Changed registry entry

Discussion in 'Malware Help (A Specialist Will Reply)' started by Pentire, Apr 23, 2005.

  1. Pentire

    Pentire Private E-2

    Could someone please help me find what is changing a registry entry?

    The entry is in "HKEY CURRENT USER/software/Microsoft/Internet Explorer/Main, Start page=..."

    This was hijacked.

    "Hijack This:" identified the problem and I corrected the entry but something changes it back as soon as I close regedit.

    Can anyone help?

    Pentire
     
    Pentire, Apr 23, 2005
    #1
  2. Anon-068c403e2d

    Anon-068c403e2d Anonymized

    To edit te registry,you can use the inbuilt registry editor.
    Type regedit in the run box.Navigate to the key in the registry editor.
    Back up the key you are editing.
    Then edit it.
     
    Anon-068c403e2d, Apr 23, 2005
    #2
  3. darkhorizon

    darkhorizon Private First Class

    can you run a hijack this log and post it here? there is most likely some adware/spyware on your computer that keeps changing the registry value
     
    darkhorizon, Apr 23, 2005
    #3
  4. Insomniac

    Insomniac Billy Ray Cyrus #1 Fan

    Welcome to MajorGeeks.

    Don't post a Hijack This log.

    Follow the recommendations posted on the Spyware Forum.

    They are best equipped to help you in this area.
     
    Insomniac, Apr 23, 2005
    #4
  5. Pentire

    Pentire Private E-2

    Thank you Kadavill,

    I appreciate your help, but I already used regedit. I found the entries and modified them but as soon as I closed regedit the entry changed back to the hijacked entry!

    What I was looking for was guidance as to where to look for the item that controls the HKEY entry:)

    Best wishes,

    pentire
     
    Pentire, Apr 24, 2005
    #5
  6. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Pentire,

    http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

    http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

    http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

    http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

    http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
     
    bjgarrick, Apr 24, 2005
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds