Seaching problem unsolved

[Andrew J.]

Help!!

I am still having problems with my address bar. When I
type in a word (like "food"), I get back "http:///?%
20food"

I did as I was told, and fixed the registry as directed
at:

http://www.mvps.org/inetexplorer/answers4.htm#search_engin
e

And it still didn't work. What can I do now? Is there a
way to fully uninstall IE 6.0, and go back to a prior
version (so then I can then update back to 6.0)?

THANKS!!!

 

[Jim Byrd]

Hi Andrew - This is often indicative of malware hijacking of your computer.
Try the following:

The best way to start is to get Ad-Aware 6.0, Build 162 or later, here:
http://www.lavasoftusa.com/support/download/. Update and run this regularly
to get rid of most "spyware/hijackware" on your machine.

Another excellent program for this purpose is SpyBot Search and Destroy
available here: http://security.kolla.de/ SpyBot Support Forum here:
http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi. I recommend
using both normally. After fixing things with SpyBot S&D (I recommend only
the "Red" initially - you can get into difficulties otherwise), be sure to
re-boot and rerun SpyBot again and repeat this cycle until you get a clean
"no red" scan.


Once you're sure you are "clean", then enter the following (NOT including
the dashed lines) into Notepad and save as: RestoreSearch.reg, then double
click on the saved file to restore your default search settings.
----------------------------

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Do404Search"=hex:01,00,00,00
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://search.msn.com/intl/searchpane/en-au/prov2.htm"
"Use Custom Search URL"= dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.
htm"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.
htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=ies
earch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
""="http://home.microsoft.com/access/autosearch.asp?p=%s"
" "="+"
"&"="%26"
"+"="%2B"
"#"="%23"
"?"="%3F"
"="="%3D"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar="http://search.msn.com/intl/searchpane/en-au/prov2.htm"


---------------------------




Finally, you might want to consider installing the SpywareBlaster and
SpywareGuard here to help prevent this kind of thing from happening in the
future:
http://www.wilderssecurity.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it updated) The latest version as of this writing
will prevent installation or prevent the malware from running if it is
already installed, and it provides information and fixit-links for a variety
of parasites.
http://www.wilderssecurity.net/spywareguard.html (Monitors for attempts to
install malware) Both Very Highly Recommended.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

 

[Mike Burgess]

Jim,
You may want to recheck those entries? .....
[example]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://search.msn.com/intl/searchpane/en-au/prov2.htm"

Huh?? ...... "Search Bar" is not a default entry, and the above URL is
wrong.
Looks like several others may be localized to *your* area? <g>
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 8-20-03]
Please post replies to this Newsgroup, email address is invalid
--
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
--

Hi Andrew - This is often indicative of malware hijacking of your computer.
Try the following:

Once you're sure you are "clean", then enter the following (NOT including
the dashed lines) into Notepad and save as: RestoreSearch.reg, then double
click on the saved file to restore your default search settings.
----------------------------

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Do404Search"=hex:01,00,00,00
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://search.msn.com/intl/searchpane/en-au/prov2.htm"
"Use Custom Search URL"= dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.

htm"

"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.
htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=ies

earch"
"Search

Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
""="http://home.microsoft.com/access/autosearch.asp?p=%s"
" "="+"
"&"="%26"
"+"="%2B"
"#"="%23"
"?"="%3F"
"="="%3D"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar="http://search.msn.com/intl/searchpane/en-au/prov2.htm"

 

[Jim Byrd]

Thanks Mike - I'll take a look - that's an old "canned" post, and might have
been OBE.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

Jim,
You may want to recheck those entries? .....
[example]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://search.msn.com/intl/searchpane/en-au/prov2.htm"

Huh?? ...... "Search Bar" is not a default entry, and the above URL is
wrong.
Looks like several others may be localized to *your* area? <g>
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS
file http://www.mvps.org/winhelp2002/hosts.htm [updated 8-20-03]
Please post replies to this Newsgroup, email address is invalid
--
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

Hi Andrew - This is often indicative of malware hijacking of your computer.
Try the following:

Once you're sure you are "clean", then enter the following (NOT
including the dashed lines) into Notepad and save as:
RestoreSearch.reg, then double click on the saved file to restore
your default search settings. ----------------------------

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Do404Search"=hex:01,00,00,00
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://search.msn.com/intl/searchpane/en-au/prov2.htm"
"Use Custom Search URL"= dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst."CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.

htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=ies

earch"
"Search

Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
""="http://home.microsoft.com/access/autosearch.asp?p=%s"
" "="+"
"&"="%26"
"+"="%2B"
"#"="%23"
"?"="%3F"
"="="%3D"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar="http://search.msn.com/intl/searchpane/en-au/prov2.htm"

Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

 

[Mike Burgess]

Andrew,
Some program (usually spyware\parasite) may have overridden the URL prefix
setting?
Open Regedit to the following locations and verify the below default
entries:
Start | Run (type) "regedit" (no quotes)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPre
fix]
@="http://"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

Note: edit as needed, *always* Export before editing.
--
Check for Spyware | Adware | Parasites | Dialers | Hijackers | Trojans |
Unwanted Toolbars:
[Experienced Users]
SpyBot 1.2 [freeware] http://security.kolla.de/

Once installed make *sure* to update via online before scanning!
Fix the items labeled in red, items labeled in blue-green are optional.
Support Forum: http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi
How To: http://www.tomcoyote.org/SPYBOT/

[Novice Users]
Ad-Aware [freeware] http://www.lavasoftusa.com/
Once installed make *sure* to update via online before scanning!
Support Forum: http://www.lavasoftsupport.com/

[To double-check your system - *after* using one of the above]
Go to: http://www.tomcoyote.org/hjt/
Download "Hijack This!" [freeware] or download direct (below):
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Click: "Save Log" (generates: "hijackthis.log")

Next, go to the below location:
http://www.spywareinfo.com/forums/

Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new message.
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 8-26-03]
Please post replies to this Newsgroup, email address is invalid