PDA

View Full Version : FAQ #18 - How do I get rid of an unwanted home page



-FAQ-
06-10-2004, 10:38 AM
FAQ #18 - How do I get rid of an unwanted home page

Originally written by Susan B


Many people contract an unwanted home page after visiting certain websites on the internet, which often becomes very difficult to change because a file is installed that changes the registry back at every boot up.

The procedure to fix this problem depends on how the unscrupulous site changed the home page and ranges from simple to complex. Carry out each step in consecutive order until your problem is solved, then read the tips in steps 6. and 7. to protect yourself from future hijackings.

Note: The instructions have been tested on Win 9x and should apply to other versions but differences are possible.

Please ensure you also read and try the suggestions in FAQ #16 - Spyware, adware and viruses - how do I get rid of them? first. The suggestions offered in this FAQ are for when other methods have failed.


LOP.COM: Lop.com home pages can be reset by going back to the lop.com site and locating their home page uninstaller. This will unlock their site from your home page. For other sites read on:


STEP 1. Firstly, open Internet Explorer, go to Tools>Internet Options, and change the Home page to the one you want. If you have attempted this and the offending address is persistent in adding itself back in, go to Step Two.


STEP 2. Do a virus scan with the latest updates installed. Viruses can be a source of some home page hijackings, one being the JS.Seeker trojan. You can do an online scan here (http://housecall.antivirus.com/) if you don't have an anti-virus program.


STEP 3. Download, install and run Ad-aware (http://www.lavasoftusa.com/) and Spybot Search and Destroy (http://www.safer-networking.org/en/index.html) to detect any programs with spyware running. See FAQ #16 - Spyware, adware and viruses - how do I get rid of them? for instructions for using.


STEP 4. Click on Start>Run, type in msconfig and press Enter. (Note: msconfig is not available in Win95, unfortunately). Click on the Startup tab and go through the list of files to see if the unwanted home page is listed in there. Note that the file may have a name completely unrelated to the web page involved, so you have to look carefully.

Some unwanted files to look for are SWPortal, SWCaller, Sp.dll, winn32.html, and/or MSKernel32 (Win32.hta) and also ones with a .tmp or .hta extension (probably a shortcut in your Programs\Startups folder) or sp.dll. These two latter files are related to viruses. Another line to watch for is "LoadIE"="Rundll32.exe iexplore.dll,_Load@16"

If you find one or more of these things, uncheck them, make a note of their names, including their full path, and click OK to exit the msconfig dialogue box. If you are not sure what some files are, you can check them out here (http://www.pacs-portal.co.uk/startup_content.php).

Now open Internet Explorer, and whilst online go to your favorite Home page site. Go to Tools>Internet Options>General tab, and click 'Use current'. If after rebooting there's still no change, move to Step Five.

Experienced Users: If your home page problem is now solved you can navigate to the offending file and delete it. They are often a temp file thrown into the Windows System Folder. The .tmp files are usually running from the registry and should be removed permanently from there also.

An example is:
OPQFile"="C:\\WINDOWS\\regedit.exe /s C:\\WINDOWS\\SYSTEM\\rad3BBBD.tmp"
To remove this file permanently from the registry run regedit and navigate to:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
With RUN (or RUN- if it has been unchecked in msconfig) folder highlighted, right click and delete it.
Close the Registry editor, reboot and find and delete
rad3BBBD.tmp from c:\windows\system


STEP 5. Start loading the nuclear warheads - the next step is to search and edit the Registry. For those new to this it is a serious business because if you put a finger wrong in the registry you could do a lot of harm to your PC that might not be repairable without reformatting. Tread carefully and you'll avoid the landmines!

Firstly, it is essential to backup your registry: ensure that open programs are closed and go to Start>Run, type: scanregw and press Enter. Ignore the message that a backup already exists for today and let it create a new backup. That creates a Rbxxx.cab backup file that you can restore back from using scanreg/restore. See FAQ #30 - The Registry for more information if necessary.


5(a) Go to Start>Run, type: regedit and press Enter to open the Registry Editor. Do a search for the offending web address: hold down Ctrl+F and type in a key portion of the address that you are looking for, not the entire address. Make sure all boxes are checked then press Enter.

For every instance you find, carefully replace it with the web address that you wish to be your home page: if you have IE5.5 and Win98SE, you should find it at
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
and then double click the Start Page in the right window to change the address to something else.

and at
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main
and then double click the Start Page in the right window to change the address to something else.

Press F3 to continue on with each search.


5(b) If you cannot find the offending web address in your registry, navigate to
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Control Panel

If you find the subkey called 'Control Panel' there, right click it and choose delete from the context menu. Close Regedit.

Now go to Start>Settings>Control Panel>Internet Options. Go to the Programs tab, and click Reset Web Settings. Go to the Security tab and for all ActiveX options that are currently set to 'Allow', change them to 'Prompt'. Also uncheck 'Enable install on demand' on the 'Advanced' tab.

Now open Internet Explorer and while online, go to your favorite home page. Go to Tools>Internet Options>General tab and click 'Use current'.

Hopefully the offending home page will now be permanently gone!

If by some chance it is not then the culprit is something other than what is listed here. You will need to post a message requesting further help.


STEP 6. Lock your home page
Once your home page is set back to what you want it to be and it stays that way, it is possible to set it to prevent sites and other people changing it. Do this immediately after correcting your home page to the one you prefer:

Note: Users of Spybot Search and Destroy can use that program to lock down their home page. SpywareBlaster is another program that can lock down homepages.

For Win 9x backup the registry then go to Start>Run type regedit Navigate to: HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\In ternet Explorer

Right-click on the Internet Explorer key, choose New, Key, name it Control Panel. Right-click on the Control Panel, chose New, DWORD value, name it Homepage. Right-click on Homepage, choose modify and type in the number 1.

This should lock your home page, so no other web site can change it. If you might later feel like changing your home page again, open Regedit and drill down to this value Homepage again. Double-click it in the right pane and change its value from 00000001 to 00000000, close Regedit, and make your change in Internet Explorer.

For other versions of Windows, including Win XP there doesn't appear to be an easy way to lock your home page without causing other, possibly unwanted issues and is therefore not listed here.


STEP 7. Protect your PC
To further protect your computer from unscrupulous websites do the following:

Note: Users of Spybot Search and Destroy can use that program's "immunize" feature to protect their computer against malicious takeovers.

1. Disable Windows Scripting Host by installing noscript.exe from Symantec (http://www.sarc.com/avcenter/venc/data/win.script.hosting.html). This is a very convenient, one click tool for disabling or enabling the Windows Scripting Host, a very exploitable tool used by worms and sleazy operators to make bad things happen on your PC. It is not at all required for normal Windows functions.

2. Make sure "Install on demand" is unchecked in Internet Explorer's Tools>Internet Options>Advanced.

3. Go to Internet Options>Security>Internet>Custom level, and for all ActiveX options that are currently set to 'enable' change them to 'prompt'.

4. Make sure you run a reliable, up-to-date anti-virus program.

5. Make sure you run a firewall program when on the internet. Two good firewalls, of which there are freeware versions easy to configure, are ZoneAlarm (http://www.zonelabs.com/) and Agnitum's Outpost (http://www.agnitum.com/).


Original FAQ available from here (http://pressf1.pcworld.co.nz/thread.jsp?forum=1&thread=21606).