whenever the search button in IE is clicked.

    Also, the search page that gets loaded is:
    Code:
    http://216.65.3.68/search/search.php
    .

    216.65.3.68 resolves to a 'Websearch123' page (note that if you put in the search/search.php you'll have the same script attempt to run...so don't do it unless you have a virus scan up).
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/98294

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice