Thank you H Leboeuf. This is exactly what's going on. The spyware programs
didn't detect this because it is new. Your website is now in My
Favorites.
Delete all the spywares and bad BHOs from your system.
http://www.generation.net/~hleboeuf/spyware.htm
List of bad BHOs.
http://www.doxdesk.com/parasite/
This may also be the cause - it was posted by (James Glynn)
Quote
http://www.spywareinfo.com/articles/datanotary/#07052003
Quote.
Since June 10, someone has been distributing a browser hijack that spawns an
offscreen pop up window which opens a page at datanotary.com.
The hijack is accomplished by inserting javascript into a Cascading Style
Sheet (CSS) file, then hijacking Internet Explorer's accessibility options
to force it to use that style sheet. When activated, the javascript makes
use of an obscure and proprietary Microsoft CSS extension to create the pop
up window.
The pop up windows are hidden, since the javascript opens them at a position
5,000 pixels from the top and 5,000 pixels from the left of the screen (most
monitors display only 768 pixels from top to bottom). It is unclear whether
the window was intentionally placed offscreen, or if the malware author
simply made a typo.
The extension is called and the pop up windows created when the victim
begins to type into a form on a web page. This causes the computer to slow
down quite visibly as the window is being created offscreen. This is, in
fact, how the hijack was discovered. Hundreds of people were posting
questions on message boards around the world asking for help with a
mysterious slow down while typing.
A user at the SWI support forums noticed that his browser was set to use a
custom stylesheet. After resetting that option to not use the style sheet,
his slow typing problem disappeared.
Examination of the file found a javascript expression where CSS should have
been. Converting the expression into Human-readable text revealed a script
that opens a hidden pop up window to datanotary.com
Removal Instructions
Click Tools
Click Internet Options
Click Accessibility
Uncheck "Format documents using my style sheet"
See if this is checked, make sure before you uncheck to look at the path of
the *.css file. It was my.css in one case, system.css in another.
Click Ok twice
Now go to the c:\Windows directory where the file is located and delete that
*.css.
Reboot
Update: July 5, 2003
The persons responsible for this stylesheet hijack are also providing it to
coolwwwsearch.com, coolwebsearch.com, youfindall.net, ok-search.com, and
white-pages.ws.
These latest variants will drop an executable file (bootconf.exe) and create
a startup entry to load it when Windows is started. This executable file and
its startup entry will need to be removed.
This is how it appears in a HijackThis log:
O4 - HKLM\..\Run: [sysPnP] C:\WINDOWS\System32\bootconf.exe
Unquote.
Josh N. said:
I too am having this EXACT same problem(s)! Just
yesterday my Windows XP op sys told me "new updates" were
avilable. As they were mostly "essential security fixes"
I went ahead and installed them. One was a fix for
Outlook Express. Somehow, the entire process upgraded my
IE from v.5.5 (or thereabout) to IE v.6.0...Which is when
all my problems started! Pages take forever to load it
seems, and it gets progressively worse if I open more
than one IE window. I've tried uninstalling 1 or 2 of
the recent "fixes", nothing's worked thus far. HELP US
PLEASE - this is rediculous...!!