Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Change Has Been Detected In Your Ie Search Page


  • Please log in to reply
10 replies to this topic

#1 Eagle7

Eagle7

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 29 July 2006 - 01:40 PM

Hello,

My WinPatrol program has detected a change to my IE Search Page (I don't even use IE). This alert window comes up AFTER I successfully rid my computer of "IEPlugin" with the Symantec IE Plugin Removal Tool (in safe mode). Now, after rebooting I get this alert box from WinPatrol, and I honestly don't know whether to click on the YES or the NO box. I've been clicking on the "NO" box, but the same window keeps coming up. Here's what it says:


A change has been detected in your Internet Explorer Search Page.

Your new page is www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

If this is ok, then click Yes or press Enter,

Click No or press Esc and we'll restore your page to
ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch=EN_US&c=Q304&bd=presario&pf=desktop


I've clicked on the "No" button maybe 6 or 7 times, but the same window keeps coming up. Should I be clicking on the "Yes", or is there a major problem here? I haven't had much experience with this type of situation, so sure would appreciate any help I can get. Thanks in advance.

I'm running Win XP Home w/SP 2. My Spysweeper is what detected the plug in last night, and asked me if I wanted to quarantine it. I said "Yes". This morning I Googled this plug in and decided to use Symantec's IE Plug in removal tool. It only removed part of it, so I had to re-do it in Safe Mode as it suggested.

Regards,

Eagle7

//Mod edit to modify URL links above.//

Edited by KoanYorel, 29 July 2006 - 01:50 PM.


BC AdBot (Login to Remove)

 


#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:01:58 AM

Posted 29 July 2006 - 06:09 PM

It sounds like by using Symantic to remove the BHO you made the change and now are disallowing the change in Winpatrol.

Not all plugins (BHOs) are bad.

You stopped your computer from going to HP.com and the default is Microsoft

#3 Eagle7

Eagle7
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 29 July 2006 - 09:37 PM

Thanks Enthusiast,

Only problem tho, is now I'm even more confused. A bit of history for you first, according to Symantec and other sources, the "IEPlugin" is adware that is a High risk and should be removed. So, this sounds to me like one I don't want to keep around. I'm having a hard time understanding the whole IE Search Page concept here, as I don't even use IE. I use Firefox. I visited HP's site yesterday, and I couldn't tell you if it was from there that I picked up this adware, but I do recall being redirected to M$ at one point while on line.

If you don't mind bearing with me here, I'd need a little more info and a better understanding of why WHICH page is supposed to be the correct Search Page if either of them. Also, would I be better off to use System Restore and go back a couple of days? Thanks for taking the time to help me sort this one out.

Regards,

Eagle7

#4 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:58 AM

Posted 29 July 2006 - 09:54 PM

Click on yes the next time it comes up. All WinPatrol is doing is confirming that YOU removed the HP plugin. You do not need to restore to an earlier date.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:58 AM

Posted 30 July 2006 - 07:22 AM

Even though you use Firefox, IE is still installed on your system and includes registry entries for Start, Search Page, Search Assistant and Search Functions whether or not you use them.

Adware.IEPlugin is a bad IE BHO that monitors Web site addresses, content entered into forms, and local file names that are browsed. Symantec's removal tool will make changes to the registry which WinPatrol will detect even though you are not using IE. When you use fix tools that allow these types of changes to take place, you either have to disable other tools that will flag them with alerts or choose to allow the changes. That's why WinPatrol provides the option for you to choose what to do when detecting the change. WinPatrol is not saying the change is bad or good, just that a change was made.

Adware.IEPluggin is also responsible for downloading other malware such as 180Search, BetterInternet, BargainBuddy, SmartPops, and WeirdOnTheWeb so you should be doing some other anti-malware scans to ensure your system is clean. I suggest you download and scan with Ad-Aware SE Personal 1.06 and Spybot S&D 1.4.

Then perform this online Virus scan: Trend Micro Housecall Scan for Firefox
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Eagle7

Eagle7
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 30 July 2006 - 11:24 AM

Thanks so much quietman7 for the detailed explanation of what's going on here.

I'm still a bit puzzled on the WinPatrol alert window in that when I'd click on "No" to restore my page, which I thought was the right move, all that happened was the alert window would then go away for a few seconds, then return with the same alert. Finally, I couldn't stand that, found it most difficult to work on my computer, so clicked on the "Yes" button. The window went away and has not returned. But I guess that means I accept the change that was made, and I still don't know if that was good or bad.

I also appreciate your info on this bad plug in. My SpySweeper which is what actually found it, rated it only 3 out of 5 on their scale and only a moderate risk. Hmm. It was through obtaining the Symantec fix that I learned they considered it a High risk. Glad I went there and used their tool.

I did do a Ad-Aware and Spybot scan after using the Symantec tool, while I was still in Safe Mode. I will now follow up with the Trend Micro scan for Firefox. Hopefully, these actions will insure me that I'm clean.

One last question for now. So, is this considered one of those "drive by" things? I don't know how to better protect myself against stuff like this. I'm already using: AVG + Firewall, Ad-Aware, Spybot, Spywareblaster, SpySweeper and A-squared. I even have a "NetSweeper Filter" from my ISP. Is there anything else I should be employing? I'm actually quite a conservative surfer, no games, no music downloads, no questionable sites, etc. I'm most vigilant on using the above protection, usually at least every other day. Oh, I also have Window Washer and use it quite often, plus I have FF delete any traces of my activity. What else can a person do?

Thanks again, really appreciate your help. Have a great weekend.

Regards, Eagle7

#7 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:58 AM

Posted 30 July 2006 - 12:02 PM

One of Firefox's extensions which I use and find most valuable is called NoScript. It allows you to decide easily what scripting to allow on every internet site you visit. Great for preventing drivebys and a lot of ads. Makes you more stealthy.
In my humble opinion the programs you have listed is a bit of overkill if you have them all fully functional at startup. A lot of overlapping. Perhaps Quietman7 will share his opinion, too.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 Eagle7

Eagle7
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 30 July 2006 - 02:24 PM

Thanks Buddy, for both of your replies. I seem to remember using something like No Script several months ago. Whatever it was, it seemed to slow my computer pages loading. I'm on dial up anyway, so guess it doesn't really matter. I'll go get No Script and install it. Appreciate your thoughts.

Eagle7

#9 Eagle7

Eagle7
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 30 July 2006 - 04:16 PM

So, what's wrong with this picture?

I've tried to run the Trend House call on line scan twice now. It's like it resets itself at the end of the scan, to 21 Hours! I never did catch the results, although I made sure I was in front of the computer in what I thought was plenty of time. The initial scan said it would take approx. 1 1/2 hours. So, I came back just before that time, it had 'reset' I guess, and the CPU was loaded up to 100% and near by Firefox. I ended the process, the fan soon quit. I retried the process. Started out fine, said it would take 45 minutes to scan. I left it, came back to find the same thing as above. Any idea what's going on here? Thanks in advance.

Regards, Eagle7

#10 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:58 AM

Posted 30 July 2006 - 05:56 PM

Try turning off all programs except firewall. Then start the scan again and check time prediction.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Eagle7

Eagle7
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 31 July 2006 - 07:44 PM

Hello,

Well, as it turns out, my computer is going to the HP hospital tomorrow, so hopefully some of my "issues" will be taken care of. They just put in a new motherboard about 5 weeks ago, for my CPU loading up to 100% and the fan running. That behavior started up again just two weeks ago, and has been a problem 7 times now. So, I'll be signing off on this issue as I need to pack the tower up to be shipped tomorrow. Thanks to all for your help and assistance.

Eagle7




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users