How in the world do you get rid of it? it's so annoying. It keeps changing my homepage to this

http://default-homepage-network.com/start.cgi

can somebody help??

is it a popup window or something? 'cuz you can get apopup killer that will stop the popup that tries to do that... I'm using 'smart popup killer'... a free download from cnet.com

is it a popup window or something? 'cuz you can get apopup killer that will stop the popup that tries to do that... I'm using 'smart popup killer'... a free download from cnet.com

Ok, thanks, I'll try that right now. I HATE it.

Scan with ad-aware......should be able to get rid of it.

Scan with ad-aware......should be able to get rid of it.

That was the first thing that I tried, unfortunately, it didn't do anything.

I learned about something along the lines of renaming .hta files??

Oh yeah, I also tried the damn pop-up blockers of all kinds and they still don't block the hijacker, it's not really the pop-ups I wanna block first because those come AFTER redirecting my homepage.

Could be a CoolWebSearch variant. More info here (http://www.spywareinfo.com/~merijn/cwschronicles.html).

AdAware and Spybot do not deal with homepage hijackers.

Could always upgrade to Mozilla Firebird (http://www.mozilla.org/products/firebird/) and ditch IE. The homepage hijackers exploit a flaw in ActiveX in IE, or the broken Microsoft Java VM (if you have the official Sun VM it shouldn't affect you). And Firebird has a popup killer built in.

By the way, do not visit the site in the first post if you are using IE.

happened to me once, i got a virus to a homepage called theexit.com or sometihng, its like a search engine but looks kinda mysterious, anyway my virus checker found it and got rid of it. annoying thing was while i still had the virus i couldnt change the hp it just wouldnt let me

I HATE VIRUS WRITERS

anyway also try spybot: search and destroy (look it up on download.com) pretty effective cleaning program

btw, do u know how u picked it up?

happened to me once, i got a virus to a homepage called theexit.com or sometihng, its like a search engine but looks kinda mysterious, anyway my virus checker found it and got rid of it. annoying thing was while i still had the virus i couldnt change the hp it just wouldnt let me

I HATE VIRUS WRITERS

anyway also try spybot: search and destroy (look it up on download.com) pretty effective cleaning program

btw, do u know how u picked it up?

I really don't know how I picked it up. It's not a problem anymore though, I did everything I could possibly do and I also switched browsers like ism said.

I now use Mozilla Firebird. :)

pick up spybot though, still a useful program to stick around

pick up spybot though, still a useful program to stick around

I did, I cleaned it all up today. I downloaded the updates, blockers, etc..

deleted all the adware that was on my comp...I hate all that crap..

another good one is "spysubtract" it gets down deep too, problem is if you have kazaa it'll show up on its radar (especially the peer points manager)

there's a program out there called 'hijack this' which was highly recommended for this problem on a few tech sites. i personally don't have experience with it, so try it at your own risk.

do u visit any err...unsavory websites? that is a possibility, cuz umm, thats how my friend picked it up

do u visit any err...unsavory websites? that is a possibility, cuz umm, thats how my friend picked it up

Nah..

it's just that, there are some message boards that have tons of pop-ups that pop up once you go visit and I guess that's where I got mine.

It's all good now though, I got spybot and got rid of the adwares..

My internet explorer is also working fine now. I'll just keep checking for updates and the spybot once every week.

It's kinda sad how many tools are needed to clean up after this crap. Good thing they're usually free. There are three neccessities in a web surfer's arsenal now:

Ad-Aware (http://www.lavasoftusa.com/)
SpyBot (http://www.safer-networking.org/)
Hijack This (http://mjc1.com/mirror/hjt/)

i got infected with a particularly nasty homepage hijacker. it re-wrote most of the IE properties to redirect to a site called http://www.nkvd.us which then redirected me to a 'search everthing!' search engine. the only thing i could readily access was YW which was still in my browser history -- couldn't even access google to learn how to clean this.

for anyone who gets this, here's how to fix it:

1) reboot in safe mode and do a search for mtwirl.dll (it's in C:\windows\system32). delete it. (it re-wrote the IE properties every 15seconds back to assigning the defaults to http://www.nkvd.us) Reboot in normal.

2) download hijackthis:
http://www.spychecker.com/program/hijackthis.html

make sure to save some of the stuff you want to save, by putting them on the ignore list. check everything else and click fix.

3) download CWshredder:
http://www.spywareinfo.com/~merijn/downloads.html
Click 'Fix' to make sure that there are no other hijackers in your system.

That should be it.

i got infected with a particularly nasty homepage hijacker. it re-wrote most of the IE properties to redirect to a site called http://www.nkvd.us which then redirected me to a 'search everthing!' search engine. the only thing i could readily access was YW which was still in my browser history -- couldn't even access google to learn how to clean this.

for anyone who gets this, here's how to fix it:

1) reboot in safe mode and do a search for mtwirl.dll (it's in C:\windows\system32). delete it. (it re-wrote the IE properties every 15seconds back to assigning the defaults to http://www.nkvd.us) Reboot in normal.

2) download hijackthis:
http://www.spychecker.com/program/hijackthis.html

make sure to save some of the stuff you want to save, by putting them on the ignore list. check everything else and click fix.

3) download CWshredder:
http://www.spywareinfo.com/~merijn/downloads.html
Click 'Fix' to make sure that there are no other hijackers in your system.

That should be it.

Yikes. Are you using any kind of firewall or virus checker...?

no... no firewall. i suck like that. i'm gonna go get one next month after the comp upgrade.

i am using norton antivirus though :)

Have you given thought to using an different web browser like Opera or even Netscape? Microsoft products are too big of a target these days.

I use Safari on a Mac, and apart from one virus, I'm pretty much immune to everything. I can't read/use some pages with it, so that's when I use IE.

kitty any idea how u picked it up?

i have a very outdated netscape and am not about to upgrade. i like IE, so i'll prolly just deal with the problems....

as far as how i picked it up... we thought back and i can't really think of anything. most likely it was a hidden download from a popup when i was websurfing a couple days ago looking for some new pictures for avatars down the road.

i have a very outdated netscape and am not about to upgrade. i like IE, so i'll prolly just deal with the problems....

as far as how i picked it up... we thought back and i can't really think of anything. most likely it was a hidden download from a popup when i was websurfing a couple days ago looking for some new pictures for avatars down the road.
hmm well my umm friend got one from a hentai site, wasnt too bad though, easily deletable one

oh yeah, they're all voer... you can get 'em anywhere. usually they are a download from some sketchy site with lot's of popups, or sometimes a prompt.

i just hate when the highjacker sites reset your homepage when you start IE or netscape and they disconnect the buttons that allow you to change the webpage or set it to a default blank page. I gotta check out some of this stuff. I'm getting sick of going to the MSN webpage just to avoid the pron crap my brother d/ls.

Have you given thought to using an different web browser like Opera or even Netscape? Microsoft products are too big of a target these days.

I use Safari on a Mac, and apart from one virus, I'm pretty much immune to everything. I can't read/use some pages with it, so that's when I use IE.

netscape takes 400 seconds to load!!!!!

oh yeah, they're all over... you can get 'em anywhere. usually they are a download from some sketchy site with lot's of popups, or sometimes a prompt.

You can get hit with a virus even with up-to-date virus protection simply by visiting a site. You don't have to download anything.

I switched to mozilla after my last escapade (http://forums.yellowworld.org/showthread.php?t=12544).

Ok in relation to this, I've begun to have problems with popups and my computer crashing; turning itself off. I deleted files that were added to my computer for some reason but I've found that they reattach themselves afterwards. I have Spybot, Tuneup Utilities, and Spyware Blaster recommeneded from Spybot but they don't seem to fulfill their purpose?

And I'm really worried about my computer constantly turning itself off. It's really annoying. Sometimes, I can't even log on since it turns off and on for a few minutes until it allows me to log in again. When it does that, there's this long message that's a page long that appears for a few seconds, which I'm not able to catch other than there's a problem with my computer and it's on a blue background then it turns itself off and turns itself back on with the same message. Arghhhh! Help.

AAAAAHHH!!! The Blue Screen of Death!!!!! :eek:


*runs away*

AAAAAHHH!!! The Blue Screen of Death!!!!! :eek:


*runs away*

you've had that???? how do you fix it????:( it's driving me crazy.

Ok in relation to this, I've begun to have problems with popups and my computer crashing; turning itself off. I deleted files that were added to my computer for some reason but I've found that they reattach themselves afterwards. I have Spybot, Tuneup Utilities, and Spyware Blaster recommeneded from Spybot but they don't seem to fulfill their purpose?

And I'm really worried about my computer keeping turning itself off. It's really annoying. Sometimes, I can't even log on since it turns off and on for a few minutes until it allows me to log in again. When it does that, there's this long message that's a page long that appears for a few seconds, which I'm not able to catch other than there's a problem with my computer and it's on a blue background then it turns itself off and turns itself back on with the same message. Arghhhh! Help.


This sounds like a corrupt OS.

Steps to take to fix:


1. Commit yourself to stop visiting pr0n sites or warez sites.

2. Reinstall your OS.

3. Install an Anti-Virus utility.

4. Visit http://windowsupdate.microsoft.com after the 2nd Tuesday of every month and apply all critical patches/security fixes.




However, the problem might be linked to faulty or failing hardware. Can you pinpoint when this started happening? What time during bootup does this happen?

Next time this happens, try looking at your 'System' Event Logs (assuming you are using Windows NT/2000 or XP) for a message stating that the system has recovered from a stop error. It should detail what the error is if you double click that. By 'detail' I mean that it should give you a code looking similar to: 0x00000077

Once you retrieve that string, try plugging that into the Search field on Microsoft's website and comb through the publications. Or you could just list that error here.

You can get hit with a virus even with up-to-date virus protection simply by visiting a site. You don't have to download anything.

I switched to mozilla after my last escapade (http://forums.yellowworld.org/showthread.php?t=12544).
I switched to Mozilla based on your last escapade.

I switched to Mozilla based on your last escapade.

LOL--lethalweapon proves himself to be the rarest of all beings--one who can learn from others' mistakes.

This sounds like a corrupt OS.

Steps to take to fix:


1. Commit yourself to stop visiting pr0n sites or warez sites.

2. Reinstall your OS.

3. Install an Anti-Virus utility.

4. Visit http://windowsupdate.microsoft.com after the 2nd Tuesday of every month and apply all critical patches/security fixes.




However, the problem might be linked to faulty or failing hardware. Can you pinpoint when this started happening? What time during bootup does this happen?

Next time this happens, try looking at your 'System' Event Logs (assuming you are using Windows NT/2000 or XP) for a message stating that the system has recovered from a stop error. It should detail what the error is if you double click that. By 'detail' I mean that it should give you a code looking similar to: 0x00000077

Once you retrieve that string, try plugging that into the Search field on Microsoft's website and comb through the publications. Or you could just list that error here.

What is OS? And I don't even visit porn sites!:) What are warez sites exactly? I think it began when I let my sister-in-law use my computer so I don't know what sites she goes to.

I think it started happening probably a month ago at least. At that time it turned off once in a while but now it's turning itself off more and more.

Well for instance, I'll be browsing the net and then boom the computer shuts itself off. Then it reboots itself and then the message appears and it repeats the whole process again. Where do I look in for the System Event Logs?

What is OS? And I don't even visit porn sites!:) What are warez sites exactly? I think it began when I let my sister-in-law use my computer so I don't know what sites she goes to.

I think it started happening probably a month ago at least. At that time it turned off once in a while but now it's turning itself off more and more.

Well for instance, I'll be browsing the net and then boom the computer shuts itself off. Then it reboots itself and then the message appears and it repeats the whole process again. Where do I look in for the System Event Logs?

Sorry, OS is the abbreviation for 'Operating System' (i.e. Windows 2000, Linux, etc.)

Assuming (again) that you are using a Windows NT/2000/XP OS, just click on Start, then Run. When the box comes up where you can type a command, type in 'eventvwr' and hit ok. It should pop up in a window and show you the three event logs (System, Security, and Application). I've attached a screenshot of what it might resemble.

Of particular interest, you're looking for a red circle with a white X in the middle of it, and the word 'Error' next to it. That right there tells you when your computer isn't too happy. That information, when double clicked, tells you everything you need to know about what's wrong with it most of the time. If it's troubled hardware, however, you'll have to either pay someone to investigate its issues further or do it yourself.

kuchana try an online free virus scan like trendmicro

search for it on google or somethign.

i sometimes use spysubtract (program) too, its pretty thorough as well, go to download.com and look it up

OK when I logged into the internet, it came up with this little window saying:

C:\WINDOWS\system32\final22.exe is not a valid Win32 application. ?????

CoolWebSearch makes the news.

These bitches are good. You fucking think you've dug into every crevice of your goddarn harddrive to pick out CWS crap, and it remains there like warts. :mad:

So you end up clearing out the harddrive and installing/reinstalling shit.

Folks behind spyware are elusive (http://www.tdn.com/articles/2004/11/06/biz/news02.txt)
NEW YORK -- In less than two years, CoolWebSearch has become the bane of the computing industry.

Its programmers have managed to reset Web browsers so that searches get rerouted to the Cool Web Search engine. And any time anti-spyware engineers find a way to stop the hijacking, a new variant pops up, sneakier than its predecessor. There are now dozens.

"It's a cat-and-mouse game almost," said Tim Bryan, an InterMute Inc. software developer in charge of fighting CoolWebSearch.

There are less pernicious forms of spyware, of course. And there's what's more properly termed adware because many such programs don't actually harvest data from users. Adware is often produced by larger companies, one of which even briefly planned an initial public offering.

CoolWebSearch and its ilk are what's most troublesome because they are so stealthy. Investigators are apparently stymied. In its anti-spyware efforts, the Federal Trade Commission has so far managed to file only one lawsuit -- against an American, and in a case unconnected to Cool Web.

The Cool Web network, anyway, seems to be foreign. Its domain name is registered to a post office box in the British Virgin Islands and its owner listed as InterWeb Solutions Inc. However, a Web hosting company in Buffalo, N.Y., that goes by that name said it had no ties whatsoever.

"They stole our name and are dragging our business down," InterWeb owner Marta Clark said. "We don't even know who these guys are."

Efforts to reach Cool Web officials by phone and e-mail were unavailing.

Cool Web appears to make money from Web sites that pay to get listed, sites with such names as "Knock Out Debt." Affiliates, registered in Belarus, Russia and other countries, get a 50 percent commission for referring traffic to the search engine.

Other spyware developers have similar arrangements -- they may pay affiliates a nickel or even a dollar for every software installation, said Dave Methvin, chief technology officer at PC Pitstop, a computer diagnostic site.

"These guys install (spyware) on tens of millions of systems," he said. "The nickels start to add up."

On its Web site, Cool Web Search denies creating the tools that hijack the computers of the unwitting, shifting blame to affiliates. It claims it does not condone such activity yet its posted terms with affiliates do not bar the practice.

The technology, meanwhile, has stumped experts.

The first few variants were easy to detect and remove. They got progressively tougher, and one Dutchman who made fighting CoolWebSearch his mission finally gave up and went back to school full-time. In mid-October, he sold his technology, CWShredder, to InterMute, which now has four engineers devoted to the battle.

"These are talented people that are at work here," Ross Dreyer, InterMute's director of engineering, said of spyware coders.

CoolWebSearch update --

InterMute's CWShredder(TM) Now Defeats Polymorphic and Other Variants of CoolWebSearch (http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/02-15-2005/0003021908&EDATE=)
CoolWebSearch Spyware Becoming More Sophisticated

BRAINTREE, Mass., Feb. 15 /PRNewswire/ -- InterMute Inc., a leading developer of best-in-class PC protection and productivity software for corporations and consumers, today announced an updated release of CWShredder(TM) that defeats new variants of CoolWebSearch spyware. CWShredder v. 2.13 now includes the ability to detect and remove Look2Me, a variant of
CoolWebSearch spyware that defies attempts to manually remove it from an infected PC. This tenacious browser hijacker wreaks havoc with IT administrators that attempt manual removal because Look2Me removes the required account privileges.

InterMute is exhibiting at the RSA Conference (Booth 1907) in San Francisco this week.

Look2Me is an example of a new generation of "polymorphic" spyware, which continuously changes its filename and other identifying characteristics each time the user logs on and off the infected PC. Once it becomes resident on a PC, Look2Me runs inside a critical Windows process (i.e., hooking into
Winlogon.exe) and operates in stealth mode, never appearing in the Windows Task Manager's process display. Look2Me exploits a Microsoft operating system feature that allows programs to be notified when a user logs in or logs off.

One of Look2Me's primary functions is to hijack users' Web browsers by changing the TCP/IP "hosts" file. When the users try to visit a search engine's Web site, their browser instead becomes redirected to a bogus search site. Once it has gained control of a PC, Look2Me also downloads and installs other spyware programs. Consistent with the trend of ever-increasing technical sophistication exhibited by spyware, Look2Me demonstrates a strong selfpreservation capability. If it detects a partial removal of its software or components, it will re-download and re-install itself. Attempts to remove the other spyware downloaded by Look2Me trigger Look2Me to continuously restore
the removed spyware to their systems.

InterMute's CWShredder focuses on defeating the many new and increasingly sophisticated variants of CoolWebSearch spyware. This includes defeating the notorious "HomeSearch" browser hijacker. HomeSearch is implemented as a BHO
(browser helper object) and installs itself with the load process along with Internet Explorer. HomeSearch also exhibits self-preservation and camouflaging behaviors by randomly renaming itself and its components to avoid detection.

CWShredder defeats another notable CoolWebSearch spyware variant that attempts to prevent users from viewing the Windows Task Manager, so they cannot see the processes that are running on their PC. This variant also prevents users from running the Windows Regedit program, a tool commonly used by tech-savvy professionals to edit the Windows registry in hopes of manually removing spyware. Adding insult to injury, some variants of CoolWebSearch spyware provide an uninstaller which, instead of removing the offending software, actually installs more spyware onto the infected PC. This "brotherhood of spyware" opens the door to invite new spyware guests onto a
computer.

"The level of technical prowess demonstrated by the developers of new CoolWebSearch variants is as impressive as it is disturbing. Spyware is demonstrating a resistance to removal that is reaching new heights. InterMute's CWShredder and SpySubtract anti-spyware products are continually
enhanced to deal with the deep technical sophistication discovered in these new threats," said InterMute CEO and Founder Ed English.

InterMute is the only anti-spyware company that develops a dedicated anti-CoolWebSearch solution. With the built-in reporting capabilities of CWShredder, InterMute receives early-warning notifications of CoolWebSearch variants.

CWShredder is one of the core technologies that fuels InterMute's Anti-Spyware Solution Set, including SpySubtract(R) Enterprise Edition and SpySubtract(R) PRO. CWShredder is available as a free download from InterMute's Web site at http://www.intermute.com.

Isn't it almost up to the definition of "life"...self preserving...reproducing...when is it going to start talking to me?

I got my browser hijacked by coolwebsearch once after visiting some wholesome, Christian related sites. I removed it, but my computer has never been the same, though I at least have control of my browser. After that escapade, I seriously contemplated learning voodoo or seeing a Santeria priest to place a hex on the creators of that browser hijacker. That, and some fantasies reminiscent of the scene in Casino where DeNiro "punishes" the card player for cheating.

yesterday i managed to get rid of some weird program running on one of my computers. i had run ad-aware and it didn't get rid of it. it was something like eulacat.exe or accpt.exe. one would appear, and if u got rid of it, the other one would appear. i finally just got sick of it and took it out of my registry by hand. that seemed to work. they need to bomb the office of the ppl who made that shit.

bomb the people not the office lol

yesterday i managed to get rid of some weird program running on one of my computers. i had run ad-aware and it didn't get rid of it. it was something like eulacat.exe or accpt.exe. one would appear, and if u got rid of it, the other one would appear. i finally just got sick of it and took it out of my registry by hand. that seemed to work. they need to bomb the office of the ppl who made that shit.

see if they were smart, they would have had the processes (programs) write the entries back in the registry if you delete them. :wink: