IE homepage setting

[willowyang]

An website not only set the first page to be my homepage automatically without my permission, but also disable all the 3 buttons for change the homepage setting under IE - Tools - Internet Options - Homepage. I tried Repair IE from Control Panel, it's still there. I even tried kill the all registry keies related this website, still can't fix it. Please help me.

My OS is Win98. and I'm using IE 6.0. I didn't download or accept anything from that web. I don't know what tech they use on that web, but it's really rude and disgusting. I never have the mood to visit that website, just want get rid off it.

The website address is: (edited by mod temporarily)

 

[TonyKlein]

Hi,

First do this (quick and dirty):

Close Internet Explorer and Outlook Express


Download the attached Remove.txt, rename it to (save as) Remove.reg, and doubleclick it.
Answer 'yes' when you're asked whether you'd like to have the contents of your reg file merged into the registry, and your restrictions ought to be removed.

Now reboot.

Now to Control Panel/Internet Options, and clear your temporary Internet files.
Now click on Settings/show files, and delete your cookies.
Or, if you're running IE 6.0, delete your cookies on the Privacy tab.

Next, Now click OK, close Msconfig, and reboot.

Now open Internet Explorer, and go to your favorite Start Page.
Go to Internet Options, General tab, and click 'Use current'.

Good luck,

 

[Davey7549]

Willowjang
Sorry I requested the web address removed but the site in question will download a malicious script onto any bodys computer that does not have script blocking.
The Item it tries to download is listed in this website.
http://securityresponse.symantec.com/avcenter/venc/data/js.exception.exploit.html

Dave

 

[TonyKlein]

Thanks Dave.

So it would be a very good idea to have the computer scanned on line at <A HREF="http://housecall.antivirus.com/">Trend Micro HouseCall </A> first, I guess.

 

[Davey7549]

Tony
Yes. Anyone that check that site and does not have active malicious script blocking would never know that trojan has entered until they would of scanned. It set iteself up in the IE5 temp folder for action. Here is what happened.

Upon entry received notice of install on demand the usual stuff.
Said no. Another popup could not install, ok.
Next received alert from Norton malicious script detected stopped drive activity, do you want to quarintine "JS.Exception.exploit"
1) tried repair--- could not
2) try quarintine--could not
3) try delete---could not

Item was located in c:\windows\temp internet file\IE5

Had to try ctrl,alt,del to end web page which partially took and then was able to quarintine which it is now.

Sneeky little devil!

Hope that helps others.
Dave

 

[Davey7549]

Another curiosity. Followed links to Microsoft from the Symantec
article and found all the updates suggested for security vunerablities. Double checked my system and all security patchs are in order and all updates have been complete for awhile and no others are available. I am a little confused how this can happen. Maybe someone can explain the mechanics of it to me.
Dave

 

[TonyKlein]

Well, in this case it didn't infect your system, because Norton wouldn't let it.

So the patch didn't get a chance to 'kick in' so to speak, I guess.

The security patch won't stop it from getting into your Temporary Internet files, but presumably it prevents it from doing any real damage, like changing your home page or altering your Registry in any other way.

 

[Davey7549]

Tony
Thanks for the info. Sure makes one think why people do not have any or minimal protection on their systems. Before it was just E-mail attachments and now it webpages with no action done by the viewer other than to go there. Such a shame its gotten to that.
Thanks again for the explaination. Running a full virus scan as we talk just to make sure.
Dave

 

[ezymony]

i clicked on the link myself to see what it was didnt get any warnings from av ran housecall didnt find anything maybe i wasnt there long enough .......i hope

 

[Davey7549]

ezymony
As Tony mentioned above the security patches that you apparently have downloaded have protected you from the invasion. I also ran a full virus scan of my system with Norton onboard and found the only reference to the .exploit script was in my recycle bin, which I promptly deleted. Just think of the poor souls who do not keep their systems up to date and do not have antivirus scanners onboard and up to date.
Dave