CONSTANT HIJACKING :mad:

Hey all,

Say, I'm constantly getting hijacked by LuckySearch.net; it takes over my browser. Further, Hijack this shows CoolWebSearch and acc.count.all.com (about : blank) as regulars when the hijack shows up. (Incidentally, the hijack takes place usually after I've restarted or rebooted, which, I found out, is normal for this jerk of a hijacker.)

After running Hijack This, Ad-Ware and Spybot, and after cleaning Internet temp and cookie files, the system's fine, and the Registry shows no hits for searches for CoolWeb or LuckSearch.

I frequent few sites beyond several well-known computer sites. I'm not sure why this his happening. I tried running SpyGuard, and it would detect the attempts, but then it would give me a Runtime error (431 or something like that). I have Access for Win95, Excel 97 and Word on my system. I was concerned about the Runtime error, because these programs are involved with files or programming using some of the fixes I found for the Rutime error.)

Any ideas what's going on?

Thanks very much,

Starkman

 

GOT IT FIXED

No need for any responses ... I got it fixed.

Thanks,

 

Hey, guy!
Tell us what the fix was!
(We might be able to use the info to help other hijack victims in the future.)

 

This is a very helpful page:

http://www.spywareinfo.com/~merijn/cwschronicles.html

I have used CWShredder, it works very well.

 

Well, what fixed it? Well, first, what caused it:

I scanned my system at Trend Micro's Housecall site Trend Micro's Antivirus Housecall scanning site. It found TROJ STARTPAGE.W in two locations. Trend's scan offered to delete the files (ah, but it couldn't clean them using the "Clean" button, as it notes the trojan is uncleanable; you can't have browsers opened to clean it!). Here's the files I deleted: Windows\system\tamicfg.exe and Program Files\common files\microsoft shared\msinfo\info32.exe. That's when the system started giving me "Could not find info32.exe in the Win.ini file ...."

Jamiko's on the scene! it was Sywareinfo I found after googling IFO32.EXE (found a forum question addressing the issue). I used CWShredder , and it identified the trojan and instructed me to either remove the programming for Java VM (Windows no longer supports it) or get the patch installed; I chose to do the patch.

One caveat: the link to the patch does not take you directly to the download site for the patch (at least it didn't for me). You're taken to the MS ... wait, make that M$, Update Bulletin Security site for this issue, but when you click on the link to the patch, your system goes through the scanning process that it does when you just do a normal Update. From here, several issues were noted as needing updates, and I was NOT able to just click the one I wanted to install and have it do its thing; I had click the "Remove" button to remove all the other updates to leave just the one I wanted. A pain, and I'm not sure why it did this when other times it's always given me options to click the updates I want.

I re-scanned my system at Trend, and things were fine. Definitely check out Jamiko's site