#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2003
    Location
    California
    Posts
    3
    Rep Power
    0

    Have I been hijacked


    Two days ago as I opened Internet Explorer, rather than having my homepage yahoo.com come up, this did: http://ehttp.cc. Looked like some search engine of some sort. With every address that I attempted afterwards this still came up. I had to refresh to get to the site I wanted.
    Has anyone encountered this and if so, how did you resolve the problem. I installed and ran browser hijack blaster and CWshredder but it is still there. Anyways if you know something, please let me know.

    oh yea, that address came up before the site I was going to, for example: http://ehttp.cc.yahoo.com. So I tried just the ehttp by itself and it took me to a page that said install or uninstall. I clicked uninstall and I downloaded some registry entry file. I haven't done anything untill I know what this will do. Again thanks in advance.
  2. #2
  3. No Profile Picture
    Got source?
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2003
    Location
    Laguna Niguel, California, USA
    Posts
    2,331
    Rep Power
    14
    It looks as if you have been the victim of a malicious program. If you go to that site and look at the "install" and compare it to the "uninstall", you will see what changes have been made to your registry. Find the "install" values in your registry and replace them with the corresponding ones in the "uninstall" Seems to me as if this should correct the problem (assumming the information that they are listing is correct)
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2003
    Posts
    8
    Rep Power
    0

    What I know....


    I had something very similar happen to me a while back. Not exactly sure what I did about it but here's what I think I remember...

    In addition to anti-virus software, I believe you also need to have the following:

    "Ad-Aware"
    "Spybot Search & Destroy"
    "Hijack This"

    Each of these programs search your Hard Drive for stuff you don't want on your computer. I know Spybot is safe to use, and I think Ad-Aware is too, but I would urge LOTS of caution with Hijack This. I went sort of "crazy" once with Hijack This and deleted some necessary Registry entries and had to re-install Windows in order to get the machine functional again.

    One (or more) of these might be able to find out what went wrong and make it right. Hope this helps.

    DaMadBomber
  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2003
    Location
    California
    Posts
    3
    Rep Power
    0
    Thanks for the info guys! I have and ran ad-aware but the problem is still there. I will definitely try the spybot program soon.
  8. #5
  9. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2003
    Posts
    8
    Rep Power
    0

    Another Question


    Can someone tell me is there is a "formulated" method of deleting something from the Registry. Is there a finite number of places a program COULD be ? If I checked each one, would that GUARANTEE deletion ?

    I am having some trouble getting rid of something from the STARTUP which is coming from the Registry. Is there a book, a help-file and magic potion, what ?

    DaMadBomber
  10. #6
  11. No Profile Picture
    Got source?
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2003
    Location
    Laguna Niguel, California, USA
    Posts
    2,331
    Rep Power
    14
    start->run->"msconfig" will let you modify what will startup with your computer.
  12. #7
  13. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2003
    Posts
    8
    Rep Power
    0

    Not Quite....


    Yes, "MSCONFIG" will let you run a "diagnostic" startup by allowing you to select what you do and do not want to load.

    But if you want to delete something from the startup so that you can start in "normal" mode (with the deleted item removed from the startup) sometimes it doesn't stay deleted.

    Sometimes it comes back.

    Why does it come back.

    From where ?

    How ?

    How do you keep it from coming back ?


    Thanks in advance for the help and the education.


    DaMadBomber
  14. #8
  15. No Profile Picture
    Got source?
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2003
    Location
    Laguna Niguel, California, USA
    Posts
    2,331
    Rep Power
    14
    The only way it could "come back" is if you did not properly save the new settings, or the program resets itself when closed down. Try ctrl-alt-del and close all non-system processes, and then try msconfig again. If this still doesn't work, then the virus must have embedded itself into your system files and it will have to be dealt with otherwise.
  16. #9
  17. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2003
    Posts
    8
    Rep Power
    0

    More Questions


    mttatkns,

    Thanks for the info. I've been wondering about the same thing; if the fact that the ".exe" is "active" changes whether or not it is deleted.

    And you mention something else that I have been wonder about and playing with.

    "Try ctrl-alt-del and close all non-system processes..."

    What exactly ARE the "system" processes. By this I mean any non-critical processes. Is that what you mean ?

    I have heard that Windows (XP) starts a lot more stuff than the average person needs. Is this true ? Is there a list of things you HAVE to have and/or a list of things you can live without ?

    Does one derive significant improvement in performance by deleting these "start" programs ? Is it possible to cause permanent damage (either to the software or the hardware) by deleting/disabling these items.

    See? These are big questions. Is there a web-site (maybe) with these answers already posted ?

    Thanks again for the help on the subject and in the discussion.


    DaMadBomber
  18. #10
  19. No Profile Picture
    Got source?
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2003
    Location
    Laguna Niguel, California, USA
    Posts
    2,331
    Rep Power
    14
    "What exactly ARE the "system" processes. By this I mean any non-critical processes. Is that what you mean ?" yes
    "I have heard that Windows (XP) starts a lot more stuff than the average person needs. Is this true ?" yes
    When you reboot your computer, you can press F8 or a comprable key and choose to start Windows in safe mode. Doing so will only start critical processes and limit resource usage (it's helpful if normal bootup doesn't start, but can also give you a good idea of what processes are absolutely necessary. Beyond this, you can try disabling the items one by one to find a configuration that best meets your needs.)
    "oes one derive significant improvement in performance by deleting these "start" programs ?" yes, especially if running on older hardware. Bootups will also be faster. With a new computer, you probably will not see much of a difference.
    "Is it possible to cause permanent damage (either to the software or the hardware) by deleting/disabling these items." Although the disabling of a service could render the machine unbootable, safe mode should still work, and if not, the worst danger would be potential data loss due to a reinstall of the operating system. This is unlikely to happen, however.
  20. #11
  21. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2003
    Posts
    8
    Rep Power
    0

    Thanks Again


    In this instance, the offending "service" was somethign called "lexstart.exe". This was a leftover from when a friend's computer had a Lexus (junk) printer. THis file didn't/wouldn't uninstall for some reason. A Google search reveals that MicroSoft has a (what do you call them, a "Q" paper ? or something) on this very program. They say to go to the registry and delete it.

    I followed the directions (several times) and it didn't work. So I wan to thank you for the "Safe Mode" boot suggestion. It makes sense that the program would re-write itself back to the registry while it was still "active".

    Either that, or the executable is infected with malevolent code. Either way, booting in Safe Mode and making the registry deletions should solve the problem, right ?

    What gets me is that I can't find the ".exe" file anywhere on the Hard Drive. I ran a search for it in several different ways and no-go.

    THAT one bothers me. I assume the executable is SOMEWHERE, maybe buried in some other file, I dunno. So if youhave soem pearls of wisdom for THAT one, I'd appreciate it very much.



    DaMadBomber

IMN logo majestic logo threadwatch logo seochat tools logo