bcastner MVM join:2002-09-25 Chevy Chase, MD |
Anyone seen: mk:@MSITStore:C:\WINDOWS\start.chm::An odd hijack where it refers directly to the XP Help system.
I believe there has to be more than a BHO component involved, as using Hijack to correct the entries does not survive a reboot.
Google shows equally puzzled people to resolve this one.
Advice, please. |
|
1 recommendation |
Re: Anyone seen: mk:@MSITStore:C:\WINDOWS\start.cYes, I have seen quite a few of these Vulnerability in Internet Explorer ITS Protocol, Handler » forum.gladiator-antiviru ··· &hl=msitHere is a log where we solved it. Hijack this log » forum.gladiator-antiviru ··· ic=12990 |
|
CalamityJane 1 edit
2 recommendations |
to bcastner
There were a couple of victims in this Forum as well, but I didn't see a final cure reported by victim. » Internet Explorer Home Page Hijacked» Web connection kinda iffy |
|
bcastner MVM join:2002-09-25 Chevy Chase, MD |
Re: Anyone seen: mk:@MSITStore:C:\WINDOWS\start.chm::CJ,
Darn you are good.
I hope Google picks up this thread, as this was a new one for me as well.
Darn you are good.
Best, Bill |
|
|
Re: Anyone seen: mk:@MSITStore:C:\WINDOWS\start.csaid by bcastner:
Darn you are good.
Best, Bill
:D Thanks, but Zupe is better I'll point him to this thread and see if he has any updates for us - |
|
|
shanmuga
Premium Member
2004-Apr-17 11:46 am
CalamityJane and Zupe are real experts, but also have a look at this informative post at PC GuideNice detective work by Paul Komski, I would say. |
|
BubbaGIT-R-DONE MVM join:2002-08-19 St. Andrews |
Bubba
MVM
2004-Apr-17 12:49 pm
said by shanmuga: Nice detective work by Paul Komski, I would say.
Yep....and a nice test page he put up also. Welcome to a simple test for the chm vulnerability |
|
|
to bcastner
Re: Anyone seen: mk:@MSITStore:C:\WINDOWS\start.chm::yup i posted this on here the other day as the master-search.com hijack.. Spent 3 days trying to figure out how to kill the damn thing.. finally said screw it, got out the ol' Windows XP CD and clean installed... Judging from some other forums i been looking at, this affects win9x systems as well..
Chad |
|
Zupe MVM join:2001-11-29 New York, NY |
to bcastner
Not much I can add . There's still a bit of a question about exactly what the removal tool from Master-Search.com is doing, as someone ran it while monitoring it with Incntrl and all it appears to do is reset the search/start settings to their defaults, but doing so manually doesn't seem to remove the hijack. I believe there've also been some reports of it returning at a later time, though there are so many of these things lately that I'm starting to lose track of which is which. |
|
|
|
Lappen
Member
2004-Apr-17 3:55 pm
said by Zupe: Not much I can add . There's still a bit of a question about exactly what the removal tool from Master-Search.com is doing, as someone ran it while monitoring it with Incntrl and all it appears to do is reset the search/start settings to their defaults, but doing so manually doesn't seem to remove the hijack.
I believe there've also been some reports of it returning at a later time, though there are so many of these things lately that I'm starting to lose track of which is which.
Here is fresh example of returning after using the tool » forums.net-integration.n ··· &t=13515 |
|