There seems to be this growing trend to hack people's computers and set the IE start page to what ever they want it to be. It's a form of slamming (forced advertising). Setting your start page works until you reboot the computer. Then it's changed again. There are several programs out there that are supposed to fix this. But none of them worked for me. So I had to go find the little trouble maker myself. What happens is. They install a script in your Windows directory that conatins instructions on which URL to load when the computer boots up. When the computer boots. The script generates the info then places it in the IE section of the registry. That's why you can't get rid of it by changing any info inside Explorer. To remove the sucker: 1.)You must first find the script and delete it. 2.)You must hand edit the registry files back to normal or windows will complain it can't find the script when it re-boots. The resistry entries affected that need to be re-written are the following: Shell.RegWrite("HKLMSoftwareMicrosoftWindowsCurrentVersionRunOncetlc",filepath); Shell.RegWrite("HKCUSoftwareMicrosoftInternet ExplorerMainStart Page",url); Shell.RegWrite("HKCUSoftwareMicrosoftInternet ExplorerMainSearch Page",url); Shell.RegWrite("HKCUSoftwareMicrosoftInternet ExplorerMainSearch Bar",burl); Shell.RegWrite("HKCUSoftwareMicrosoftInternet ExplorerMainUse Search Asst","no"); Shell.RegWrite("HKCUSoftwareMicrosoftInternet ExplorerMainUse Custom Search URL",1,"REG_DWORD"); Now that's quite a list. And not much fun. So here's what Uncle Scott does. I use their own technology to my advantage and edit the actual script in the Windows directory to go to the start page of MY choice. The script can be edited in note pad. Example: If you want IE to load Renderosity.com upon start you change the script from this: var url = "http://nasty unwanted site; var burl = "http://nasty unwanted site"; to this: var url = "http://Renderosity.com; var burl = "http://Renderosity.com"; It works well. Probably better than IE's own internal system of setting up the start page. I hope this helps anyone deal with this annoying little hacker invasion. -ScottA

Ack! So much for my typing career ;-)

I'm guessing that where you have 'url' in the above entries is where you change it to the actual url you want?

SpywareBlaster has an option to lock the homepage to your setting http://www.wilderssecurity.net/spywareblaster.html SpyBot has a section where you can reset the homepage http://www.safer-networking.org/

I installed a neat lifesaver called "Regprotect"... Nothing alters my registry without that gem asking me first. Thanks, Scott, for posting this!

Oh, Scott, do you also have a solution for those bastards that install a whole searchbar instead of just a homepage????

I got hit by that once hmatienzo. I think I just turned it off in the IE tool bar menu. But I don't remember. I have a ghost imnage of my system that I use on a regular basis So I normally don't bother trying to fix the hacker stuff. I normally just reload my system from a DVD and it's like new. The best way to avoid the search bars is to be careful to not click on any pop ups. Sometimes that pretty hard on a high speed connection because the suckers pop up so fast and in your haste to close them. You accidentally activate one by mistake. That's why always close pop up windows with the keys: Alt+F4 You can push those keys faster than any pop up configuration anyone can ever deploy. -ScottA

Thanks for suggesting RegProtect, I hadn't heard of that one. I just installed it. Hopefully, it'll help keep that @$%!&#;@ msmsgs.exe process from constantly re-creating and re-loading itself. :-)

For popups: http://www.panicware.com/ Free (although there's a Pro version, too), sits in the tray and can be activated at will (on or off as you please). It's also got a feature that allows you to choose to open specific popups, by holding down the Ctrl key while you click, but it doesn't always work with all popup JavaScript (since it does vary). I also use AdAware Plus (the paid version), and it comes with a registry watch feature that's pretty nice. The pro version is well worth the money, IMHO. Anyway, just passing on the information. bonni

"Oh, Scott, do you also have a solution for those bastards that install a whole searchbar instead of just a homepage????

Spyware Blaster just does that. It sets kill bits in the registry so they never get installed in the first place. It currently protects against 1170 items as of 02/09/04. It takes up no resources since all changes are maintained in the registry.

Attached Link: http://www.reger24.de/prozesse/msmsgs.exe.php

I know this isn't related to spyware or unwanted IE installations, but it certainly relates to those of us who don't want unnecessary processes running while we're using rendering apps, or dislike invasive processes in general. Above, I'd complained about that frustraing MS Messenger process. While RegProtect did a great job of allowing me to delete msmsgs.exe whenever it tried to run itself, this kept happening about every three minutes, which obviously is too much of an annoyance. I found an effective way to get the thing to go away altogether at the linked site. It works! Goodbye, obnoxious MS thingie that I never wanted.

What is the name of the script that we should change? Is it in the WINNT folder or the System folder? {Sometimes that pretty hard on a high speed connection because the suckers pop up so fast and in your haste to close them. You accidentally activate one by mistake} And, why oh why, in this day and age, are you NOT using pop-up blocking software? Heck, even Yahoo offers pop-up blockers. I prefer Ad-Subtract myself, since it eliminiates banner ads as well. But, Google has a toolbar that will also block po-ups. But, your advice is excellent: NEVER, EVER, EVER click on a pop-up window or on one of those "Your clock is wrong. Click here to correct it." banner ads. These ads lead to stupid little programs that "fix your clock" (like it's so hard to set the correct time by yourself). But, these programs are usually infested with spy-ware and other nasties: things hijack your home page, your search page, and even change the ads that you see or send info back to the "marketing" (read: future spammer) company.

The name of the file will probably vary from case to case. Search your Windows directory for files ending in .js It's just a fun way to hack a hack. If you can get one of the other programs out there to stop them from loading in the first place. That's the best course of action. -ScottA