Thread: Browser Home Page Highjack
View Single Post
  #2  
Old 06-25-2005, 07:51 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Hi and welcome.

To start I must tell you that I have never come across this hijack before so do you have any idead where you may have picked up the hijacker ?

If so can you pm me with any details like recent out of ordinary sites visited as well as recent downloads.

To begin lets have you rescanonce again with hijackthis, insert a check next to each then close all open browser windows and click "fix checked"


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpa.dll/security.htm#subID=PRFV;6784


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpa.dll/asst.htm


R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\JUSEARCH\SEARCHENH1.DLL
dll32.exe powrprof.dll,LoadCurrentPwrScheme


O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut32.exe home

__________________________________________________ ___________

Now please :
1.Click Start > Run.
2. Type regedit
3.Click OK

4. Navigate to the subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run

5. In the right pane, delete the value:

"FastStart" = "%System%\ntnut32.exe home"


6. Navigate to the subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-00AA006D2EA4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000535-0000-0010-8000-00AA006D2EA4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13709620-C279-11CE-A49E-444553540000}

7. In the right pane, delete the value:

"Compatibility Flags" = "0x00000400"

8. Navigate to the subkey:

"url1" = "http://www.lolita***-x.com/"
"url2" = "http://www.hardcore-***-movies.com/"

to the registry subkey:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs

9. In the right pane, delete the value:

"url1" = "[Web site on the lolita***-x.com domain]"
"url2" = "[Web site on the hardcore-***-movies.com domain]"

10. Exit the Registry Editor.

_____________________________________-

To reset the Internet Explorer Search page:;

1. Start Microsoft Internet Explorer.
2. Click the Search button on the toolbar.
3. In the Search pane, click Customize.
4. Click Reset.
5. Click Autosearch Settings.
6. Select a search site from the drop-down list, and then click OK.
7. Click OK.

__________________________________________________ ___
5. To reset the Internet Explorer home page

1. Start Microsoft Internet Explorer.
2. Connect to the Internet, and then go to the page that you want to set as your home page.
3. Click Tools > Internet Options.
4. In the Home page section of the General tab, click Use Current > OK.

__________________________________________________ _________

Run an online scan here as well and set it to auto clean:
http://housecall.trendmicro.com/
Reply With Quote