Hi jack! How ya doin?
February 27, 2004 2:51 AM   Subscribe

How do I get rid of a really stubborn Browser Hijack? I tried "HijackThis" and got rid of a lot of it, but still have problems! (More inside...)

My friend - a Hungarian artist - called me that his Windows 2000 had been taken over by porn sites and he couldn't even access the internet. I finally got IE Explorer to work, downloaded HijackThis, and knocked out a lot of the stuff in his registry that had substituted "C:\WINNT\secure.html for his own home and default search pages, and also knocked out some program called reg32.exe. Then his computer seemed to work OK, except that after startup the "C:WINNT\secure.html had again replaced itself as search and home page in his registry.

He got the virus because his roommate - a monolingual Hungarian - had been surfing porn so we set the adult filter to "mild" and now they are having trouble accessing things like hotmail as well.

A web search didn't turn up much. Any advice?
posted by zaelic to Computers & Internet (9 answers total)
Have you seen this thread at Dev Shed (2 pages)? It references a solution from another site, but also has a little bit more info (could be that LimeWire was the source...). Good luck, zaelic!
posted by taz at 3:22 AM on February 27, 2004

Response by poster: Yes, taz, I found those, and used their advice last night. Still have probs with the bug after startup.
posted by zaelic at 3:25 AM on February 27, 2004

i had a nasty browser hijack recently that went to some search page in the .cc domain after hitting crackspider or some other similar grey-area website.

couldn't pluck it out with any spyware/browser hijack sort of thing but found some info by searching google groups (which personally, i find one of the best resources for solving tech problems) about removing an entry (by hand) from the registry that ran a javascript using "RunOnce" ... if it's coming back at startup this may be your problem.

if you could be a little more specific about exactly where it's going, what its doing, etc, it might be easier to get a more specific solution for you.

good luck.
posted by fishfucker at 5:09 AM on February 27, 2004

Install Moz or Firefox.
posted by Fupped Duck at 6:00 AM on February 27, 2004

It sounds like it might be a Yaha worm (for example, here's one that puts "reg32.exe" on the start menu)... If so, Symantec has a removal tool, and here's one from McAfee (I haven't tried these myself). The very first link has instructions for removing the various versions by hand.
posted by taz at 6:07 AM on February 27, 2004

Is CWShredder what you need? It worked wonders for me, removing a browser hijack that nothing else would touch....
posted by anastasiav at 9:33 AM on February 27, 2004

Not to be repetitive, but have you tried SpyBot or AdAware?

(That is, assuming it isn't a worm)
posted by shepd at 10:03 AM on February 27, 2004

I second Fupped Duck, install something that's not IE. Take it from a computer professional working at a helpdesk that serves 24,000+ clients--IE is the #1 source of computer problems and 99% of those would be solved by using Mozilla or Mozilla FireFox (or Netscape or Opera).
posted by cyrusdogstar at 10:23 AM on February 27, 2004

The forum thread here seemed to have a successful process for removing the hijack.
posted by deborah at 5:36 PM on February 27, 2004

« Older Good mp3 download company specializing in out of...   |   How can I create graphical text with ColdFusion? Newer »
This thread is closed to new comments.