computer help for a friend, guys.

her computer is running fairly smoothly after i downloaded and ran some spyware programs for her, but one problem persists...

when she goes to most websites, the browser loads the page and then as soon as the page loads, the browser is hi-jacked by one of those ad pages. however, the URL shows up as a blank page. it also wont allow you to right click on the page to find the real URL.

how can i solve this one for her? she's got a DSL connection if it matters any. can this be solved thru the Start menu or will downloading be in order? /ubbthreads/images/graemlins/grin.gif

Try some different spywares, like spysweeper , ad-aware and Giant Antispyware (Microsoft beta download for now).
Or try to edit the launched program in registry. You can use Menu, execute, then msconfig. Suppress all programs who don't know.
Giant Antispyware have a feature who block startup program as you want.....it is a free release since mickeysoft bought this society !!!

Hope this help . /ubbthreads/images/graemlins/smile.gif

HijackThis! *should* take care of that, but if you're not extremely careful it'll mess things up.

That happens because the hijacker is installed like a browser plug-in. If the software doesn't take care of it you'll need to go in and delete it manually. Its not the easiest thing to do but I can talk you through it on the phone or using VNC as a remote control.

Chris

Also, make sure you check for spy/highjack-ware while off-line (unplug the DSL)

Can't you disable I.E. plug-ins from the I.E. plug-in manager?

I have a browser extension called "Research" that I've been wondering about. It has no Publisher and no file name. Anyone know what that is?

If you have a browser problem there is a simple workaround until you get it fixed. Just use a different browser. If you ain't got at least two, you ain't nowhere.

i do a lot of computer work, HijackThis is king. i usually use Adaware SE Pro for spyware and such. also at home i use NOD32 for antivirus, i'm not a big fan of overbloated norton, NOD32 antivirus has caught every one of those browser installs for adaware and spyware and useless ad toolbars and the like. so i have no need to use adaware on my pc anymore.

also when using hijackthis, make sure that there are no processes or services running in the background that will restore the settings you correct. use something free like Process Explorer from sysinternals.com to turn off anything fishy. if you see something you dont know, Google the process/module name to see what it is. a big tipoff is also the company name that the process displays, which Proc Explorer shows you.

also check your startup sections with AutoRuns...again from sysinternals or with StartupCPL 2.8...i dont remember from who. both free.

so..terminate processes and services manually or use Adaware that will kill anything it knows for you, kill anything strange in startup. then use hijack this, then run a virus scan or adaware scan to clean out the actual exes. more and more antivirus progs are adding adware detection support. although not for your registry. just for files.

Startup Control Panel is from Mike Lin . Great little application that hides all that registry ugliness. /ubbthreads/images/graemlins/thumbsup.gif

i actually knew that, i just didnt remember how to spell his name and was too lazy to pull it up out of my control panel. heh. Autoruns is even better though, it goes as far as showing you that "Explorer.exe" meaning the shell is also technically an autorun. thats why some changes require restart cause they put themselves into "RunOnce" registry section which is executed before the explorer shell. so the changes arent evident till Explorer is reloaded. also necessary to change any files used by the shell or sometimes to reload browser plugins that would otherwise be locked by explorer when it's loaded.