Escape-Central   
Home View your subscribed threads, work with private messages and edit your profile and preferences Registration is free! Calendar Find other members Frequently Asked Questions Search  
Escape-Central : Powered by Spinforums Escape-Central >
ESCAPE TRIBUTE FORUMS
> General Chat > ---Hi-jacked again--
Pages (2): [1] 2 »   Last Thread   Next Thread
Author
Thread Post New Thread    Post A Reply
Estelle2
Platinum Member

Registered: Dec 2001
Location: West Chester. Pa
Posts: 1902

Angry ---Hi-jacked again--

---it's happened again.
Last May, my homepage was hijacked (I have XP).
I had to take it back a month with system restore, download
the latest security updates and Adaware.
I also turned the automatic update back on, which I had
disabled because it was driving me nuts with pop-up reminders.
I clean the system up each week with the adaware, but
someone has come up with a new scumware program to
bypass these new security updates.

Just a warning to you guys out there that go to XX sites,
as that's were the hubby picks up this junk.
So far adaware is not removing this particular bug. I have
run it twice now, the first time it discovered it in the registry
on Friday, and today.
It supposidly removed it, but must be embedded somewhere
else, as it was back when I just came on line.
MS better go back and work on XP as it has some major
flaws.

Report this post to a moderator | IP: Logged

Estelle2 is offline Old Post 11-10-2003 07:43 AM
Click Here to See the Profile for Estelle2 Find more posts by Estelle2 Add Estelle2 to your buddy list Edit/Delete Message Reply w/Quote
tango

[shift] 1st Gear!

Registered: Oct 2003
Location: san diego
Posts: 109

estelle2 try the freeware program "spybot search & destroy" find it with a search on google. works great on all this sort of crap.


__________________
2004 Escape XLT options & mods: dark shadow gray clearcoat, moonroof, medium dark flint leather, side airbags, H&R 1" lift springs, oem limited alloys, firestone destination le 255/70/16 tires, bene-vento moonroof wind deflector, gentex auto dimming rear view temp-compass mirror, bsa in-channel window visors, infinty kappa 572.5cf speakers front, pioneer ts-a6880 speakers rear, XLS grille, yellow fogs, black antenna, oem black step-in trim, oem rear cargo mat, oem step bars, oem hanging cargo net.

Report this post to a moderator | IP: Logged

tango is offline Old Post 11-10-2003 07:48 AM
Click Here to See the Profile for tango Find more posts by tango Add tango to your buddy list Edit/Delete Message Reply w/Quote
Rick Zeman
Hyperdrive

Registered: Sep 2002
Location: Somewhere...over the rainbow
Posts: 8440

Re: ---Hi-jacked again--

quote:
Originally posted by Estelle2
---it's happened again.
Last May, my homepage was hijacked (I have XP).
I had to take it back a month with system restore, download
the latest security updates and Adaware.
I also turned the automatic update back on, which I had
disabled because it was driving me nuts with pop-up reminders.
I clean the system up each week with the adaware, but
someone has come up with a new scumware program to
bypass these new security updates.

Just a warning to you guys out there that go to XX sites,
as that's were the hubby picks up this junk.
So far adaware is not removing this particular bug. I have
run it twice now, the first time it discovered it in the registry
on Friday, and today.
It supposidly removed it, but must be embedded somewhere
else, as it was back when I just came on line.
MS better go back and work on XP as it has some major
flaws.


Sounds like hubby has some major flaws, too.


__________________

Report this post to a moderator | IP: Logged

Rick Zeman is offline Old Post 11-10-2003 07:58 AM
Click Here to See the Profile for Rick Zeman Find more posts by Rick Zeman Add Rick Zeman to your buddy list Edit/Delete Message Reply w/Quote
Estelle2
Platinum Member

Registered: Dec 2001
Location: West Chester. Pa
Posts: 1902

Re: Re: ---Hi-jacked again--

quote:
Originally posted by Rick Zeman
Sounds like hubby has some major flaws, too.


---I'm not a shrink, but I think this type of curiosity is
fairly common in men.
Should we do a 'poll' on it?

Report this post to a moderator | IP: Logged

Estelle2 is offline Old Post 11-10-2003 08:15 AM
Click Here to See the Profile for Estelle2 Find more posts by Estelle2 Add Estelle2 to your buddy list Edit/Delete Message Reply w/Quote
greyboy
Managing Editor

Registered: Oct 2001
Location:
Posts: 4299

Exclamation

There is a little Freeware Program designed to clean those kinda bugs out, called "Hijack This". Clicky Here to check out it's documentation and to download. Also, one called "Cool Web Search Shredder" helps get rid of other spywares that others don't clean.
The download link to the latter proggie, is contained in the former's readme. Note, these programs are only for use with XP, I think.


__________________
We are no longer Escape owners, but I'll check in from time to time.

Report this post to a moderator | IP: Logged

greyboy is offline Old Post 11-10-2003 08:53 AM
Click Here to See the Profile for greyboy Find more posts by greyboy Add greyboy to your buddy list Edit/Delete Message Reply w/Quote
Corey
2nd Gear

Registered: Apr 2003
Location: Portland, Oregon
Posts: 111

Sounds like you need a registry cleaner program.


__________________


2003 LIMITED~NOW JUST A MEMORY~

Report this post to a moderator | IP: Logged

Corey is offline Old Post 11-10-2003 12:44 PM
Click Here to See the Profile for Corey Find more posts by Corey Add Corey to your buddy list Edit/Delete Message Reply w/Quote
Fitzy
Hyperdrive

Registered: Jul 2003
Location: Daylesford VIC Australia
Posts: 7898

Re: ---Hi-jacked again--

quote:
Originally posted by Estelle2
---it's happened again.
Last May, my homepage was hijacked (I have XP).



Estelle you have to find the file that is changing the registry setting(s) so that at every boot it resets to the unwanted webpage.

Okay I'm stating the obvious

You will probably find that the following "hta" file called "msoffice.hta" has been snuck in among your fonts. It is a script file.

i.e. Look for
C:\Windows\Fonts\msoffice.hta

(The slashes in Windows are this \ not / as on the web. Microsoft even blew that decision way back - however I digress)

If you use Windows Explorer to see if it's there it won't show up as it is set to only show the fonts in that folder.

Use the "command prompt" instead. That's either in your Accessories folder or click START > RUN and type in "cmd" and hit Enter.

Change to the fonts folder and look for it or merely type in :-

dir C:\Windows\Fonts\*.hta

See if any "hta" file shows up.

If so, what is happening is this. In a run folder of the registry there will be a key pointing to the script file called msoffice.hta located in the C:\Windows\fonts folder.

It is therefore run at each boot and the script contains instructions for replacing the browser home page with (for example) http://www.searchdot.net.

If you open up that script file with Notepad it will refer to HKCU and HKLM which is the following in the registry.

HKCU refers to the registry entry HKEY_CURRENT_USER
HKLM refers to the registry entry HKEY_LOCAL_MACHINE

FIRST we change the entries the script file has put into the registry.

Click START > RUN, and type in "RegEdit" which is the the Registry Editor. Click EDIT > FIND and type in http://www.searchdot.net
NOTE: Don't click on that link here - this forum editor insists on turning it into a link when I save. No doubt there's a way around that but. Doh!

To save time in the search (because the registry isn't indexed it can take quite a while to search) just search the sections mentioned in the script file. That's probably just
HKEY_CURRENT_USER
and
HKEY_LOCAL_MACHINE


All instances of this URL in the registry will be shown. To change the Value to the URL you want, right click the registry name and Modify, entering the correct URL.

LAST:
Don't overlook deleting the HIJACKER file C:\Windows\Fonts\msoffice.hta and reboot.


Let's know if this fixed things.
If it does - you owe me a beer.
Subscribe hubby to Hustler magazine.

Cheers
Wayne aka Fitzy

P.S.: The spyware search programs and Adaware etc probably won't find the source of the problem (yet).


__________________

Australians do it - umop apisdn
Daylesford Australia is currently:


HAD a 2003/4 ZA RHD Ford Escape XLT
V6 AWD all (production) options (incl sunroof) except leather and side impact bags.
Quicksilver color. No mods other than headlight upgrade and "Green" front brakepads to get rid of black dust.
2006/7 - Ssangyong Rexton-II (SUV) Mod is airbags and chrome valve caps.
2007/8 - SsangYong Musso Sports - diesel/gas kit - airbags - exhaust mod 3"

2009 Hyundai iLoad (H1)

Last edited by Fitzy on 11-10-2003 at 04:51 PM

Report this post to a moderator | IP: Logged

Fitzy is offline Old Post 11-10-2003 04:21 PM
Click Here to See the Profile for Fitzy Visit Fitzy's homepage! Find more posts by Fitzy Add Fitzy to your buddy list Edit/Delete Message Reply w/Quote
Rick Zeman
Hyperdrive

Registered: Sep 2002
Location: Somewhere...over the rainbow
Posts: 8440

Re: Re: Re: ---Hi-jacked again--

quote:
Originally posted by Estelle2
---I'm not a shrink, but I think this type of curiosity is
fairly common in men.
Should we do a 'poll' on it?




We'd lie.


__________________

Report this post to a moderator | IP: Logged

Rick Zeman is offline Old Post 11-10-2003 04:37 PM
Click Here to See the Profile for Rick Zeman Find more posts by Rick Zeman Add Rick Zeman to your buddy list Edit/Delete Message Reply w/Quote
Fitzy
Hyperdrive

Registered: Jul 2003
Location: Daylesford VIC Australia
Posts: 7898

Re: Re: Re: ---Hi-jacked again--

quote:
Originally posted by Estelle2
---I'm not a shrink, but I think this type of curiosity is
fairly common in men.
Should we do a 'poll' on it?



As Rick says - we'd lie. However it has something to do with toy deprivation as a child.


__________________

Australians do it - umop apisdn
Daylesford Australia is currently:


HAD a 2003/4 ZA RHD Ford Escape XLT
V6 AWD all (production) options (incl sunroof) except leather and side impact bags.
Quicksilver color. No mods other than headlight upgrade and "Green" front brakepads to get rid of black dust.
2006/7 - Ssangyong Rexton-II (SUV) Mod is airbags and chrome valve caps.
2007/8 - SsangYong Musso Sports - diesel/gas kit - airbags - exhaust mod 3"

2009 Hyundai iLoad (H1)

Report this post to a moderator | IP: Logged

Fitzy is offline Old Post 11-10-2003 04:45 PM
Click Here to See the Profile for Fitzy Visit Fitzy's homepage! Find more posts by Fitzy Add Fitzy to your buddy list Edit/Delete Message Reply w/Quote
Fitzy
Hyperdrive

Registered: Jul 2003
Location: Daylesford VIC Australia
Posts: 7898

If all else fails - here's another use for the PC


__________________

Australians do it - umop apisdn
Daylesford Australia is currently:


HAD a 2003/4 ZA RHD Ford Escape XLT
V6 AWD all (production) options (incl sunroof) except leather and side impact bags.
Quicksilver color. No mods other than headlight upgrade and "Green" front brakepads to get rid of black dust.
2006/7 - Ssangyong Rexton-II (SUV) Mod is airbags and chrome valve caps.
2007/8 - SsangYong Musso Sports - diesel/gas kit - airbags - exhaust mod 3"

2009 Hyundai iLoad (H1)

Report this post to a moderator | IP: Logged

Fitzy is offline Old Post 11-10-2003 05:37 PM
Click Here to See the Profile for Fitzy Visit Fitzy's homepage! Find more posts by Fitzy Add Fitzy to your buddy list Edit/Delete Message Reply w/Quote
greenman
Platinum Member

Registered: Mar 2002
Location: baltimore county,Md.
Posts: 1078

Thumbs up

EASTELLE2, here is a link to a site the addreeses your problem. A caller on " CALL FOR HELP" had the same problem.

http://www.spywareinfo.com/~merijn/cwschronicles.html

Hope this solves the problem,BILL


__________________

Report this post to a moderator | IP: Logged

greenman is offline Old Post 11-10-2003 06:41 PM
Click Here to See the Profile for greenman Find more posts by greenman Add greenman to your buddy list Edit/Delete Message Reply w/Quote
bufalope
Hyperdrive

Registered: May 2003
Location:
Posts: 11708

Re: Re: Re: Re: ---Hi-jacked again--

quote:
Originally posted by Fitzy
As Rick says - we'd lie. However it has something to do with toy deprivation as a child.





Toy deprivation?!!!

OK, since Christmas is coming and I have two small sons, what kind of toys do I need to not be depriving them of to keep them from looking at these kind of sites and screwing up their wifes computer when they are grownups?

Is it because one of the first things I taught them to say was "Yuck, Barbies"? Was that wrong?

Report this post to a moderator | IP: Logged

bufalope is offline Old Post 11-10-2003 07:38 PM
Click Here to See the Profile for bufalope Find more posts by bufalope Add bufalope to your buddy list Edit/Delete Message Reply w/Quote
Rick Zeman
Hyperdrive

Registered: Sep 2002
Location: Somewhere...over the rainbow
Posts: 8440

Re: Re: Re: Re: Re: ---Hi-jacked again--

quote:
Originally posted by bufalope
Toy deprivation?!!!

OK, since Christmas is coming and I have two small sons, what kind of toys do I need to not be depriving them of to keep them from looking at these kind of sites and screwing up their wifes computer when they are grownups?

Is it because one of the first things I taught them to say was "Yuck, Barbies"? Was that wrong?

No, it needs to be "Yuck, girls."

No wait..I can see other problems because of that.


__________________

Report this post to a moderator | IP: Logged

Rick Zeman is offline Old Post 11-11-2003 03:49 AM
Click Here to See the Profile for Rick Zeman Find more posts by Rick Zeman Add Rick Zeman to your buddy list Edit/Delete Message Reply w/Quote
geochemistry
Platinum Member

Registered: Jun 2002
Location: Austin, Texas
Posts: 724

Estelle, send your hubby to www.thehun.net. As long as he doesn't go directly to an xxx site and just uses the previews, this will reduce the chance of hijacking, and there will plenty of shock and awe.


__________________
Geochemistry

Life, Liberty and the Pursuit of Idiocy.

Report this post to a moderator | IP: Logged

geochemistry is offline Old Post 11-11-2003 04:04 AM
Click Here to See the Profile for geochemistry Find more posts by geochemistry Add geochemistry to your buddy list Edit/Delete Message Reply w/Quote
All times are GMT. The time now is 08:45 PM. Post New Thread    Post A Reply
 Pages (2): [1] 2 » Last Thread   Next Thread
[ Show a Printable Version | Email This Page to Someone! | Receive updates to this thread ]

Forum Jump:
 

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is ON
 

Copyright 2002 Escape-Central.com. All rights reserved. Board logo designed by Jen2002TBXLT. Disclaimer: Escape-Central.com is a personal site and is not affiliated in any way with the Ford Motor Company. Escape-central.com is not responsible for errors or opinions expressed on this web site. You should verify any and all information obtained or linked to from this website with your local Ford Dealer.


< Contact Us - Escape-Central.com >

Spinforums: Let's Drive!
Copyright ©2000, 2001, Jelsoft Enterprises Limited.