Help. My web browser has been hijacked. My web browser sporadically re-directs me to "http://www.fassia.net/wmed/index1.html". Before taking me to this address the message "Opening page r3.jhtml at 204.177.92.68..." is displayed. I am running IE6 with latest patches on Windows machine (XP). Does anyone know what this is and how to fix it?
PaulB

Is this only your homepage, or any website?

Sounds like some 'dodgy' surfing may have caused this..

Run Ad-Aware and an Anti-Virus scan.
You should also check what apps are loading at startup by running msconfig.

If its all web-pages, your host file may have been modified :-(

Post back


Cheers


Chilling_Silence

Run Adaware & Spybot that will remove it.

Thanks for the reply. Its some websites but not all websites. Definitely some dodgy surfing involved - got trapped in porn "pop-up hell" after connecting through sneaky url link in an email. I suspect that some little piece of software has got imbedded somewhere in my system - just not sure where, how or how to get rid of it.
PaulB

Firstly...
In the Registry (use the registry editor program by clicking START |RUN and in the run dialogue box typing REGEDIT and click OK) check the key

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/URL/Prefixes/www

This key value should be "http://". This is the prefix that is added automatically before every URL typed in. The scumware probably changed this to something like "http://www.fassia.net?redir=" Change it back to "http://" exit the Registry and restart Internet Explorer.

Secondly (and subsequently)...
If you don't want to do the above then use a spyware scanner to remove it:

Adaware (http://www.lavasoftusa.com/software/adaware/) or SpyBot S&D (http://security.kolla.de/)

Install and use/run one of these utilities on a regular absis... also assume you are using an Antivirus utility.

Cheers, Babe.

Thanks. Have run Spybot (but not Adaware) and it is still there.

Thanks. Yes, run NAV and Spybot (and have run Spybot recently).
Also, check Registry setting in your posting - was set to "http://" and not "http://www.fassia.net?redir=".
PaulB

Try rebooting into Safe Mode...

Also, Click Start
-Run
type:
msconfig

Under the Startup tab over the right, check what's loading up.. untick anything that may be the culprit :-)

Take a look at FAQs 8a and 8b, (top right of PF1 home page) they are specifically intended to help with your problem.

Cheers

Billy 8-{)

This is a Browser Helper Object (BHO) that hijacks address-bar searches.
Ad-Aware should remove it.

More info Here (http://www.doxdesk.com/parasite/AutoSearch.html)

Manual removal
Open the registry (Start->Run->regedit) and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run. Delete the entry called 'ASWnk' if you see it on the right.

Now open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands:
cd "%WinDir%\System"
regsvr32 /u msinfosys.dll
You should now be able to delete the 'msinfosys.dll' file in your System folder (inside the Windows folder; called 'System32' on Windows NT/2000/XP) and the 'primesoft' folder in the Program Files folder.

See, that's where "dodgy" surfing gets you.
Dodgy surfing is also, of course, the root of almost all spam: dishonest people wouldn't know your address if you didn't go to the places dishonest people frequent :-)

Let your surfing be guided by the good and wise: Let Govt, big business, big media, and, of course Microsoft/Netscape, provide your signposts through the dangerous world of the internet.

People whose home-pages get hijacked obviously didn't read "The Little Red Engine" when they were young. Stay on the lines; stop at the red lights; and never pick flowers :-)

Argus (inveterate dodgy/serendipitous surfer).

Many thanks Jim. Spot on.