Translate This Blog

Showing posts with label computer maintence2. Show all posts
Showing posts with label computer maintence2. Show all posts

Sunday, February 24, 2008

BROWSER HIJACKING

Hijack Removal

Permalink | Top

Any of the products below will remove most hijackers completely, unless it is one which has just started spreading.

Spybot S&D [recommended]
Ad-aware
SpySweeper

If you have a hijack that is not fixed by any of these products, you may use these solutions below that I have gathered after helping to fix these same problems countless times through email and at the forums. Read on...

Please read the disclaimer below before doing anything described here. By following any of these instructions, you agree to be bound by the disclaimer. If you do not agree, do not follow these instructions. Also note that with Windows NT/2K/XP you likely will need to be logged in as an administrator for much of this. Go ahead and do that now.

The situation: Your browser now has a new start page and a new search page. Every time your browser loads a page that doesn't exist, you end up at some strange site, probably filled with popup ads.

You go to Tools > Internet Options to fix this, only to find that option grayed out. You open the control panel, only to find Internet Options missing from there too. You try to open regedit to start hacking away at the registry, but you are given the message that "your administrator has not given you that privilege".

Some scumbag webmaster has paid a scumbag script kiddie to truly mess up your browser settings and has made it next to impossible for you to change it back.

Notice that I said "next to impossible"...........

So, what do you do here?

Skip any step that deals with a problem that doesn't effect you

  1. Assuming that none of the spyware removal programs listed above helps you, the very first thing you need to do is download and run HijackThis. Put a check mark next to every search and start page setting it lists which you haven't put there yourself and choose fix. Do the same for any hosts file entries. If it lists anything as O5, O6, or O7*, fix those as well. Please ask for advice at the forums before using HijackThis to change anything else.

    *Note: Spybot S&D, Start Page Guard, Settings Sentry, and similar programs may provide options to lock settings against unauthorized changes. If you have these options enabled, HijackThis will detect that as a restrictions hijack. Disable those options before scanning with HijackThis.

  2. Second, you have to put Internet Options back into the control panel. Do a file search and look for a file named "control.ini". Open it in Notepad. You may see something like this:

    [don't load]
    inetcpl.cpl=yes

    Delete the "inetcpl.cpl=yes" line under "[don't load]". Save and close the file, then try the control panel again. If it's still not there, restart your machine and it should be there.

    For Windows 2000 and XP, you will need to edit the registry to do this. Go to the start menu > RUN command > type REGEDIT and press enter. Navigate through the registry keys until you get to HKEY_CURRENT_USER\Control Panel\don't load\. Look and see if inetcpl.cpl is listed. If it is, delete the entry for it and log off.

    See the list at the bottom of this page to identify other entries. Thanks to Corné de Leeuw for this information.

  3. Run a search on your hard drive for any files ending with *.hta or *.js. If you find any, open them in notepad or some other text editor and look for the URLs that you have been hijacked to. Any file with those URLs, delete them. Also delete all *.tmp files on your drive; some of them contain malicious code (for e.g. browser hijacks or malware (re)installations). Besides, deleting *.tmp files doesn't hurt, unlike dll's which are also used sometimes for this purpose. (Thanks to cexx.org for the additional info in this step).

  4. HijackThis will list any BHO installed on your computer. Check the BHOs listed against the list of all known BHOs. If you find one listed as some sort of spyware/malware/hijackware, run HijackThis again and find that BHO in the list. Check its box and have HT fix it.

    If you find a BHO that is not included in the list, please make a post in the Browser Hijackings section of our support forums with the HijackThis log pasted in along with an explanation of your problem. Please wait for replies before deleting this BHO, as it may be a new one which I can have added to various spyware/malware cleaning programs. It may also be an innocent file that is not causing your problem, so please wait for advice before deleting it.

  5. Now you need to see if there is a startup entry for your hijacker file. The next time you reboot, the hijack might come right back. The reason for this would be an entry in the run section of the registry.

    Look in HijackThis for 04 startup items. Check the entries listed against Pacman's List. Items listed as virus, malware, spyware, or something else that is undesirable, put a checkmark next to it and "fix" it.

Again, it will be absolutely necessary for you to close all open Internet Explorer windows before any of these changes will take effect. That includes this window. Some changes may even require a log off or even a reboot before they have any effect.

Still not fixed?

I hope this helps anyone who has become a victim of a browser hijack. If it does, great.

If the problem still remains after doing all of the above, you can visit our support forums and post the specifics of your problem there. I or someone else can troubleshoot the problem. Before posting, please make sure you have followed all of the instructions above.

Posted by at No comments:
Labels:

How to clean your PC with HijackThis

Sometimes, despite your best efforts, insidious adware burrows into your computer and won't come out. It can hijack your home page, add an unwanted toolbar to your browser, pop up ads, or even track your every movement for commercial gain. You should always try running standard adware-removal programs such as Ad-aware and Spybot - Search & Destroy first, but when they can't keep the nasties at bay, HijackThis digs deep. Be careful, though: The program identifies commonly abused methods of altering your computer, some of which may be benign and some that are critical. Fortunately, the Internet community offers ways to separate spyware from critical system components.

Step 1: Set it up


Click for larger image
HijackThis downloads as a ZIP file that contains only the program itself, not an installer. When you unzip it, be sure to create a folder for the program to live in, such as C:\Program Files\HijackThis\, or it will simply unzip to your default downloads folder. To make running it even easier, you can right-click its program icon to create a shortcut on your desktop. Most versions of Windows let you drag the folder--or just the icon--to the Start menu and drop it where you want. Windows XP lets you right-click the icon and "pin" it to the Start menu. If you use the Quick Start toolbar, you can drag and drop the icon there.

Step 2: Scan your system

Regardless of how you launch the program, running HijackThis can be confusing. All you do is click the Scan button to bring up a list of all the questionable entries in your registry and on your computer. However, even a completely healthy computer that's been customized by, say, setting a new Internet Explorer home page can have dozens of entries. A scan on our test machine resulted in 44 entries, all of which we recognized as benign. (If you'd like more information on why the program flagged a benign entry, you can either select an individual check box and hit the Info on Selected Item button or consult the publisher's excellent log tutorial.) The best thing to do is save the log, preferably in the HijackThis folder, and look to the Internet for answers.

Step 3: Identify problems

Conveniently, after the program scans, the Scan button turns into the Save Log button. Once you press that, the log opens up in Notepad. At that point, the brave or foolhardy can look up entries on the Web to see whether they're benign. For example, we discovered that lsass.exe is a Microsoft Windows process that helps authenticate user logins. Clearly this isn't something we want to delete, whereas the innocent-sounding rundll16.exe comes with the adware program BrowserAid.

However, you don't have to face the cleanup alone. Many anti-adware and tech-support online forums feature dedicated and smart people who will examine your HijackThis log file and tell you which entries to delete. SpywareInfo runs a good one, as do Computer Cops and TweakXP. For all three, registration is required, but it's free and quick. Read the forum rules before posting, and be patient.

Step 4: Clean house

Once you've done your research, check the box next to items you know are bad, then hit Fix Checked. After that, restart your computer and run an adware-removal program to see whether that took care of the problem. If you're still having problems, either repeat the process or return to the forums. The person who's helping you will tell you which files to remove, then probably ask you to restart, rescan, and post the new log. This process continues until your computer is once again deemed righteous. At that point, you can check items you know are good, such as those that reset the browser page to your chosen home page, and remove them from future flagging by hitting the Add Selected to Ignorelist button.

By Karen Whitehouse
Posted by at No comments:
Labels:

Tuesday, January 15, 2008

How to make your blog work


  • 1. Pick a topic for your blog. Having a specific focus actually gives you more to write about. Like a novel, your blog takes on direction and purpose.
  • 2. Encourage comments. Allow comments, and respond to comments.
  • 3. Make it easy to subscribe. Make it easy to subscribe to your feed by placing an orange RSS button in a highly visible location. Route your feed through Feedburner so you can keep track of your subscribers.
  • 4. Include an About page.
  • 5. Present your ideas visually. Long blocks of text aren’t read.
  • 6. Keep posts short and to the point.
  • 7. Use subheadings for long posts.
  • 8. Link abundantly. Links increase readership and let others know you’re writing about them.
  • 9. Make headlines descriptive.
  • 10. Archive by topic. Rather than date.
  • 11. Include a list of related posts beneath each post.
  • 12. Allow users to contact you offline.
  • 13. Present your real viewpoint. Be yourself and speak your mind.
  • 14. Write for your future employer. You should know that your future employer, and possibly your current employer, will read it.
  • 15. Include a Top Posts section.
  • 16. Provide an index. Providing an index readers can quickly scan is an excellent way to let users skim your entire post collection.
  • 17. Get your own URL and match it to your blog’s title.
  • 18. Include a Recent Posts section in your sidebar.
  • 19. Reward commenters for commenting. Add the Show Top Commenters plugin.
  • 20. Post often.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)