WCM Forum - Einzelnen Beitrag anzeigen

g17 · 18.01.2002, 19:05

__________________________________________________ __________
"Joe" <bumper89@hotmail.com> wrote in message news:<ywDy7.5619$Mj4.426026@nnrp1.ptd.net>...
> I was wondering if anyone could help me. Somewhere along the line I went to
> a site that made itself the default location for my searches in IE. I've
> reset any number of times to the default and it's fine for awhile then comes
> back. The site it keeps going to is http://jethomepage.com/ie when it
> should be http://ie.search.msn.com/en-us/srchasst/srchasst.htm I've
> searched the registry for the jet one and reset it to the default but like I
> said it keeps coming back. Anyone have any ideas on where else to look?
>
> I've done a through scan using NAV on all files, ran easy cleaner and
> adaware and still no luck. Any help would be greatly appreciated!

This is a new virus, apparently being distributed unwittingly through
pop-up ads on a number of sites which subscribe to pop-up advertising
services. Yet another reason why sites using pop-up ads should quit
it!

It's apparently a malicious javascript which installs a file called
sp.dll in your Windows directory, and puts "regedit -s
c:\windows\sp.dll" in the startup Run command lines in your registry
to restore the settings if you delete them.

To fix it you must:

1. Move and rename the file sp.dll from your Windows directory (if you
look at it with a text editor, you will see that it is actually a
registry .reg file containing the entries for jethomepage)

2. Run regedit, search for the regedit command line above in the "Run"
section of your registry, and delete the entry containing it.

3. Also in regedit, search for every occurance of "jethomepage.com" in
your IE search entries (there are *lots* of them - thanks again
Microsoft), and change it back to the default search page you want.

There is another suspicious file called ce.exe (ostensibly a pop-up ad
program) which may be associated with installing sp.dll, so make sure
that you get rid of that and all references to it as well. Do NOT run
the purported "uninstaller" for ce.exe. There programs have been
compressed and encrypted so that their content cannot be read.

__________________________________________________ __________

hth
g17

18.01.2002, 19:05	#4
g17 Elite Registriert seit: 13.07.2001 Beiträge: 1.339	__________________________________________________ __________ "Joe" <bumper89@hotmail.com> wrote in message news:<ywDy7.5619$Mj4.426026@nnrp1.ptd.net>... > I was wondering if anyone could help me. Somewhere along the line I went to > a site that made itself the default location for my searches in IE. I've > reset any number of times to the default and it's fine for awhile then comes > back. The site it keeps going to is http://jethomepage.com/ie when it > should be http://ie.search.msn.com/en-us/srchasst/srchasst.htm I've > searched the registry for the jet one and reset it to the default but like I > said it keeps coming back. Anyone have any ideas on where else to look? > > I've done a through scan using NAV on all files, ran easy cleaner and > adaware and still no luck. Any help would be greatly appreciated! This is a new virus, apparently being distributed unwittingly through pop-up ads on a number of sites which subscribe to pop-up advertising services. Yet another reason why sites using pop-up ads should quit it! It's apparently a malicious javascript which installs a file called sp.dll in your Windows directory, and puts "regedit -s c:\windows\sp.dll" in the startup Run command lines in your registry to restore the settings if you delete them. To fix it you must: 1. Move and rename the file sp.dll from your Windows directory (if you look at it with a text editor, you will see that it is actually a registry .reg file containing the entries for jethomepage) 2. Run regedit, search for the regedit command line above in the "Run" section of your registry, and delete the entry containing it. 3. Also in regedit, search for every occurance of "jethomepage.com" in your IE search entries (there are lots of them - thanks again Microsoft), and change it back to the default search page you want. There is another suspicious file called ce.exe (ostensibly a pop-up ad program) which may be associated with installing sp.dll, so make sure that you get rid of that and all references to it as well. Do NOT run the purported "uninstaller" for ce.exe. There programs have been compressed and encrypted so that their content cannot be read. __________________________________________________ __________ hth g17