dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
755

bcastner
MVM
join:2002-09-25
Chevy Chase, MD

bcastner

MVM

Anyone seen: mk:@MSITStore:C:\WINDOWS\start.chm::

An odd hijack where it refers directly to the XP Help system.

I believe there has to be more than a BHO component involved, as using Hijack to correct the entries does not survive a reboot.

Google shows equally puzzled people to resolve this one.

Advice, please.

CalamityJane
Premium Member
join:2002-08-27
Eustis, FL

1 recommendation

CalamityJane

Premium Member

Re: Anyone seen: mk:@MSITStore:C:\WINDOWS\start.c

Yes, I have seen quite a few of these

Vulnerability in Internet Explorer ITS Protocol, Handler
»forum.gladiator-antiviru ··· &hl=msit

Here is a log where we solved it.
Hijack this log
»forum.gladiator-antiviru ··· ic=12990
CalamityJane

1 edit

2 recommendations

CalamityJane to bcastner

Premium Member

to bcastner
There were a couple of victims in this Forum as well, but I didn't see a final cure reported by victim.

»Internet Explorer Home Page Hijacked

»Web connection kinda iffy

bcastner
MVM
join:2002-09-25
Chevy Chase, MD

bcastner

MVM

Re: Anyone seen: mk:@MSITStore:C:\WINDOWS\start.chm::

CJ,

Darn you are good.

I hope Google picks up this thread, as this was a new one for me as well.

Darn you are good.

Best,
Bill

CalamityJane
Premium Member
join:2002-08-27
Eustis, FL

CalamityJane

Premium Member

Re: Anyone seen: mk:@MSITStore:C:\WINDOWS\start.c

said by bcastner:

Darn you are good.

Best,
Bill

:D Thanks, but Zupe See Profile is better I'll point him to this thread and see if he has any updates for us -

shanmuga
Premium Member
join:2003-12-06

shanmuga

Premium Member

CalamityJane and Zupe are real experts, but also have a look at this informative post at PC Guide

Nice detective work by Paul Komski, I would say.

Bubba
GIT-R-DONE
MVM
join:2002-08-19
St. Andrews

Bubba

MVM

said by shanmuga:
Nice detective work by Paul Komski, I would say.
Yep....and a nice test page he put up also.

Welcome to a simple test for the chm vulnerability
chaddz39
join:2002-04-02
Cedar Rapids, IA

chaddz39 to bcastner

Member

to bcastner

Re: Anyone seen: mk:@MSITStore:C:\WINDOWS\start.chm::

yup i posted this on here the other day as the master-search.com hijack..
Spent 3 days trying to figure out how to kill the damn thing.. finally said screw it, got out the ol' Windows XP CD and clean installed... Judging from some other forums i been looking at, this affects win9x systems as well..

Chad

Zupe
MVM
join:2001-11-29
New York, NY

Zupe to bcastner

MVM

to bcastner
Not much I can add . There's still a bit of a question about exactly what the removal tool from Master-Search.com is doing, as someone ran it while monitoring it with Incntrl and all it appears to do is reset the search/start settings to their defaults, but doing so manually doesn't seem to remove the hijack.

I believe there've also been some reports of it returning at a later time, though there are so many of these things lately that I'm starting to lose track of which is which.

Lappen
join:2000-12-07
sweden

Lappen

Member

said by Zupe:
Not much I can add . There's still a bit of a question about exactly what the removal tool from Master-Search.com is doing, as someone ran it while monitoring it with Incntrl and all it appears to do is reset the search/start settings to their defaults, but doing so manually doesn't seem to remove the hijack.

I believe there've also been some reports of it returning at a later time, though there are so many of these things lately that I'm starting to lose track of which is which.

Here is fresh example of returning after using the tool
»forums.net-integration.n ··· &t=13515