home page hijack

ArchiveData(auto-quarantine- 13-04-2004 14-18-21.bckp)
======================================================

COOLWEBSEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[01/3]=RegData : SOFTWARE\Microsoft\Internet Explorer\Styles (User Stylesheet = c:\windows\sstyle.css)
obj[02/3]=RegData : SOFTWARE\Microsoft\Internet Explorer\Styles (Use My Stylesheet = 1)
obj[03/3]=File : c:\windows\sstyle.css
obj[1]=RegValue : SOFTWARE\Microsoft\Internet Explorer\Styles
obj[2]=File : c:\windows\sstyle.css

My Internet Explorer changes the Home page from Blank to http://www.wholeworldmarket.com/search/top/ I used internet options to change but if I restart I get the same problem again, I cheked the startup programes but found nothing wrong, I ran spybot and Ad-aware 6 and removed all that was found, restarted my computer but the problem remained. I ran Ad-aware again and kept on getting the above result after every startup, although with the previous runs these items were quarintined. Can anyone please tell me how to get rid of this , regards,

mario

 

Mario
A couple of good programs to have for such occasions are
Hijack This and Spybot These will help track down problems. After you have run them I believe you will need to post back the results here so someone can help you figure out what to deleat.
Stitch
Edited Sorry had the links the wrong way round.

 

I have run hijakthis, spybot and ad-aware I managed to find the problem but could not get rid of it. After a lot of hassle and browsing I decided to do a system restore and now it seems that everything is ok though I am trying to get enough information to avoid this happening again, thank you for your help, regards,

mario

 

Mario
If it happens again and you run the programs some one here will let you know what to delete to get rid of the problem just by looking at the report that the programs give. Glad you have got sorted though.
Stitch

 

Download and run the latest version of CWShredder in the fix mode if problem returns. And feel free to post a HJT log anytime before fixing anything.

 

Dave
Whats CWShredder do
Stitch

 

Searches for and removes entries placed by the CoolWebSearch and it's variants. More about CWS (the hijacker).

 

To keep it from happening again -Think Protection -
download and install

SpywareBlaster will block bad ActiveX and malevolent cookies.
Javacool's SpywareBlaster

And hit windowsupdate if you havent recently

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
IESPYAD'S

Both are very small free programs that you run once, and then just occasionally to check for updates.

And read this
How to surf the Internet more safely with Internet Explorer:
http://www.windows-help.net/features/surf-safe.html

Regards
Lonny

 

Ditto on the IESpyads.Zip. Tha current version is dated 4-11-4.
While you may not be on one of the sites this file puts into the Restricted Zone of Internet Explorer, these driveby installs are usually done by a third party website. This file would still affect third party.
One of the side affects of IESpyads is less cookies. Fewer Java based popups, though not all that affective with all popups, if the settings are correctly done. All you need to do after installing is go into the Restricted Zone of IE and go on down the line and set to Disable everything. If Disable is not available for an item, select High. At the bottom, Password to Prompt.
This will not affect any sites not in the Restricted Zone