gilbert.gif
www.famousgrouse.com

The CRYPT Mag

Home page Hijacking

by Ian c Fyvie

wormcomputer.gif


Famous last words - it will never happen to me!

Unfortunatly .. Yes it will.  As most readers will know, I have both the Amiga & PC computers, however because of all the risks involved  (Virus-Worms-Trojens-hijackers)  in the PC world, Most of my internet work is done using the Amiga.

Just recently I decided the old A1200 was getting somewhat grubby, so I dismantled my system and started a major clean up operation.

As happens  I got a little bored with the situation and decided to complete the job the following day.  That evening I used my PC and started browsing the Internet.

All went well, I visited my various sites and a few new ones to boot.

The following day I completed the cleaning of the Amiga system and it was later that day I tried to look up Ebay using the PC.

At first everything looked normal, The moden dialed up and the Ebay page started loading ... Suddenly it stopped .. The PC had gone off line!

When I tried to redial with the modem I was shocked to find that the Line was busy.

At first I though that there may have been some sort of software problem, So a shutdown and restart was the order of the day.

On rebooting the PC that same thing happened ... I was thrown off line and the connection was reported as still in use!

No doubt about it now ... My machine and internt connection had been Hijacked.

Only one thing for it ... I removed the Phoneline from the Modem.

Now starts the long road to recovery.  I ran "Spybot S&D" but found no problems reported.  I altered the PC Connection number for the Modem and successfully got the machine back online.  I then downloaded "Spysweeper" and checked my System with that,  Again it reported no problems.

In deperation I contacted me ISP and was told to try the Trial version of "The Cleaner".

After downloading this trial version and running it on my system It found 2 trojens that had been completely missed by the other programs.

The removal of these trojens meant that my internet connection was no longer Hijacked and I could once again safely connect to the Internet.  (When my Telephone bill arrived I had been charged for the 2 hijacking episodes .. 3 minutes online at Premium Rate cost me 12.00)

However an annoying problem remained.  Every time I booted my PC, Internet Explorer was launched and directed to a search site.

My home page had been hijacked and trying to change this proved futile ... Obviously when the Trojen downloaded it also contained a file which also hijacked my homepage.

Spybot ..The Cleaner ..SpySweeper didn't help with this problem.  Most gave the option to alter the Homepage, But because IE launched at startup the problem remained.

It was time to get the hands dirty and solved the problem the hard way.



The Cure

If this happens to you this is what you must do.


The problem is located in your "System Configuration Utility".   A script virus put several little 'utilities' in there.  All you have to do is UNCHECK the boxes next to the scripts to deactivate them.

To find the SCU go to start/programs/accessories/system tools/system information/tools/system configuration.

In the SCU dialog box, click the Start Up tab.   These little utilities start to run when you start up your computer.  The offending web site put some of them here.  You have to shut them off.   Ad- aware cannot remove them.

Here's the tough part.  You have to KNOW which program in the SCU box to shut off.   Some are very important and you shouldn't be shut off.

Go to http://www.sysinfo.org/startuplist.php for a full list of what each of the 'programs' do.

Go to http://www.pacs-portal.co.uk/startup_content.php for an explanation of start up programs.

After you uncheck the utilities, restart and go to Tools/internet options/general/homepage, in IE then click 'use blank'. That should do it.

Always check the "System Configuration Utility" box if your computer seems to have been hijacked.  It is also perhaps worthwhile noting down the scripts in the SCU thus giving you an indication of any new scripts loaded that may cause you problems.



It Can Happen to You!

PCdoctor.gif




RIYAN Productions

gilbertfermenting.jpg
www.famousgrouse.com