OT: Hijack Browser

system · November 28, 2006, 3:30pm

Beside doing all that has been mentioned in Safe mode, you will want to
do all these scans with System Restore turned OFF if using XP or ME.

Don't forget to turn it back on after you have removed it.

Good Luck.
Jim

________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Gerard Wadman
Sent: Tuesday, November 28, 2006 7:36 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] OT: Hijack Browser

Check under program files to see if you have a folder called "Gold
Codec"

If so boot into safe mode and delete the folder.

Also while in safe mode run the registry editor and remove all
references to C:\Program Files\Gold Codec\***", and also delete any
references to the URL of the hijacking website

After taking those steps reboot in normal mode and run regclean, if you
don't have regclean.exe, you should download and extract it to a local
folder before you begin.

Finally, right click on your IE icon and choose properties, (DO NOT
LAUNCH THE BROWSER), and set your home page to something generic like
http://www.google.com <http://www.google.com> <http://www.google.com/
<http://www.google.com/> > or http://www.msn.com <http://www.msn.com>
<http://www.msn.com/ <http://www.msn.com/> > etc.

I hope this is helpful

Cheers,

Gerard M Wadman

Sr. Network Systems Engineer

Scandius BioMedical Inc.

11A Beaver Brook Road

Littleton, MA 01460

978/486-4088 x 124

978/486-4108 (fax)

http://www.scandius.com/ <http://www.scandius.com/>

Visit Your Group
<http://groups.yahoo.com/group/vantage;_ylc=X3oDMTJjanJhc3Y0BF9TAzk3MzU5
NzE0BGdycElkAzIwMzY5BGdycHNwSWQDMTcwNTAwNzE4MwRzZWMDdnRsBHNsawN2Z2hwBHN0
aW1lAzExNjQ3MjEzMzg->
SPONSORED LINKS

* Manufacturing software
<http://groups.yahoo.com/gads;_ylc=X3oDMTJhZjdqZ29mBF9TAzk3MzU5NzE0BF9wA
zEEZ3JwSWQDMjAzNjkEZ3Jwc3BJZAMxNzA1MDA3MTgzBHNlYwNzbG1vZARzdGltZQMxMTY0N
zIxMzM4?t=ms&k=Manufacturing+software&w1=Manufacturing+software&w2=Datab
ase+marketing+software&w3=Database+management+software&w4=Real+estate+da
tabase+software&w5=Customer+database+software&c=5&s=162&g=2&.sig=FWgCJuD
4TmVlUvJevSfD6A>
* Database marketing software
<http://groups.yahoo.com/gads;_ylc=X3oDMTJhdDU0YjQ4BF9TAzk3MzU5NzE0BF9wA
zIEZ3JwSWQDMjAzNjkEZ3Jwc3BJZAMxNzA1MDA3MTgzBHNlYwNzbG1vZARzdGltZQMxMTY0N
zIxMzM4?t=ms&k=Database+marketing+software&w1=Manufacturing+software&w2=
Database+marketing+software&w3=Database+management+software&w4=Real+esta
te+database+software&w5=Customer+database+software&c=5&s=162&g=2&.sig=tA
6vL84qiAx0U1cX9znHcQ>
* Database management software
<http://groups.yahoo.com/gads;_ylc=X3oDMTJhajJjaHR2BF9TAzk3MzU5NzE0BF9wA
zMEZ3JwSWQDMjAzNjkEZ3Jwc3BJZAMxNzA1MDA3MTgzBHNlYwNzbG1vZARzdGltZQMxMTY0N
zIxMzM4?t=ms&k=Database+management+software&w1=Manufacturing+software&w2
=Database+marketing+software&w3=Database+management+software&w4=Real+est
ate+database+software&w5=Customer+database+software&c=5&s=162&g=2&.sig=P
6Wqp_5sn_EQL7dPSY-9Ww>
* Real estate database software
<http://groups.yahoo.com/gads;_ylc=X3oDMTJhNDJ0NmNmBF9TAzk3MzU5NzE0BF9wA
zQEZ3JwSWQDMjAzNjkEZ3Jwc3BJZAMxNzA1MDA3MTgzBHNlYwNzbG1vZARzdGltZQMxMTY0N
zIxMzM4?t=ms&k=Real+estate+database+software&w1=Manufacturing+software&w
2=Database+marketing+software&w3=Database+management+software&w4=Real+es
tate+database+software&w5=Customer+database+software&c=5&s=162&g=2&.sig=
mfS1luNdcQ02cj_EWQ11Bw>
* Customer database software
<http://groups.yahoo.com/gads;_ylc=X3oDMTJhY283N250BF9TAzk3MzU5NzE0BF9wA
zUEZ3JwSWQDMjAzNjkEZ3Jwc3BJZAMxNzA1MDA3MTgzBHNlYwNzbG1vZARzdGltZQMxMTY0N
zIxMzM4?t=ms&k=Customer+database+software&w1=Manufacturing+software&w2=D
atabase+marketing+software&w3=Database+management+software&w4=Real+estat
e+database+software&w5=Customer+database+software&c=5&s=162&g=2&.sig=Wb8
MPl08WJh8mxGdLssqGw>

Yahoo! HotJobs

Career change time?
<http://us.ard.yahoo.com/SIG=12h43c2j3/M=493064.8985664.9760683.8674578/
D=groups/S=1705007183:NC/Y=YAHOO/EXP=1164728538/A=3848547/R=0/SIG=10o5tj
ndh/*http://www.hotjobs.com>

Explore companies

and new careers

New web site?

Drive traffic now.
<http://us.ard.yahoo.com/SIG=12h4m4ihj/M=493064.8985663.9760769.8674578/
D=groups/S=1705007183:NC/Y=YAHOO/EXP=1164728538/A=3848642/R=0/SIG=131esh
i2t/*http://searchmarketing.yahoo.com/arp/srchv2.php?o=US2004&cmp=Yahoo&
ctv=Groups3&s=Y&s2=&s3=&b=50>

Get your business

on Yahoo! search.

Yahoo! Groups

Start a group
<http://groups.yahoo.com/start;_ylc=X3oDMTJtZXI0ZGpjBF9TAzk3MzU5NzE0BF9w
AzMEZ3JwSWQDMjAzNjkEZ3Jwc3BJZAMxNzA1MDA3MTgzBHNlYwNuY21vZARzbGsDZ3JvdXBz
MgRzdGltZQMxMTY0NzIxMzM4>

in 3 easy steps.

Connect with others.

.

<http://geo.yahoo.com/serv?s=97359714/grpId=20369/grpspId=1705007183/msg
Id=53341/stime=1164721338/nc1=3848547/nc2=3848642/nc3=3>

[Non-text portions of this message have been removed]

system · November 27, 2006, 5:01pm

I seem to have a pc with yourieprotect.com. It is supposed to be installed
by a zlob Trojan. How do I get rid of this? The rogueremover tool I tried
didn't find it. I can't tell if spynomore is a real tool or another bogus
piece of spyware.

What / who can I trust to get rid of this?

Sincerely,

Mitchell Kirby

Riten Industries, Inc.

<http://www.riten.com/> www.riten.com

740-333-8719 Direct

800-338-0027 Sales

800-338-0717 FAX

[Non-text portions of this message have been removed]

system · November 27, 2006, 5:31pm

I have not had Webroot's Spysweeper fail me yet. Well worth the $30 or so cost even for just one PC in terms of time saved. But for manual removal and diagnostics "Hijackthis" has been handy a few times for examining registry entries and browser related items. I think it was a freeware download from cNet.
-Todd C.

-----Original Message-----
From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com]On Behalf Of Mitchell Kirby
Sent: Monday, November 27, 2006 3:53 PM
To: vantage@yahoogroups.com
Subject: [Vantage] OT: Hijack Browser

I seem to have a pc with yourieprotect.com. It is supposed to be installed
by a zlob Trojan. How do I get rid of this? The rogueremover tool I tried
didn't find it. I can't tell if spynomore is a real tool or another bogus
piece of spyware.

What / who can I trust to get rid of this?

Sincerely,

Mitchell Kirby

Riten Industries, Inc.

< http://www.riten <http://www.riten.com/> com/> www.riten.com

740-333-8719 Direct

800-338-0027 Sales

800-338-0717 FAX

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

system · November 27, 2006, 5:46pm

I have used Spybot -Search & Destroy for Spyware and Lavasoft Ad-Aware
for Adware on my four personal computers for several years.

These are free for personal computers and are reasonably priced for
commercial usage if I remember correctly.

Both products, you have to keep downloading updates just like virus
software.

Do not know if they will fix this particular Spyware.

I have not dealt with spynomore.

Hope this helps.

________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Mitchell Kirby
Sent: Monday, November 27, 2006 3:53 PM
To: vantage@yahoogroups.com
Subject: [Vantage] OT: Hijack Browser

I seem to have a pc with yourieprotect.com. It is supposed to be
installed
by a zlob Trojan. How do I get rid of this? The rogueremover tool I
tried
didn't find it. I can't tell if spynomore is a real tool or another
bogus
piece of spyware.

What / who can I trust to get rid of this?

Sincerely,

Mitchell Kirby

Riten Industries, Inc.

<http://www.riten.com/ <http://www.riten.com/> > www.riten.com

740-333-8719 Direct

800-338-0027 Sales

800-338-0717 FAX

[Non-text portions of this message have been removed]

########################################################################
Attention:
This email message is privileged and confidential. If you are not the
intended recipient please delete the message and notify the sender.
Any views or opinions presented are solely those of the author.

This email message has been scanned for Viruses and Content and cleared
by MailMarshal SMTP

For more information go to http://www.ramsys.com
########################################################################

[Non-text portions of this message have been removed]

system · November 28, 2006, 7:33am

Spybot won't remove it. I will check out Cnet and Spysweeper. From what
little I have found on the net this seems to be a tough one to remove.
Lucky me.

Sincerely,

Mitchell Kirby

Riten Industries, Inc.

<http://www.riten.com/> www.riten.com

740-333-8719 Direct

800-338-0027 Sales

800-338-0717 FAX

_____

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of
Todd Caughey
Sent: Monday, November 27, 2006 5:24 PM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] OT: Hijack Browser

I have not had Webroot's Spysweeper fail me yet. Well worth the $30 or so
cost even for just one PC in terms of time saved. But for manual removal and
diagnostics "Hijackthis" has been handy a few times for examining registry
entries and browser related items. I think it was a freeware download from
cNet.
-Todd C.

-----Original Message-----
From: vantage@yahoogroups <mailto:vantage%40yahoogroups.com> .com
[mailto:vantage@yahoogroups <mailto:vantage%40yahoogroups.com> .com]On
Behalf Of Mitchell Kirby
Sent: Monday, November 27, 2006 3:53 PM
To: vantage@yahoogroups <mailto:vantage%40yahoogroups.com> .com
Subject: [Vantage] OT: Hijack Browser

I seem to have a pc with yourieprotect.com. It is supposed to be installed
by a zlob Trojan. How do I get rid of this? The rogueremover tool I tried
didn't find it. I can't tell if spynomore is a real tool or another bogus
piece of spyware.

What / who can I trust to get rid of this?

Sincerely,

Mitchell Kirby

Riten Industries, Inc.

< http://www.riten <http://www.riten <http://www.riten.com/> com/> com/>
www.riten.com

740-333-8719 Direct

800-338-0027 Sales

800-338-0717 FAX

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

system · November 28, 2006, 8:19am

www.trendmicro.com <http://www.trendmicro.com/> has an online scanning tool
for virus and spyware. Trend is very good at removing items, also run
Spy-bot and Adaware. If those items do not take care of the issue then I
wouldn't waste any more time and just blow away the hard drive and reinstall
the OS.

[Non-text portions of this message have been removed]

system · November 28, 2006, 8:20am

Have a look on google for BHO Daemon. It lists all the 'browser
helper objects' that load with IE, including the dodgy ones. From
there you can enable/disable whatever you like. I'm not sure if it's
still being updated though.

Jonny

--- In vantage@yahoogroups.com, "Mitchell Kirby" <m.kirby@...> wrote:
>
> I seem to have a pc with yourieprotect.com. It is supposed to be
installed
> by a zlob Trojan. How do I get rid of this? The rogueremover tool
I tried
> didn't find it. I can't tell if spynomore is a real tool or
another bogus
> piece of spyware.
>
>
>
> What / who can I trust to get rid of this?
>
>
>
> Sincerely,
>
>
>
> Mitchell Kirby
>
> Riten Industries, Inc.
>
> <http://www.riten.com/> www.riten.com
>
>
>
> 740-333-8719 Direct
>
> 800-338-0027 Sales
>
> 800-338-0717 FAX
>
>
>
>
>
> [Non-text portions of this message have been removed]
>

system · November 28, 2006, 8:31am

hijackThis is a great source for removing spyware
________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On
Behalf Of David Glazewski
Sent: Tuesday, November 28, 2006 7:09 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Re:OT: Hijack Browser

www.trendmicro.com <http://www.trendmicro.com/
<http://www.trendmicro.com/> > has an online scanning tool
for virus and spyware. Trend is very good at removing items, also run
Spy-bot and Adaware. If those items do not take care of the issue then I
wouldn't waste any more time and just blow away the hard drive and
reinstall
the OS.

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

system · November 28, 2006, 8:42am

Check under program files to see if you have a folder called "Gold
Codec"

If so boot into safe mode and delete the folder.

Also while in safe mode run the registry editor and remove all
references to C:\Program Files\Gold Codec\***", and also delete any
references to the URL of the hijacking website

After taking those steps reboot in normal mode and run regclean, if you
don't have regclean.exe, you should download and extract it to a local
folder before you begin.

Finally, right click on your IE icon and choose properties, (DO NOT
LAUNCH THE BROWSER), and set your home page to something generic like
http://www.google.com <http://www.google.com/> or http://www.msn.com
<http://www.msn.com/> etc.

I hope this is helpful

Cheers,

Gerard M Wadman

Sr. Network Systems Engineer

Scandius BioMedical Inc.

11A Beaver Brook Road

Littleton, MA 01460

978/486-4088 x 124

978/486-4108 (fax)

http://www.scandius.com/

________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Mitchell Kirby
Sent: Monday, November 27, 2006 4:53 PM
To: vantage@yahoogroups.com
Subject: [Vantage] OT: Hijack Browser

I seem to have a pc with yourieprotect.com. It is supposed to be
installed
by a zlob Trojan. How do I get rid of this? The rogueremover tool I
tried
didn't find it. I can't tell if spynomore is a real tool or another
bogus
piece of spyware.

What / who can I trust to get rid of this?

Sincerely,

Mitchell Kirby

Riten Industries, Inc.

<http://www.riten.com/ <http://www.riten.com/> > www.riten.com

740-333-8719 Direct

800-338-0027 Sales

800-338-0717 FAX

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

system · November 28, 2006, 8:54am

SmitFraudFix is supposedly able to remove Zlob files, I haven't tried it
but here's the download link
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Good Luck,

Gerard M Wadman

Sr. Network Systems Engineer

Scandius BioMedical Inc.

11A Beaver Brook Road

Littleton, MA 01460

978/486-4088 x 124

978/486-4108 (fax)

http://www.scandius.com/

________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of Mitchell Kirby
Sent: Monday, November 27, 2006 4:53 PM
To: vantage@yahoogroups.com
Subject: [Vantage] OT: Hijack Browser

I seem to have a pc with yourieprotect.com. It is supposed to be
installed
by a zlob Trojan. How do I get rid of this? The rogueremover tool I
tried
didn't find it. I can't tell if spynomore is a real tool or another
bogus
piece of spyware.

What / who can I trust to get rid of this?

Sincerely,

Mitchell Kirby

Riten Industries, Inc.

<http://www.riten.com/ <http://www.riten.com/> > www.riten.com

740-333-8719 Direct

800-338-0027 Sales

800-338-0717 FAX

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

system · November 28, 2006, 8:57am

Have you tried these tools in safe mode? This is where I would start.

For those of you who have never heard of D.I.E.S.C.U.M. I strongly
suggest checking out this link:
http://diescum.freespaces.com/diescum4.html

The website contains a basic guide for cleaning up and removing spyware,
viruses, etc. It also contains links for freeware tools.

Hth,

Jim

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of David Glazewski
Sent: Tuesday, November 28, 2006 7:09 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Re:OT: Hijack Browser

www.trendmicro.com <http://www.trendmicro.com/> has an online scanning
tool
for virus and spyware. Trend is very good at removing items, also run
Spy-bot and Adaware. If those items do not take care of the issue then I
wouldn't waste any more time and just blow away the hard drive and
reinstall
the OS.

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

system · November 28, 2006, 9:25am

Thanks for all of the help. Sounds like I need to create a disk of these
tools. This is the first time something like this has gotten past Spybot
and Norton on one of our machines. I have Ad-Aware running now since Spybot
wouldn't touch it. If that doesn't work I will try Trend and the other
removal tools suggested. I read about HijackThis on Cnet. I will save that
for a last resort.

I really appreciate all of the suggestions. It's really hard to tell on the
net what is true or false when you are chasing down this kind of thing.
It's great to have the group as an impartial resource to help sort things
out.

Sincerely,

Mitchell Kirby

Riten Industries, Inc.

<http://www.riten.com/> www.riten.com

740-333-8719 Direct

800-338-0027 Sales

800-338-0717 FAX

_____

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of
Jim Mediger
Sent: Tuesday, November 28, 2006 8:49 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Re:OT: Hijack Browser

Have you tried these tools in safe mode? This is where I would start.

For those of you who have never heard of D.I.E.S.C.U.M. I strongly
suggest checking out this link:
http://diescum. <http://diescum.freespaces.com/diescum4.html>
freespaces.com/diescum4.html

The website contains a basic guide for cleaning up and removing spyware,
viruses, etc. It also contains links for freeware tools.

Hth,

Jim

From: vantage@yahoogroups <mailto:vantage%40yahoogroups.com> .com
[mailto:vantage@yahoogroups <mailto:vantage%40yahoogroups.com> .com] On
Behalf
Of David Glazewski
Sent: Tuesday, November 28, 2006 7:09 AM
To: vantage@yahoogroups <mailto:vantage%40yahoogroups.com> .com
Subject: [Vantage] Re:OT: Hijack Browser

www.trendmicro.com <http://www.trendmic <http://www.trendmicro.com/>
ro.com/> has an online scanning
tool
for virus and spyware. Trend is very good at removing items, also run
Spy-bot and Adaware. If those items do not take care of the issue then I
wouldn't waste any more time and just blow away the hard drive and
reinstall
the OS.

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]