Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijacked by CWS about-blank


  • Please log in to reply

#31
MadHijacked

MadHijacked

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here is another Key I found and deleted & exported to my desktop that has traces of items that we have found related to my hijacked browsers?

I assume it would be safe to completely remove this?

Also notice item "b"="zoneon"

Zoneon & Zoneoff are registry items I ask about previously.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU]
"a"=""
"MRUList"="fhabjidgce"
"b"="zoneon"
"c"="*.ICO"
"d"="google"
"e"="TAPISRV.EXE"
"f"="*.DLL"
"g"="NHC.DLL"
"h"="Nch.DLL"
"i"="*.exe"
"j"="Logbba.dll"
  • 0

Advertisements


#32
MadHijacked

MadHijacked

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
:D :D :P

Don't give up on me please!

Something is going on.

I haven't had SpySweeper, Ad-Aaware, or CWShredder to detect about:blank,
but I believe it is still trying to rewrite it's self.

As you see from my last post that I found the above in the registry. I exported
it to my desktop and deleted it from the registery.

So I looked again today and found this in the same location.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU]
"a"=""
"MRUList"="habgfedcji"
"b"="Nav"
"c"="Logbba"
"d"="matcli"
"e"="*.lgc"
"f"="*.exe"
"g"="services.exe"
"h"="sis.dll"
"i"="*h.dll"
"j"="*C.dll"


I don't know what all this is but I don't like it.
I looked for the sis.dll file and it is located C:\Program Files\Webroot\Spysweeper
so I was affraid to delete it.

What caused me to look for the sis.dll and find the above in the registry is. that
I tried once again to install McAfee Antivirus and got an error message
That MCVSSTLD cause a page fault in SIS. Dll at 0177: 0091d40.

While I haven't seen about blank in several days why is the registry continually changing to these odd Keys.

<_< :o
  • 0

#33
MadHijacked

MadHijacked

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
:P :o

Whoops ! I feel so stupid. But at least I have learned a few things about the registry.
Disregard my last two post. I realize now that the information:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU]

Was generated when I would do a Start/find/files or folders.
At least I think it was?

I would like to thank everyone who helped me with my problem.
It was a nightmare for me, but a great learning process.

I still have some problems that I feel was caused by the hijacker.

But if you would like you can close this topic.
And I will post other problems under their related topic title.

Thanks again you are tops.

<_< :D :D
  • 0

#34
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
I think you're fine. Thanks for the update. <_<
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP