Hijacked Browser!! Help!

run ad-aware and spybot, and your anti-virus software Remove all the bad stuff. Then see what your homepage is set to. tools>internet options> home page.

Change the homepage there. If that doesnt work then down load hijackthis ( http://www.spychecker.com/program/hijackthis.html) . Run that and post what your output is.

Try removing the following entries...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pranz.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://pranz.dll/index.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://pranz.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pranz.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://pranz.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\pranz.dll/sp.html#37794
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

***Make sure you keep the backup of those files***

Try removing those then start IE again. What happenes.

You need to delete MWSOEMON.EXE

You will most likely need to go into running processes and halt that first, but once you stop it, you should be able to delete it. That should take care of your problem.

It is the program which tells your computer to do all that other stuff including res://C:\WINDOWS\system32\pranz.dll/sp.html#37794 and other such lines.

Do a search on google for MWSOEMON.EXE if you need more detailed instructions.

Also make sure that you always download the latest update file for adaware.

SnickerDoodle said:

Nope

It worked the first time with about:blank; but after that...nope

Click to expand...

What do you mean it worked the first time?

What tries to load now?

Actually, I believe that C:\windows\system32\javauu.exe and C:\windows\d3dd.exe are the culprits. It sounds like the malicious files that are changing your registry settings every time you reboot. You can change them as much as you want, but until you get rid of those files, they'll keep coming back.

Here's how:

Go to the task manager by pressing CTRL > ALT > Delete and end the tasks.. Go to the folders and delete the files..

Then go to the registry by clicking on Start > Run and typing in regedit (click ok) and look for this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and Run Once

Expand those keys and look in the right pane. You should see the registry entries there.

You might want to export the keys first, just until you make sure that I am right. After that you can delete the reg keys from your harddrive safely.

Reboot your computer, then edit those keys to set your homepage back to normal.. Or do it in your browser.

Get rid of that Mywebsearch nonsense while you're at it.

Make sure everything is updated. Run adaware once a week or so and make sure you have the new file downloaded. I'm behind a hardware firewall and I run adaware every so often and I never have problems.

Stay on top of it and it won't get the best of you

Download and Install "Firefox" Its a browser MUCH better than IE, and it not open to nearly as many exploits as IE is.... Dont worry you can import all you bookmars etc etc

SnickerDoodle said:

Thank you all!! Is there some way that I can prevent this from happening again?? (I had a firewall and antivirus when it happened)

Click to expand...

Yeah, get a Mac (lol I love saying that...)
Anyways, if you dont want to change your OS, then I have to concur with others - switch your web browser. Firefox is the best at the moment. Its easy, its fast, and its free.

Another solution is to avoid the problems altogether and switch your OS to Linux. I recommend Xandros, or Lindows (well, Linspire now). You keep your same hardware, and can get the whole OS for free, just burn it to a CD and write over Macroshaft's ...er, I mean Microsoft's bloated OS.

The third and most easily accomplished answer is get a Mac. Simple, elegant and powerful. Yeah, they cost a little more than PCs, but thats because you pay for style, and a computer with almost every conceivable extra you would want in it.

Just my 2 cents. I imagine youll go get firefox.

Firefox slows it down? Hm...Ive not found that, but every machine is different. Maybe you need a fresh system. Just a suggestion.

Download a program called "CW Shredder" - run it, it will get rid of any lingering spyware~trojans on your system. Make sure to run an update on the program before starting. I had to use this program as a last resort on a coworker's computer - his unsavoury viewing habits left him open to all sorts of wild & wonderful entities !

Also look for a program called "Browser Hijack Blaster" - it will prevent future attempts to change your home page without your consent.

Do a google search to find the sites for the above mentioned programs.

Hope that helps some,


Ray

You know what... I've installed Firefox on a few different computers at work and at home, and have to agree that it loads pages slower. I think that the main draw to it is that it's free and functional. Have also installed Opera on all of the previously mentioned comps, it's noticeably quicker. Think it costs $40 to register it to avoid having ads, but other than that, it's the exact same browser as the ad version. Both home and work have fast internet connections, T1 and DSL, but some of the comps at work are relatively slow CPUwise - 600 Celeron, 450 Celeron...

If you haven't tried Opera yet, give it a go, it's at : http://www.opera.com

Tabbed browsing, different skins, etc, etc... ya, I like it