BuffNET: More than just a connection®
716-941-6308
15 Years of Excellence!
Mon May 12, 2008
Services Web Design Customer Service About BuffNET BuffNET Home Page
Web Hosting
More Info
Sign Up Now
VMailPro

My Start page in MS-Internet Explorer changed and I can't change it back!

Parts of the following information were gathered from
Invasion of the Browser Snatchers
Lincoln Spector, special to PCWorld.com
Thursday, February 14, 2002

The ability for websites to hijack your home page rests squarely on some maliciously used website code.

Typically this happens when commands are executed through JavaScript to insert a new command into your Registry. What makes this so persistent and troublesome is that the command also re-runs at every boot, changing your home page each time you restart the computer.

In this case some security experts believe the method used is via the Js_exception.gen JavaScript Trojan Horse. (If you have antivirus software on your computer, you may want to contact the manufacturer to find out if they have protection available, or planned, for this code.)

Dealing with this problem takes two courses...

Prevention

Jim Wilson, the operator of scumware.com ( http://www.scumware.com ) has tips, tricks and explanations about this unscrupulous system.

You could also turn off your browser's scripting, although that will stop legitimate JavaScripts as well as these hijackings. At least one free downloadable program, StartPage Guard ( http://www.pjwalczak.com/spguard/index.php ) , claims to block such intrusions while letting harmless scripts through.

You can Click Here to find out how to turn off Java and JavaScript for your web browser.

Cleaning and purging...

If your start page has been hijacked, there are a handful of ways to fix it. The following information has been copied from PCWORLD.COM's news story and has not been tested by BuffNET for accuracy.

Anyone attempting the following steps
does so at their own risk.
BuffNET cannot and will not be held responsible
for any resultant damage you may incur
while attempting this procedure.

  1. First, use Internet Explorer's Internet Options dialog box to reset your home and search pages back to what they were before.

    Click [TOOLS] - [INTERNET OPTIONS] to access this section.

  2. Next, select Start, choose Run, type msconfig, and press Enter. Click the Startup tab.

  3. In the resulting list, look for a command with either the word 'regedit' or '.reg' in it. When you find it, uncheck it, then click OK.

That's probably all you need to do, but to be safe, it wouldn't hurt to delete the file mentioned in that line. Don't delete regedit.exe--you need that--but delete the other file referenced there. And it wouldn't hurt to edit the Registry, searching for and removing all references to the offending site.

Who's responsible?

An interviewed VeriSign spokesperson said that if a URL merely redirected surfers to a site that causes this type of hijacking, (VeriSign) has no cause to terminate the account (of the redirector).

I suppose in this case the old adage if correct. "...lets be CAREFUL out there."

Created: Wednesday, February 20, 2002
Updated: Wednesday, February 20, 2002
By: helpdesk@buffnet.net

This page and its contents © 2008
Marketing and Advertising Services Center, Inc.
Buffalo, New York, USA
All Rights Reserved.
Web Accelerator