I use Internet Explorer 6.0 and WIN XP Pro. Recently after a visit to a few web sites, I cannot any longer launch Internet Explorer and get my home page. Instead the home page defaults to an advertising search page that I do not want and do not choose. Obviously, some code has been added/modified on my PC to force the offending parties home page to come up. How do I rid this problem and return to the home page of MY choice. Also, this offending party has added bookmarks that I delete and then which return when the Internet Explorer is relaunched. How do I get rid of this crap?
My Home page has been abducted.
- Thread starter inquiring
- Start date
-
- Tags
- Hard Drives Windows XP
rubikian
Distinguished
- May 20, 2002
- 557
- 0
- 18,980
Some stray programs must have been installed in your PC. Try to see if you got the internet optimizer and active alert installed in your add/remove programs. These 2 always come when I try to download cracks and program pathes... Or any other programs that looked alien to you.
If you know how to hack the registry editor (type regedit in run dialog box), you can also search for that website and replace with your homepage's. But don'tmess up with the registry editor if you don't know how...it will corrupt your windows.
If you know how to hack the registry editor (type regedit in run dialog box), you can also search for that website and replace with your homepage's. But don'tmess up with the registry editor if you don't know how...it will corrupt your windows.
Jake_Barnes
Splendid
- Feb 6, 2003
- 8,726
- 0
- 30,780
Your web pg has been highjacked by malware/spyware - some nasty stuff. The reason it reverts back to the ad pages on reboot is that the program has made some registry enteries that undo what you try to change back.
There are fixes! Two utilities that eliminate these programs and protect your system from future attacks are <A HREF="http://www.pcworld.com/downloads/file_description/0,fid,22262,00.asp" target="_new">Spybot Search and Destroy</A> and <A HREF="http://download.com.com/3000-2144-10214379.html?tag=pop" target="_new">Ad-aware</A>.
I recommend downloading and installing both. Run Spybot in the advance mode - it can/will detect the improper registry enteries and eliminate them. Ad-aware is similar and sometimes catches spyware that Spybot misses. Most people here use both. Keep them updated and current - they block these "drive by" highjackings of your web pages.
And watch what pages you visit - some of adult stuff can have some pretty nasty code embedded.
/Edit: If I had to chose one - I'd use Spybot - it's more advanced in my opinion. Run update in advanced mode and run Immunize to block these spyware prgms.
<b> ...more people are driven insane through religious hysteria than by drinking alcohol - W.C. Fields </b><P ID="edit"><FONT SIZE=-1><EM>Edited by Jake_Barnes on 01/12/04 09:57 AM.</EM></FONT></P>
There are fixes! Two utilities that eliminate these programs and protect your system from future attacks are <A HREF="http://www.pcworld.com/downloads/file_description/0,fid,22262,00.asp" target="_new">Spybot Search and Destroy</A> and <A HREF="http://download.com.com/3000-2144-10214379.html?tag=pop" target="_new">Ad-aware</A>.
I recommend downloading and installing both. Run Spybot in the advance mode - it can/will detect the improper registry enteries and eliminate them. Ad-aware is similar and sometimes catches spyware that Spybot misses. Most people here use both. Keep them updated and current - they block these "drive by" highjackings of your web pages.
And watch what pages you visit - some of adult stuff can have some pretty nasty code embedded.
/Edit: If I had to chose one - I'd use Spybot - it's more advanced in my opinion. Run update in advanced mode and run Immunize to block these spyware prgms.
<b> ...more people are driven insane through religious hysteria than by drinking alcohol - W.C. Fields </b><P ID="edit"><FONT SIZE=-1><EM>Edited by Jake_Barnes on 01/12/04 09:57 AM.</EM></FONT></P>
Ive used AD-AWARE and Spybot Search and Destroy for the last year. I got both from grc.com-a terrific site. However, I ran both immediately after my home page was hijacked and nothiing changed-however I did not run Spybot on Advanced mode. maybe both programs have to be run 3 or 4 times to clean out the malicious code? Is there any way I can go into my XP registry and remove the bad code direclty?
Thank you again.
Thank you again.
Jake_Barnes
Splendid
- Feb 6, 2003
- 8,726
- 0
- 30,780
Yes - run>regedit ... but I don't know where the enteries are, sorry.
Try to run Spybot in Advanced mode & read the FAQ/instructions - very helpful.
<b> ...more people are driven insane through religious hysteria than by drinking alcohol - W.C. Fields </b>
Try to run Spybot in Advanced mode & read the FAQ/instructions - very helpful.
<b> ...more people are driven insane through religious hysteria than by drinking alcohol - W.C. Fields </b>
Jake_Barnes
Splendid
- Feb 6, 2003
- 8,726
- 0
- 30,780
Have you checked msconfig to see if there are any strange pgms loading at start-up. Try disabling what you don't recognize and see if that helps.
<b> ...more people are driven insane through religious hysteria than by drinking alcohol - W.C. Fields </b>
<b> ...more people are driven insane through religious hysteria than by drinking alcohol - W.C. Fields </b>
Scan Regedit for the HTTP://xxx.xxx.x.x number from the new home page. I found three of them. I cleaned the registry and all was well until I did a cold boot, then the problem child was back.
I gave up and went to the bottom of the webpage for the undesireable search engine. Their cleaner.exe did get rid of the homepage default problem, but what else it did is anybody's guess.
ZoneAlarm has not loaded properly since even after uninstall and reinstall of ZA.
I'm very likely to do a format and reinstall after backing up the files I trust.
Every working computer must be improved .... or replaced ...
<A HREF="http://www.grid.org/services/teams/team.htm?id=510E6639-84A1-465D-A914-07BDB039E379" target="_new">Join the THG Team.</A>
I gave up and went to the bottom of the webpage for the undesireable search engine. Their cleaner.exe did get rid of the homepage default problem, but what else it did is anybody's guess.
ZoneAlarm has not loaded properly since even after uninstall and reinstall of ZA.
I'm very likely to do a format and reinstall after backing up the files I trust.
Every working computer must be improved .... or replaced ...
<A HREF="http://www.grid.org/services/teams/team.htm?id=510E6639-84A1-465D-A914-07BDB039E379" target="_new">Join the THG Team.</A>
rubikian
Distinguished
- May 20, 2002
- 557
- 0
- 18,980
Ok...it's a coincident that my friend's PC also got this problem yesterday. So, I searched through the registry for the website. Found it (in fact many keys) but I didn't delete it first but later. I check what's the content and saw a string key refering to bmeb.dll. I did a search in his PC and found it to be reside in system32 folder. Can't delete it coz it says windows is using the file. Not even in safe mode. Too bad that he's using NTFS and I can't read it in dos. So I create a batch file to delete that file. Put it in startup list. Reboot the PC and the file is deleted. Now, the problem goes away.
Not sure if your case can be fix the same way coz here are many types of these spyware and they "spy" differently...
Not sure if your case can be fix the same way coz here are many types of these spyware and they "spy" differently...
rubikian
Distinguished
- May 20, 2002
- 557
- 0
- 18,980
Forgot to mention that the batch file was created in notepad then rename it to .bat (FYI). the content is simple, just:
del c:\windows\system32\bmeb.dll
then save it as delete.bat.
Add the line in registry:
Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run
Add the string value:
Anyname (whatever you choose)
and the data as
delete.bat
del c:\windows\system32\bmeb.dll
then save it as delete.bat.
Add the line in registry:
Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run
Add the string value:
Anyname (whatever you choose)
and the data as
delete.bat
Went into the registry and found (4) URLs of the violating home page...which I deleted after running advanced Spy Bot Search. Now, that page doesnt come up as my home page but another does-Also, this spyware crap automatically times itself to come up with another home page that is sexual in nature and automaticcaly launches Internet Explorer.
f--k! Who lets these losers out of their cage? BTW Internet Explorer cannot be removed as it is an integral part of WIN XP-this is per Microsoft. So, if I go back into my registry and cannot get rid of this friggin control I will just back up my data and reformat and reinstall my OS. Cant beleive I cant get rid of this crap given that I run 2 firewalls set to max security and run AD-AWARE and SPY-BOT advanced. Anyone else go any other ideas? BTW MY Mozilla browser is completley unaffected.
f--k! Who lets these losers out of their cage? BTW Internet Explorer cannot be removed as it is an integral part of WIN XP-this is per Microsoft. So, if I go back into my registry and cannot get rid of this friggin control I will just back up my data and reformat and reinstall my OS. Cant beleive I cant get rid of this crap given that I run 2 firewalls set to max security and run AD-AWARE and SPY-BOT advanced. Anyone else go any other ideas? BTW MY Mozilla browser is completley unaffected.
You can be sure that I will not ever use MS Internet Explorer again--its got more security holes than rotten swiss cheese and I cannot accept uninstalling my ENTIRE OS because my browser has been hijacked--Ill use Mozilla and finish my Linux box. The invading search home page keeps returning even though Ive deleted all of references to it from my WIN XP registry--also, the browser launches itself spontaneously and adds bookmarks that when deleted reappear. I hope thse clowns never find themsleves in a dark alley else they will be carbon. Its clear that there is a program running somewhere in WI XP that regenerates the bookmarks and the home pages. Help--can anyone help? Maybe a black hacker is the only answer now or maybe not?
Rob423
Distinguished
- Feb 5, 2002
- 2,809
- 0
- 20,810
that Common Name thing or dialer or some other [-peep-] might be giving you those problems.......... i don't even use IE anymore, i been using Opera 7, not only does it work mad good it's got an awesome interface plus its got cool ass skins
Asus A7N8X Deluxe
80gb Maxtor
200gb WD 8mb cache..
Lian-Li PC-60
Lite-On 52X
AMD XP2800+
LeadTek GeForce 4 Ti4200 w/vivo 128mb 8x
Hitachi CML174
1 GB Corsair XMS PC3200 Cas2
Asus A7N8X Deluxe
80gb Maxtor
200gb WD 8mb cache..
Lian-Li PC-60
Lite-On 52X
AMD XP2800+
LeadTek GeForce 4 Ti4200 w/vivo 128mb 8x
Hitachi CML174
1 GB Corsair XMS PC3200 Cas2
Jake_Barnes
Splendid
- Feb 6, 2003
- 8,726
- 0
- 30,780
Do you happen to remember what web pg you were surfing when you happened upon this malicious POS ... I'd like to avoid it at all costs!
<b> ...more people are driven insane through religious hysteria than by drinking alcohol - W.C. Fields </b>
<b> ...more people are driven insane through religious hysteria than by drinking alcohol - W.C. Fields </b>
Jake_Barnes
Splendid
- Feb 6, 2003
- 8,726
- 0
- 30,780
What program did you use to scan your registry.
<b> ...more people are driven insane through religious hysteria than by drinking alcohol - W.C. Fields </b>
<b> ...more people are driven insane through religious hysteria than by drinking alcohol - W.C. Fields </b>
Sorry, I dont recall.The invader adds 5 bookmarks to MY FAVORITES and they cannnot be deleted, launches (2) offending home pages, and hijacks my home page with (2) search bots. I will never use MS Explorer again and like and have used Mozilla and Opera in fact. This MS integration sux rocks and is history here. Boys, its the wild wild west out there and outlaws and scofflaws know no rules so watch your back!
Done that three times...now the sysytem is purged from infection...NAV found several virii and deleted them...still, no progress is recovering my hijacked home page, bookmarks, etc etc. If IE were not integrated to WIN it would be a simple matter to uninstall and then reinstall IE..as it is that is not the case.
Jake_Barnes
Splendid
- Feb 6, 2003
- 8,726
- 0
- 30,780
Your problem is indeed interesting. I've never encountered a "drive-by" high-jack that Spybot S&D (Advanced) and Ad-aware couldn't correct - and that includes Xupiter (3 registry enteries, 25+ bookmarks and, of course, a changed home page). If you find a fix, please post it.
<b> ...more people are driven insane through religious hysteria than by drinking alcohol - W.C. Fields </b>
<b> ...more people are driven insane through religious hysteria than by drinking alcohol - W.C. Fields </b>
Go here for a full explanation for what happened to my rig and how to fix it from the evil warez that were installed:
http://support.microsoft.com/default.aspx?scid=kb;en-us;320159&Product=ie600
SYMPTOMS
When you use Microsoft Internet Explorer, you may experience any of the following symptoms:
Your Internet Explorer home page has been changed to a different Web site than the one that you selected.
You cannot change your home page selection to the Web site that you want.
For example, when you try to change your home page in the Internet Options dialog box on the Tools menu, you may not be able to type an address in the Address box, and the following buttons may be unavailable:
Use Current
Use Default
Use Blank
You reset your home page to the Web site that you want in Internet Options, but after you restart your computer your home page selection has again been changed to a different Web site.
CAUSE
This issue may occur if one or more of the following conditions are true:
Your computer has been infected with a virus that changed your Internet Explorer home page.
For example, the IRC.Becky.A worm and Trojan.JS.Clid.gen trojan horse viruses change the Internet Explorer home page.
Code in the form of a malicious attack has been run on your computer.
For example, the JS.Exception.Exploit code may change the Internet Explorer home page.
You installed third-party software that changed the Internet Explorer home page.
For example, the Xupiter toolbar from Xupiter.com, the SecondPower Multimedia Speedbar from SecondPower.com, and the GoHip! Web browser enhancement from GoHip.com change the Internet Explorer home page. You may be prompted to install one of these programs when you install other programs.
If the issue is resolved, you have installed third-party software that changed your Internet Explorer home page or code in the form of a malicious attack, such as an unknown virus has been run on your system. One of the startup items that were removed by using the clean boot method is causing the issue. Any startup items that run Regedit.exe or a .reg, .hta, .vbs, or .js file may be the cause of the issue. Leave any such startup items or suspected third-party software turned off, and then continue troubleshooting with the next step.
http://support.microsoft.com/default.aspx?scid=kb;en-us;320159&Product=ie600
SYMPTOMS
When you use Microsoft Internet Explorer, you may experience any of the following symptoms:
Your Internet Explorer home page has been changed to a different Web site than the one that you selected.
You cannot change your home page selection to the Web site that you want.
For example, when you try to change your home page in the Internet Options dialog box on the Tools menu, you may not be able to type an address in the Address box, and the following buttons may be unavailable:
Use Current
Use Default
Use Blank
You reset your home page to the Web site that you want in Internet Options, but after you restart your computer your home page selection has again been changed to a different Web site.
CAUSE
This issue may occur if one or more of the following conditions are true:
Your computer has been infected with a virus that changed your Internet Explorer home page.
For example, the IRC.Becky.A worm and Trojan.JS.Clid.gen trojan horse viruses change the Internet Explorer home page.
Code in the form of a malicious attack has been run on your computer.
For example, the JS.Exception.Exploit code may change the Internet Explorer home page.
You installed third-party software that changed the Internet Explorer home page.
For example, the Xupiter toolbar from Xupiter.com, the SecondPower Multimedia Speedbar from SecondPower.com, and the GoHip! Web browser enhancement from GoHip.com change the Internet Explorer home page. You may be prompted to install one of these programs when you install other programs.
If the issue is resolved, you have installed third-party software that changed your Internet Explorer home page or code in the form of a malicious attack, such as an unknown virus has been run on your system. One of the startup items that were removed by using the clean boot method is causing the issue. Any startup items that run Regedit.exe or a .reg, .hta, .vbs, or .js file may be the cause of the issue. Leave any such startup items or suspected third-party software turned off, and then continue troubleshooting with the next step.
SYMPTOMS
When you use Microsoft Internet Explorer, you may experience any of the following symptoms:
Your Internet Explorer home page has been changed to a different Web site than the one that you selected.
You cannot change your home page selection to the Web site that you want.
For example, when you try to change your home page in the Internet Options dialog box on the Tools menu, you may not be able to type an address in the Address box, and the following buttons may be unavailable:
Use Current
Use Default
Use Blank
You reset your home page to the Web site that you want in Internet Options, but after you restart your computer your home page selection has again been changed to a different Web site.
CAUSE
This issue may occur if one or more of the following conditions are true:
Your computer has been infected with a virus that changed your Internet Explorer home page.
For example, the IRC.Becky.A worm and Trojan.JS.Clid.gen trojan horse viruses change the Internet Explorer home page.
Code in the form of a malicious attack has been run on your computer.
For example, the JS.Exception.Exploit code may change the Internet Explorer home page.
You installed third-party software that changed the Internet Explorer home page.
For example, the Xupiter toolbar from Xupiter.com, the SecondPower Multimedia Speedbar from SecondPower.com, and the GoHip! Web browser enhancement from GoHip.com change the Internet Explorer home page. You may be prompted to install one of these programs when you install other programs.
If the issue is resolved, you have installed third-party software that changed your Internet Explorer home page or code in the form of a malicious attack, such as an unknown virus has been run on your system. One of the startup items that were removed by using the clean boot method is causing the issue. Any startup items that run Regedit.exe or a .reg, .hta, .vbs, or .js file may be the cause of the issue. Leave any such startup items or suspected third-party software turned off, and then continue troubleshooting with the next step.
When you use Microsoft Internet Explorer, you may experience any of the following symptoms:
Your Internet Explorer home page has been changed to a different Web site than the one that you selected.
You cannot change your home page selection to the Web site that you want.
For example, when you try to change your home page in the Internet Options dialog box on the Tools menu, you may not be able to type an address in the Address box, and the following buttons may be unavailable:
Use Current
Use Default
Use Blank
You reset your home page to the Web site that you want in Internet Options, but after you restart your computer your home page selection has again been changed to a different Web site.
CAUSE
This issue may occur if one or more of the following conditions are true:
Your computer has been infected with a virus that changed your Internet Explorer home page.
For example, the IRC.Becky.A worm and Trojan.JS.Clid.gen trojan horse viruses change the Internet Explorer home page.
Code in the form of a malicious attack has been run on your computer.
For example, the JS.Exception.Exploit code may change the Internet Explorer home page.
You installed third-party software that changed the Internet Explorer home page.
For example, the Xupiter toolbar from Xupiter.com, the SecondPower Multimedia Speedbar from SecondPower.com, and the GoHip! Web browser enhancement from GoHip.com change the Internet Explorer home page. You may be prompted to install one of these programs when you install other programs.
If the issue is resolved, you have installed third-party software that changed your Internet Explorer home page or code in the form of a malicious attack, such as an unknown virus has been run on your system. One of the startup items that were removed by using the clean boot method is causing the issue. Any startup items that run Regedit.exe or a .reg, .hta, .vbs, or .js file may be the cause of the issue. Leave any such startup items or suspected third-party software turned off, and then continue troubleshooting with the next step.
TRENDING THREADS
-
Question Using cloning software for a dying HDD which shows only 10% health ?- Started by Mashuumatics
- Replies: 1
-
Question Wifi card speed fluctuating on my Lenovo Ideapad pro 5 16APH8- Started by sirdariush
- Replies: 6
-
News Windows 11 will reportedly display a watermark if your PC does not support AI requirements- Started by Admin
- Replies: 23
-
Question Recovering an old version of a Notepad file in Windows 10 ?- Started by MC72
- Replies: 2
-
Facebook
Twitter
Instagram