OE Hijacking

Some online ad company has taken over the main window in
my OE. It is now blank white until I connect to my ISP,
then a lame imitation of the default OE main window
appears with links to various products and services.
The "Tip of the Day" area now talks about what to do if I
have bad credit!
I can get the default window back with System Restore but
two days later it's the same crap again.
Somebody must have installed some sort of spyware or
homing pinger on the computer that solicits these
intrusions.
Any ideas on how to find the culprit code and delete it so
that OE can remain unmolested and the same, repeated
series of pop-ups can be banished?

Lanwench
Fri Aug 15 23:06:45 CDT 2003

See the AdAware section below (but it's all good advice). Also note - best
to have posted in an Outlook Express newsgroup - this one's for Outlook.

*** Good security housekeeping tips, in no particular order: ***

* See http://securityadmin.info/faq.htm

* Go to www.lavasoftusa.com and download AdAware...install, launch, update &
run it. This will rid your computer of spyware/adware.

* Use antivirus software (www.grisoft.com has a freebie) and update it
regularly - at least once a week; daily if possible.

* Use a good firewall to block access to your computer from the Internet
(www.sygate.com is a decent freebie for a standalone workstation; hardware
appliances are a better choice for networks).

* Get a popup blocker to stop IE popups, such as www.panicware.com (they
offer a free one) or try the new Google toolbar 2.0 which does the same
thing (and is just plain cool)

* Run Windows Update regularly (http://windowsupdate.microsoft.com) to get
all the latest patches for your operating system.

* See http://www.mvps.org/inetexplorer/Darnit.htm for lots of information on
browser hijacking and how to stop it

* Do not use Imesh or Kazaa any other peer-to-peer file sharing software,
ever.

* Do not use Hotbar.

Grant wrote:
> Some online ad company has taken over the main window in
> my OE. It is now blank white until I connect to my ISP,
> then a lame imitation of the default OE main window
> appears with links to various products and services.
> The "Tip of the Day" area now talks about what to do if I
> have bad credit!
> I can get the default window back with System Restore but
> two days later it's the same crap again.
> Somebody must have installed some sort of spyware or
> homing pinger on the computer that solicits these
> intrusions.
> Any ideas on how to find the culprit code and delete it so
> that OE can remain unmolested and the same, repeated
> series of pop-ups can be banished?

Sandi
Sat Aug 16 04:15:54 CDT 2003

Now *this* is interesting; not something I've come across before...

Do you see anything suspicious under the following keys in the registry?

HKEY_CURRENT_USER\Software\Microsoft\Outlook Express
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Outlook Express

Also, go to IE tools, internet options, security. Check out the various zone
settings; click on the 'sites' button for trusted and local internet zone;
see if there are entries; if so post back.

Also, check your system for a HIDDEN file called HOSTS. Open using Notepad
and post information about the contents.

--
Hyperlinks are used to ensure answers remain current.
________________________________________
Sandi Hardmeier - Microsoft MVP since 1999
http://www.mvps.org/inetexplorer


--
Hyperlinks are used to ensure answers remain current.
________________________________________
Sandi Hardmeier - Microsoft MVP since 1999
http://www.mvps.org/inetexplorer


"Grant" <grantcarol@ij.net> wrote in message
news:037b01c36380$4a087da0$a501280a@phx.gbl...
> Some online ad company has taken over the main window in
> my OE. It is now blank white until I connect to my ISP,
> then a lame imitation of the default OE main window
> appears with links to various products and services.
> The "Tip of the Day" area now talks about what to do if I
> have bad credit!
> I can get the default window back with System Restore but
> two days later it's the same crap again.
> Somebody must have installed some sort of spyware or
> homing pinger on the computer that solicits these
> intrusions.
> Any ideas on how to find the culprit code and delete it so
> that OE can remain unmolested and the same, repeated
> series of pop-ups can be banished?

Sandi
Sat Aug 16 04:15:47 CDT 2003

But it is a security group; and I'm fascinated to see what the guy replies
with to my message (I hope he replies).. this is not something I have seen
before.

--
Hyperlinks are used to ensure answers remain current.
________________________________________
Sandi Hardmeier - Microsoft MVP since 1999
http://www.mvps.org/inetexplorer

"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:%23oq5HL7YDHA.888@TK2MSFTNGP10.phx.gbl...
> Whoops - sorry, my bad - this isn't an Outlook group ;-)
>
> Lanwench [MVP - Exchange] wrote:
> <snip>
> > See the AdAware section below (but it's all good advice). Also note -
> > best to have posted in an Outlook Express newsgroup - this one's for
> > Outlook.
>
>

Mike
Sat Aug 16 04:43:47 CDT 2003

Grant,
Check for Spyware | Adware | Parasites | Dialers | Hijackers | Trojans:
[Experienced Users]
SpyBot 1.2 [freeware] http://security.kolla.de/

Once installed make *sure* to update via online before scanning!
Fix the items labeled in red, items labeled in blue-green are optional.
Support Forum: http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi
How To: http://www.tomcoyote.org/SPYBOT/

[Novice Users]
Ad-Aware [freeware] http://www.lavasoftusa.com/
Once installed make *sure* to update via online before scanning!
Support Forum: http://www.lavasoftsupport.com/

[To double-check your system]
Go to: http://www.tomcoyote.org/hjt/
Download "Hijack This!" [freeware] or download direct (below):
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Click: "Save Log" (generates: "hijackthis.log")

Next, go to the below location:
http://www.spywareinfo.com/forums/

Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new message.
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 8-11-03]
Please post replies to this Newsgroup, email address is invalid
--
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
--

"Grant" <grantcarol@ij.net> wrote in message
news:037b01c36380$4a087da0$a501280a@phx.gbl...
> Some online ad company has taken over the main window in
> my OE. It is now blank white until I connect to my ISP,
> then a lame imitation of the default OE main window
> appears with links to various products and services.
> The "Tip of the Day" area now talks about what to do if I
> have bad credit!
> I can get the default window back with System Restore but
> two days later it's the same crap again.
> Somebody must have installed some sort of spyware or
> homing pinger on the computer that solicits these
> intrusions.
> Any ideas on how to find the culprit code and delete it so
> that OE can remain unmolested and the same, repeated
> series of pop-ups can be banished?