View Full Version : Web Browser Hijacked

04-06-2003, 10:39 PM
Help. My web browser has been hijacked. My web browser sporadically re-directs me to "http://www.fassia.net/wmed/index1.html". Before taking me to this address the message "Opening page r3.jhtml at" is displayed. I am running IE6 with latest patches on Windows machine (XP). Does anyone know what this is and how to fix it?

04-06-2003, 10:52 PM
Is this only your homepage, or any website?

Sounds like some 'dodgy' surfing may have caused this..

Run Ad-Aware and an Anti-Virus scan.
You should also check what apps are loading at startup by running msconfig.

If its all web-pages, your host file may have been modified :-(

Post back



04-06-2003, 10:55 PM
Run Adaware & Spybot that will remove it.

04-06-2003, 10:58 PM
Thanks for the reply. Its some websites but not all websites. Definitely some dodgy surfing involved - got trapped in porn "pop-up hell" after connecting through sneaky url link in an email. I suspect that some little piece of software has got imbedded somewhere in my system - just not sure where, how or how to get rid of it.

Babe Ruth
04-06-2003, 10:58 PM
In the Registry (use the registry editor program by clicking START |RUN and in the run dialogue box typing REGEDIT and click OK) check the key


This key value should be "http://". This is the prefix that is added automatically before every URL typed in. The scumware probably changed this to something like "http://www.fassia.net?redir=" Change it back to "http://" exit the Registry and restart Internet Explorer.

Secondly (and subsequently)...
If you don't want to do the above then use a spyware scanner to remove it:

Adaware (http://www.lavasoftusa.com/software/adaware/) or SpyBot S&D (http://security.kolla.de/)

Install and use/run one of these utilities on a regular absis... also assume you are using an Antivirus utility.

Cheers, Babe.

04-06-2003, 10:59 PM
Thanks. Have run Spybot (but not Adaware) and it is still there.

04-06-2003, 11:03 PM
Thanks. Yes, run NAV and Spybot (and have run Spybot recently).
Also, check Registry setting in your posting - was set to "http://" and not "http://www.fassia.net?redir=".

04-06-2003, 11:04 PM
Try rebooting into Safe Mode...

Also, Click Start

Under the Startup tab over the right, check what's loading up.. untick anything that may be the culprit :-)

Billy T
04-06-2003, 11:35 PM
Take a look at FAQs 8a and 8b, (top right of PF1 home page) they are specifically intended to help with your problem.


Billy 8-{)

Jim B
05-06-2003, 12:05 AM
This is a Browser Helper Object (BHO) that hijacks address-bar searches.
Ad-Aware should remove it.

More info Here (http://www.doxdesk.com/parasite/AutoSearch.html)

Manual removal
Open the registry (Start->Run->regedit) and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run. Delete the entry called 'ASWnk' if you see it on the right.

Now open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands:
cd "%WinDir%\System"
regsvr32 /u msinfosys.dll
You should now be able to delete the 'msinfosys.dll' file in your System folder (inside the Windows folder; called 'System32' on Windows NT/2000/XP) and the 'primesoft' folder in the Program Files folder.

05-06-2003, 12:03 PM
See, that's where "dodgy" surfing gets you.
Dodgy surfing is also, of course, the root of almost all spam: dishonest people wouldn't know your address if you didn't go to the places dishonest people frequent :-)

Let your surfing be guided by the good and wise: Let Govt, big business, big media, and, of course Microsoft/Netscape, provide your signposts through the dangerous world of the internet.

People whose home-pages get hijacked obviously didn't read "The Little Red Engine" when they were young. Stay on the lines; stop at the red lights; and never pick flowers :-)

Argus (inveterate dodgy/serendipitous surfer).

05-06-2003, 08:47 PM
Many thanks Jim. Spot on.