Spurious URLs being inserted into IE "Back" list
Frank D. Nicodem, Jr.
07-09-2005, 11:06 PM
I've been having a problem lately with spurious URLs being added to my
"Back" list, as I browse from page to page. I may be viewing page "A", but
when I click on a link to page "B", and then look at my "Back" list (by
clicking the down-arrow to the right of the "Back" button), I can see one,
two, three or more URLs that have been placed *in between* where I currently
am, and the original page "A".
In virtually every case, these spurious URLs point to either atdmt.com or
doubleclick.net -- or some variant of those domains. The result is that
when I try to use the "Back" button to return to the page I was reading
(page "A", in my example), I have to cycle through one or more intermediate
pages, before I can get back there. (And sometimes, even cycling back
through these spurious URLs will cause *other* URLs to be inserted into the
list. At this point, the only way I can return to where I want to go is to
use the drop-down "Back" list, and skip over the intermediate URLs. This,
however, is more tedious, and completely invalidates the use of the "Back"
button itself.)
I am *extremely* careful about viruses, trojans, spyware, adware, and other
malware on my system. If anything, I am *overly* cautious about running
virus checkers, spyware detection and removal tools, and other system
security and maintenance applications. I am running Windows XP Home
Edition, SP2, with all security turned on. Along with a *highly* customized
HOSTS file (listing literally thousands of domain names to ignore), the good
news is that I don't *see* these intermediate sites. However, it's still a
pain to try and use my IE browser. And above all, I don't know where they
are coming from.
My first concern is to find out if there is ANYTHING on my own system -- any
trojan or spyware or anything else -- that could be inserting these spurious
URLs; or is it a feature of the Web sites I am visiting? (It does seem to
be more predominant at some sites, than at others. My default portal, for
example, is probably the worst of the worst cases. I have a Dell Inspiron
9200, and my default home page is the dellnet.msn.com page.) Could *that*
be causing problems? And why does it happen in *some* other places... but
not others???
Of course, the key question is: What can I do to stop this kind of
activity?? How do I get IE to completely ignore references to these URLs --
or to requests to have them inserted into the "Back" list -- and keep that
list clean enough to be able to successfully use the "Back" button again???
-----------------------------------------------------------
Frank D. Nicodem, Jr.
Mail@FrankNicodem.com
Jim Byrd
07-09-2005, 11:06 PM
Hi Frank - "I am extremely careful about viruses, trojans, spyware, adware,
and other
malware on my system."
That may be true, but you also have a malware problem. :) See my Blog,
link in Signature below, for some basic removal steps and preventive
measures that you can take.
--
Regards, Jim Byrd, MS-MVP
My Blog Defending Your Machine here:
http://defendingyourmachine.blogspot.com/
"Frank D. Nicodem, Jr." <Mail@FrankNicodem.com> wrote in message
news:uOTYf$UYFHA.3164@TK2MSFTNGP12.phx.gbl
> I've been having a problem lately with spurious URLs being added to my
> "Back" list, as I browse from page to page. I may be viewing page
> "A", but when I click on a link to page "B", and then look at my
> "Back" list (by clicking the down-arrow to the right of the "Back"
> button), I can see one, two, three or more URLs that have been placed
> *in between* where I currently am, and the original page "A".
>
> In virtually every case, these spurious URLs point to either
> atdmt.com or doubleclick.net -- or some variant of those domains.
> The result is that when I try to use the "Back" button to return to
> the page I was reading (page "A", in my example), I have to cycle
> through one or more intermediate pages, before I can get back there.
> (And sometimes, even cycling back through these spurious URLs will
> cause *other* URLs to be inserted into the list. At this point, the
> only way I can return to where I want to go is to use the drop-down
> "Back" list, and skip over the intermediate URLs. This, however, is
> more tedious, and completely invalidates the use of the "Back" button
> itself.)
>
> I am *extremely* careful about viruses, trojans, spyware, adware, and
> other malware on my system. If anything, I am *overly* cautious
> about running virus checkers, spyware detection and removal tools,
> and other system security and maintenance applications. I am running
> Windows XP Home Edition, SP2, with all security turned on. Along
> with a *highly* customized HOSTS file (listing literally thousands of
> domain names to ignore), the good news is that I don't *see* these
> intermediate sites. However, it's still a pain to try and use my IE
> browser. And above all, I don't know where they are coming from.
>
> My first concern is to find out if there is ANYTHING on my own system
> -- any trojan or spyware or anything else -- that could be inserting
> these spurious URLs; or is it a feature of the Web sites I am
> visiting? (It does seem to be more predominant at some sites, than
> at others. My default portal, for example, is probably the worst of
> the worst cases. I have a Dell Inspiron 9200, and my default home
> page is the dellnet.msn.com page.) Could *that* be causing problems?
> And why does it happen in *some* other places... but not others???
>
> Of course, the key question is: What can I do to stop this kind of
> activity?? How do I get IE to completely ignore references to these
> URLs -- or to requests to have them inserted into the "Back" list --
> and keep that list clean enough to be able to successfully use the
> "Back" button again???
> -----------------------------------------------------------
> Frank D. Nicodem, Jr.
> Mail@FrankNicodem.com
Frank D. Nicodem, Jr.
07-09-2005, 11:07 PM
"Jim Byrd" <jrbyrd@spamlessadelphia.net> wrote in message
news:OV8YTJVYFHA.3836@TK2MSFTNGP10.phx.gbl...
> Hi Frank - "I am extremely careful about viruses, trojans, spyware,
> adware,
> and other
> malware on my system."
>
> That may be true, but you also have a malware problem. :) See my Blog,
> link in Signature below, for some basic removal steps and preventive
> measures that you can take.
Thanks for the pointer. I'm going through it now -- although there's a LOT
to read. Perhaps you can help me "zone in" a little more quickly on where I
can focus my attention, if I give you a little more detail about what I mean
by being "extremely careful".
I run the Trend Micro PC-Cillin Security Suite -- not because I dislike
Norton or McAfee, but because it's consistently rated as the best and most
secure available. (I also have the Windows XP firewall enabled -- for
whatever that's worth.) My security settings are fairly high -- higher than
"default", but not set to the max (simply because that basically disables
many things I want/need to do). I run a HOSTS Manager utility that
constantly monitors my HOSTS file -- and that file is already about 300KB,
listing virtually every domain known to be a "problem".
I run Spybot Search & Destroy, along with its TeaTimer application, not only
to find/fix malware, but also to monitor my Registry (and prevent
unanticipated changes). I also run Ad-Aware regularly. However, once
again, since I know that even these two only catch about 30% of the
"baddies" (based on several independent studies), I really rely more on
Sunbelt CounterSpy (and, alternately, Microsoft Anti-Spyware, which is
basically the same program -- using the Giant anti-spyware engine). And I
also use SpyBlaster to "set my defenses" regularly, so to speak.
All of the above utilities are monitored regularly for updates (and I mean
"regularly" -- in the case of my Trend Micro suite, it updates every 3
hours). You could probably say that I'm paranoid about the security of my
system. But I know the dangers, and try to avoid them as much as possible.
For a time, I was even running Zone Alarm Pro (which I rate quite highly),
but it became too much -- I was getting conflicts between the "security"
apps that were too much to live with, and I let Zone Alarm go. I also
periodically run one or more of the online scanners -- although I know
they're not quite as robust. I've also tried PestPatrol, and a few other
similar utilities.
So, given the above... where do I look first? Can I "focus in" a bit on
what I should be looking for?
Oh, and one final question: if it really *is* some malware on MY system,
why does the problem (i.e., the insertion of "malware" URLs into my
browser's "Back" list) only seem to occur when I'm navigating some Web
sites, and not others?
Thanks in advance for any hints.
-----------------------------------------------------
Frank Nicodem
Mail@FrankNicodem.com
Gary Smith
07-09-2005, 11:07 PM
Frank D. Nicodem, Jr. <Mail@franknicodem.com> wrote:
> I run the Trend Micro PC-Cillin Security Suite -- not because I dislike
> Norton or McAfee, but because it's consistently rated as the best and most
> secure available. (I also have the Windows XP firewall enabled -- for
> whatever that's worth.) My security settings are fairly high -- higher than
> "default", but not set to the max (simply because that basically disables
> many things I want/need to do). I run a HOSTS Manager utility that
> constantly monitors my HOSTS file -- and that file is already about 300KB,
> listing virtually every domain known to be a "problem".
Does it happen when you go to http://www.jsifaq.com/reghack.htm, click on
"Recent tips", and then click the Back button? Is ad.doubleclick.net in
your HOSTS file? I seem to recall seeing similar symptoms under those
conditions.
--
Gary L. Smith gls432@yahoo.com
Columbus, Ohio
Jim Byrd
07-09-2005, 11:07 PM
Hi Frank -
1. Install all Critical updates from Windows Update.
Download and run Sysclean and Stinger as described in the Blog using a
Clean Boot.
Run AdAware and SpyBot UPDATED as described in the Blog using a Clean
Boot.
2. Install any of the preventive measures mentioned at the end of that
Blog - IESpyAd, SpywareGuard, SpywareBlaster et al - that you don't already
have installed. You might want to consider the cookie approach I outlined
in the Blog, but as a minimum set up your cookies to block Third Party
cookies.
3. Also, you don't appear from your report to have adequate HOSTS file
protection. From Blocking Unwanted Parasites with a Hosts File,
http://www.mvps.org/winhelp2002/hosts.htm :
"Locking the HOSTS File
There are many of these hijackers that add their own entries to your HOSTS
file. This is commonly know as redirects. To add a level of protection you
might want to consider making your HOSTS file "read only". You can download
a small batch file to accomplish this:
lockhost.bat http://www.mvps.org/winhelp2002/lockhost.bat
unlockhost.bat http://www.mvps.org/winhelp2002/unlockhost.bat (XP\2K)
LockHostsME.bat http://www.mvps.org/winhelp2002/LockHostsME.bat
UnlockHostME.bat http://www.mvps.org/winhelp2002/UnlockHostME.bat (98\ME)
To use: place the appropriate files in your Windows folder, create a
shortcut to each."
Even better locking than just "Read Only" can be achieved using the locking
function in ZoneAlarm.
4. Then start here:
Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
You may also get it here if that link is blocked:
http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13
or here: http://www.bleepingcomputer.com/files/spyware/hijackthis.zip
or here: http://thespykiller.co.uk/files/HJTsetup.exe
There's a good "How-to-Use" tutorial here:
http://computercops.biz/HijackThis.html
In Windows Explorer, click on Tools|Folder Options|View and check "Show
hidden files and folders" and uncheck "Hide protected operating system
files". (You may want to restore these when you're all finished with
HijackThis.)
Place HijackThis.exe or unzip HijackThis.zip into its own dedicated folder
at the root level such as C:\HijackThis (NOT in a Temp folder or on your
Desktop), reboot to Safe mode or a Clean Boot, start HT (have ONLY HT
running - IE MUST be
closed) then press Scan. Click on SaveLog when it's finished which will
create hijackthis.log. Now click the Config button, then Misc Tools and
click on Generate StartupList.log which will create Startuplist.txt.
Then go to one of the following forums:
Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/
or Net-Integration here:
http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?s=d3c2c886d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949
or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx
or Jim Eshelman's site here: http://forum.aumha.org/
or Bleepingcomputer here: http://www.bleepingcomputer.com/
Register if necessary, then sign in and READ THE DIRECTIONS at the beginning
of the particular sites HiJackThis forum, then copy and paste both files
into a message asking for assistance, Someone will answer with detailed
instructions for the removal of your parasite(s). Be sure you include at
the beginning of your post "What problem(s) you're trying to solve" and
"What steps you've already taken."
--
Regards, Jim Byrd, MS-MVP
My Blog Defending Your Machine here:
http://defendingyourmachine.blogspot.com/
"Frank D. Nicodem, Jr." <Mail@FrankNicodem.com> wrote in message
news:OAIn4EjYFHA.2508@TK2MSFTNGP15.phx.gbl
> "Jim Byrd" <jrbyrd@spamlessadelphia.net> wrote in message
> news:OV8YTJVYFHA.3836@TK2MSFTNGP10.phx.gbl...
>> Hi Frank - "I am extremely careful about viruses, trojans, spyware,
>> adware,
>> and other
>> malware on my system."
>>
>> That may be true, but you also have a malware problem. :) See my
>> Blog, link in Signature below, for some basic removal steps and
>> preventive measures that you can take.
>
> Thanks for the pointer. I'm going through it now -- although there's
> a LOT to read. Perhaps you can help me "zone in" a little more
> quickly on where I can focus my attention, if I give you a little
> more detail about what I mean by being "extremely careful".
>
> I run the Trend Micro PC-Cillin Security Suite -- not because I
> dislike Norton or McAfee, but because it's consistently rated as the
> best and most secure available. (I also have the Windows XP firewall
> enabled -- for whatever that's worth.) My security settings are
> fairly high -- higher than "default", but not set to the max (simply
> because that basically disables many things I want/need to do). I
> run a HOSTS Manager utility that constantly monitors my HOSTS file --
> and that file is already about 300KB, listing virtually every domain
> known to be a "problem".
>
> I run Spybot Search & Destroy, along with its TeaTimer application,
> not only to find/fix malware, but also to monitor my Registry (and
> prevent unanticipated changes). I also run Ad-Aware regularly.
> However, once again, since I know that even these two only catch
> about 30% of the "baddies" (based on several independent studies), I
> really rely more on Sunbelt CounterSpy (and, alternately, Microsoft
> Anti-Spyware, which is basically the same program -- using the Giant
> anti-spyware engine). And I also use SpyBlaster to "set my defenses"
> regularly, so to speak.
>
> All of the above utilities are monitored regularly for updates (and I
> mean "regularly" -- in the case of my Trend Micro suite, it updates
> every 3 hours). You could probably say that I'm paranoid about the
> security of my system. But I know the dangers, and try to avoid them
> as much as possible.
>
> For a time, I was even running Zone Alarm Pro (which I rate quite
> highly), but it became too much -- I was getting conflicts between
> the "security" apps that were too much to live with, and I let Zone
> Alarm go. I also periodically run one or more of the online scanners
> -- although I know they're not quite as robust. I've also tried
> PestPatrol, and a few other similar utilities.
>
> So, given the above... where do I look first? Can I "focus in" a
> bit on what I should be looking for?
>
> Oh, and one final question: if it really *is* some malware on MY
> system, why does the problem (i.e., the insertion of "malware" URLs
> into my browser's "Back" list) only seem to occur when I'm navigating
> some Web sites, and not others?
>
> Thanks in advance for any hints.
> -----------------------------------------------------
> Frank Nicodem
> Mail@FrankNicodem.com
Frank D. Nicodem, Jr.
07-09-2005, 11:07 PM
"Gary Smith" <bitbucket@example.com> wrote in message
news:ewB8uflYFHA.4036@tk2msftngp13.phx.gbl...
> Does it happen when you go to http://www.jsifaq.com/reghack.htm, click on
> "Recent tips", and then click the Back button? Is ad.doubleclick.net in
> your HOSTS file? I seem to recall seeing similar symptoms under those
> conditions.
Yes, in fact it does. In that simple circumstance, I went to the URL you
mentioned, clicked on "Recent tips", and immediately my "Back" queue had a
URL inserted into it named:
ad.doubleclick.net/ad/msft.spon
Here's a related question: Is it possible that MY "security" software -- in
attempting to intercept and eliminate some of these malware URLs -- is
actually *causing* them to go into the "Back" queue?
-----------------------------------------------------
Frank Nicodem
Mail@FrankNicodem.com
Frank D. Nicodem, Jr.
07-09-2005, 11:07 PM
"Jim Byrd" <jrbyrd@spamlessadelphia.net> wrote in message
news:es%23gd8oYFHA.2076@TK2MSFTNGP15.phx.gbl...
First of all, Jim, thanks for your patience, and your detailed reply. I'm
in the process of going through it now, and thought I'd respond with some
comments and (where approprpiate) the results of my actions.
> 1. Install all Critical updates from Windows Update.
Good suggestion always. And I should have mentioned that I am extremely
careful about things like this. I have my system set to automatically
gather and install all updates, yet I still manually check periodically.
(Like I said, I'm paranoid!) So I'm pretty confident that my system is "up
to patch" at virtually any point in time. (In addition to the standard
Windows application to check for updates, my Trend Micro Security Suite does
the same thing -- checks for Windows Updates for me.)
> Download and run Sysclean
Of course,. since I use the Trend Micro Security Suite 2005, I am
implementing that on a regular basis. What *did* help was the comment on
the Trend Micro Web site (where Sysclean is available for non-Trend Micro
users) that I should change my automatic and manual scans to *not* use the
"Recommended" processing, but always specify "Clean" first and "Quarantine"
second. I did change my settings to match that. (I had purposely left them
set to "Recommended", because I do have some things that sometimes "appear"
to a malware removal tool as "malware", when in reality they are not, and
it's a pain to have to "unquarantine" them all the time. But I'll try going
with the more aggressive settings and see what happens.) In any case, doing
a Manual Scan of my entire system found nothing.
> and Stinger as described in the Blog using a
> Clean Boot.
Didn't have Stinger, but I did pick up a copy, and have run it across my
entire system. (I ran into the file re-naming problem you mention, but I
picked up s-t-i-n-g-e-r.exe. Glad to see that McAfee is keeping one step
ahead of Sober!) Stinger found nothing.
> Run AdAware and SpyBot UPDATED as described in the Blog using a Clean
> Boot.
As I mentioned, I already have the latest updates of both of those
applications, and run them regularly. As a side note to others reading this
thread, though, I have found that neither of those is very aggressive, in
terms of catching everything. I particularly use SpyBot for the TeaTimer
application (i.e., protecting my Registry and other system settings). But I
typically count on my other spyware applications to do the harder work
(e.g., PestPatrol, Webroot SpySweeper, but mostly Sunbelt CounterSpy -- the
spyware tool with the highest ranking in several different indepedent
studies).
> 2. Install any of the preventive measures mentioned at the end of that
> Blog - IESpyAd, SpywareGuard, SpywareBlaster et al - that you don't
> already
> have installed. You might want to consider the cookie approach I outlined
> in the Blog, but as a minimum set up your cookies to block Third Party
> cookies.
The aforementioned CounterSpy does quite a nice job on cookies. It not only
catches the "standard" ones (e.g., new.new, com.com, etc.), but many other
lesser-known ones, as well.
> 3. Also, you don't appear from your report to have adequate HOSTS file
> protection. From Blocking Unwanted Parasites with a Hosts File,
> http://www.mvps.org/winhelp2002/hosts.htm :
Not sure exactly what you mean here. I do run SpywareBlaster, to enable
protection on most of the "known" malware domains. And I run several HOSTS
manager programs that constantly update the HOSTS file.
> There are many of these hijackers that add their own entries to your HOSTS
> file. This is commonly know as redirects. To add a level of protection you
> might want to consider making your HOSTS file "read only".
I always keep the HOSTS file locked. And to give you an idea of how
"all-encompassing" this file is, my current HOSTS file is almost 7200 lines
long!!! And both of the domains that are showing up in my browser "Back"
queue (doubleclick.net and atdmt.com) have multiple entries, to catch all of
the "versions" of their domain names. (I should add that this DOES appear
to be working. What I didn't mention in my original problem description is
that when these spurious URLs *do* get added into my browser's "Back" queue,
they never get seen. In other words, when I *do* click on the "Back"
button, "nothing happens". Except that the top URL gets "popped" off of the
queue. So if I click the "Back" button again, I go back to where I should
have the first time. And if there were *three* spurious URLs inserted, the
first three times I click the "Back" button, "nothing happens"; but then the
next time I click it, I get back to where I thought I should have.
So that seems to indicate to me that the HOSTS file *is* intercepting those
domain names, and redirecting them to 127.0.0.1 (my local system) correctly
(i.e., "ignoring" them). But my question is regarding how to KEEP THEM OUT
of the queue, not how to NOT process them.
========================================================================
OK, so up to this point, I think I'm pretty much "up to date" on everything
you've mentioned so far. So let's continue...
> 4. Then start here:
>
> Download HijackThis, free, here:
>
> http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
> fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
I forgot to mention -- among all of the other things I listed that I do for
the sake of my system's security -- that I also have CWShredder, and
HiJackThis. However, I typically only use those as a "last resort". Well,
not the CWShredder -- I *have* found good uses for that in the past. But of
course the things about HijackThis is that it doesn't really help *my
system*, but simply gives me tons and tons of information that "might" be of
some help, if I can find the proper place to post it.
> Then go to one of the following forums:
Thanks for the list of forums -- that should be helpful. OK, so this may
have become my "last resort". I guess if there's nothing else to do, and
nowhere else to look, I suppose that I should go the "HijackThis" route.
Thanks for all of the pointers, and the links to the HijackThis forums.
I'll try that, and see where it gets me.
Thanks again for your help.
-----------------------------------------------------------------------
Frank Nicodem
Mail@FrankNicodem.com
Frank D. Nicodem, Jr.
07-09-2005, 11:07 PM
"Jim Byrd" <jrbyrd@spamlessadelphia.net> wrote in message
news:es%23gd8oYFHA.2076@TK2MSFTNGP15.phx.gbl...
> 3. Also, you don't appear from your report to have adequate HOSTS file
> protection. From Blocking Unwanted Parasites with a Hosts File,
> http://www.mvps.org/winhelp2002/hosts.htm :
Jim, I just wanted to add one more note that I discovered while reading the
above Web page, because I think it applies directly to my problem. Here's
an excerpt from that Web page, and I think it describes my problem
*exactly*. Can you comment any further on what the author has said on this
Web page?
------------------------------------------------------------------
Frank Nicodem
Mail@FrankNicodem.com
Strange behavior in the Back Button
Sometimes when you click the Back button to return to the previous page it
appears that nothing happens. What usually occurs is that the HOSTS file has
blocked one or more (<Iframe>) ad pages that are embedded into the web page
you are viewing.
To verify this click the small drop-down arrow on the Back button, do
you see just an ad server listed? ... well now you know ..... As you can see
the first three links are blocked ad servers, simply skip to the valid link.
However there are a few exceptions. In some cases the web page can contain a
script to prevent the user from returning to a previous page.
Martin Hawes sends along this tip:
If you add the "ad servers" you see listed in the Back Button
drop-down, to the Restricted Zone this will eliminate the Back button issue.
Editors Note: however if you are using Windows XP SP2, you will be prompted
by the "Security Center" about a 3rd party connection. Just click No and
continue.
Jim Byrd
07-09-2005, 11:07 PM
Hi Frank - That may well apply. Add IESpyAd as I previously recommended,
and if that doesn't fix it, then manually add any listed ad sites from the
dropdown to the Restricted Zone as Martin has advised on Frank's page.
--
Regards, Jim Byrd, MS-MVP
My Blog Defending Your Machine here:
http://defendingyourmachine.blogspot.com/
"Frank D. Nicodem, Jr." <Mail@FrankNicodem.com> wrote in message
news:uaKzIasYFHA.712@TK2MSFTNGP14.phx.gbl
> "Jim Byrd" <jrbyrd@spamlessadelphia.net> wrote in message
> news:es%23gd8oYFHA.2076@TK2MSFTNGP15.phx.gbl...
>> 3. Also, you don't appear from your report to have adequate HOSTS
>> file protection. From Blocking Unwanted Parasites with a Hosts File,
>> http://www.mvps.org/winhelp2002/hosts.htm :
>
> Jim, I just wanted to add one more note that I discovered while
> reading the above Web page, because I think it applies directly to my
> problem. Here's an excerpt from that Web page, and I think it
> describes my problem *exactly*. Can you comment any further on what
> the author has said on this Web page?
> ------------------------------------------------------------------
> Frank Nicodem
> Mail@FrankNicodem.com
>
> Strange behavior in the Back Button
>
> Sometimes when you click the Back button to return to the previous
> page it appears that nothing happens. What usually occurs is that the
> HOSTS file has blocked one or more (<Iframe>) ad pages that are
> embedded into the web page you are viewing.
>
> To verify this click the small drop-down arrow on the Back
> button, do you see just an ad server listed? ... well now you know
> ..... As you can see the first three links are blocked ad servers,
> simply skip to the valid link. However there are a few exceptions. In
> some cases the web page can contain a script to prevent the user from
> returning to a previous page. Martin Hawes sends along this tip:
> If you add the "ad servers" you see listed in the Back Button
> drop-down, to the Restricted Zone this will eliminate the Back button
> issue. Editors Note: however if you are using Windows XP SP2, you
> will be prompted by the "Security Center" about a 3rd party
> connection. Just click No and continue.
Frank D. Nicodem, Jr.
07-09-2005, 11:07 PM
"Jim Byrd" <jrbyrd@spamlessadelphia.net> wrote in message
news:es%23gd8oYFHA.2076@TK2MSFTNGP15.phx.gbl...
> Download HijackThis, free, here:
> You may also get it here if that link is blocked:
> http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13
Thanks for the additional comments, BTW. I'll look at IESpyAd; it's about
the only one I *haven't* run.
In any case, I did run a current copy of HijackThis, and I was actually
surprised at how "clean" my system really is. Before posting it on any of
the HijackThis forums, I thought I'd pass it by here, just for any
additional comments. Let me know if you see anything "suspect"; right now,
I don't.
-----------------------------------------------------
Frank Nicodem
Mail@FrankNicodem.com
Logfile of HijackThis v1.99.1
Scan saved at 11:03:48 AM, on 5/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis 1.99.0001.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
http://www.dell.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no
file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} -
F:\Applications\Graphics\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
E:\Program Files\Adobe Acrobat 7\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
F:\APPLIC~1\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} -
F:\Utilities\Program Files\RoboForm\RoboForm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} -
F:\UTILIT~1\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -
F:\Utilities\Program Files\RoboForm\RoboForm.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} -
F:\Applications\Graphics\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [CoolSwitch] F:\Utilities\System\Windows XP Power
Toys\taskswitch.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program
Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [pccguide.exe] "F:\Utilities\Program Files\Trend
Micro\pccguide.exe"
O4 - HKLM\..\Run: [sunasDTServ] F:\Utilities\Program
Files\CounterSpy\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] F:\Utilities\Program
Files\CounterSpy\sunasServ.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://F:\Utilities\Program Files\RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms -
{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Utilities\Program
Files\RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://F:\Utilities\Program Files\RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms -
{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Utilities\Program
Files\RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://F:\Utilities\Program Files\RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar -
{724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Utilities\Program
Files\RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
E:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .rx: C:\Program Files\Internet
Explorer\Plugins\npwrqxrx.dll
O12 - Plugin for .rxc: C:\Program Files\Internet
Explorer\Plugins\npwrqxrx.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
(PPSDKActiveXScanner.MainScreen) -
http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: IntelWireless - C:\Program
Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision -
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
F:\Applications\Music\iPod\Updater\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend
Micro Incorporated. - F:\UTILIT~1\PROGRA~1\TRENDM~1\PcCtlCom.exe
O23 - Service: PDEngine - Raxco Software, Inc. - F:\Utilities\Program
Files\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. -
F:\Utilities\Program Files\PerfectDisk\PDSched.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel
Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware -
F:\Utilities\Program Files\SiSoftware Sandra Professional
2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware -
F:\Utilities\Program Files\SiSoftware Sandra Professional
2005\RpcSandraSrv.exe
O23 - Service: ScsiAccess - Unknown owner -
F:\Applications\Multimedia\ProShowGold\ScsiAccess.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro
Incorporated. - F:\UTILIT~1\PROGRA~1\TRENDM~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. -
F:\UTILIT~1\PROGRA~1\TRENDM~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -
F:\UTILIT~1\PROGRA~1\TRENDM~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program
Files\Intel\Wireless\Bin\WLKeeper.exe
Jim Byrd
07-09-2005, 11:07 PM
Hi Frank - Did you deliberately and intentionally install "MyWay"? In the
circles I move in, it's considered spyware - normally co-installed with
KaZaa as a BHO - "Speedbar" - but you can get it some other ways. Some
people do intentionally install it as part of the MyWay portal. It's
certainly co-opted your Search functionality.
--
Regards, Jim Byrd, MS-MVP
My Blog Defending Your Machine here:
http://defendingyourmachine.blogspot.com/
"Frank D. Nicodem, Jr." <Mail@FrankNicodem.com> wrote in message
news:OVpKl8sYFHA.3584@TK2MSFTNGP12.phx.gbl
> "Jim Byrd" <jrbyrd@spamlessadelphia.net> wrote in message
> news:es%23gd8oYFHA.2076@TK2MSFTNGP15.phx.gbl...
>> Download HijackThis, free, here:
>> You may also get it here if that link is blocked:
>>
http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13
>
> Thanks for the additional comments, BTW. I'll look at IESpyAd; it's
> about the only one I *haven't* run.
>
> In any case, I did run a current copy of HijackThis, and I was
> actually surprised at how "clean" my system really is. Before
> posting it on any of the HijackThis forums, I thought I'd pass it by
> here, just for any additional comments. Let me know if you see
> anything "suspect"; right now, I don't.
> -----------------------------------------------------
> Frank Nicodem
> Mail@FrankNicodem.com
>
>
>
> Logfile of HijackThis v1.99.1
> Scan saved at 11:03:48 AM, on 5/27/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
> C:\WINDOWS\Explorer.EXE
> C:\HijackThis 1.99.0001.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.dell4me.com/myway
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> http://bfc.myway.com/search/de_srchlft.html
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.dell4me.com/myway
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.dell4me.com/myway
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.dell4me.com/myway
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
> http://www.dell.com
> R3 - URLSearchHook: (no name) -
> {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
> O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208}
> - F:\Applications\Graphics\SnagIt 7\SnagItBHO.dll
> O2 - BHO: AcroIEHlprObj Class -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe
> Acrobat 7\ActiveX\AcroIEHelper.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> F:\APPLIC~1\Security\SPYBOT~1\SDHelper.dll
> O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no
> file)
> O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
> C:\WINDOWS\system32\dla\tfswshx.dll
> O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} -
> F:\Utilities\Program Files\RoboForm\RoboForm.dll
> O2 - BHO: Google Toolbar Helper -
> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
> files\google\googletoolbar1.dll
> O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} -
> F:\UTILIT~1\PROGRA~1\STARDO~1\SDIEInt.dll
> O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} -
> (no file) O3 - Toolbar: &Google -
> {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> files\google\googletoolbar1.dll
> O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -
> F:\Utilities\Program Files\RoboForm\RoboForm.dll
> O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} -
> F:\Applications\Graphics\SnagIt 7\SnagItIEAddin.dll
> O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
> O4 - HKLM\..\Run: [CoolSwitch] F:\Utilities\System\Windows XP Power
> Toys\taskswitch.exe
> O4 - HKLM\..\Run: [IntelWireless] C:\Program
> Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
> O4 - HKLM\..\Run: [pccguide.exe] "F:\Utilities\Program Files\Trend
> Micro\pccguide.exe"
> O4 - HKLM\..\Run: [sunasDTServ] F:\Utilities\Program
> Files\CounterSpy\sunasDTServ.exe
> O4 - HKLM\..\Run: [sunasServ] F:\Utilities\Program
> Files\CounterSpy\sunasServ.exe
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
> - C:\WINDOWS\system32\msjava.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\WINDOWS\system32\msjava.dll
> O9 - Extra button: Fill Forms -
> {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Utilities\Program
> Files\RoboForm\RoboFormComFillForms.html
> O9 - Extra 'Tools' menuitem: Fill Forms -
> {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Utilities\Program
> Files\RoboForm\RoboFormComFillForms.html
> O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
> file://F:\Utilities\Program Files\RoboForm\RoboFormComSavePass.html
> O9 - Extra 'Tools' menuitem: Save Forms -
> {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Utilities\Program
> Files\RoboForm\RoboFormComSavePass.html
> O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -
> file://F:\Utilities\Program Files\RoboForm\RoboFormComShowToolbar.html
> O9 - Extra 'Tools' menuitem: RoboForm Toolbar -
> {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Utilities\Program
> Files\RoboForm\RoboFormComShowToolbar.html
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> E:\MICROS~1\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
> - C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O12 - Plugin for .rx: C:\Program Files\Internet
> Explorer\Plugins\npwrqxrx.dll
> O12 - Plugin for .rxc: C:\Program Files\Internet
> Explorer\Plugins\npwrqxrx.dll
> O16 - DPF: ppctlcab -
> http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF:
> {2FC9A21E-2069-4E47-8235-36318989DB13}
> (PPSDKActiveXScanner.MainScreen) -
> http://ppupdates.ca.com/downloads/scanner/axscanner.cab
> O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
> -
>
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
> O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin
> Class) -
> http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
> O20 - Winlogon Notify: IntelWireless - C:\Program
> Files\Intel\Wireless\Bin\LgNotify.dll
> O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
> C:\WINDOWS\system32\Ati2evxx.exe
> O23 - Service: C-DillaCdaC11BA - Macrovision -
> C:\WINDOWS\system32\drivers\CDAC11BA.EXE
> O23 - Service: EvtEng - Intel Corporation - C:\Program
> Files\Intel\Wireless\Bin\EvtEng.exe
> O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
> F:\Applications\Music\iPod\Updater\bin\iPodService.exe
> O23 - Service: Trend Micro Central Control Component (PcCtlCom) -
> Trend Micro Incorporated. - F:\UTILIT~1\PROGRA~1\TRENDM~1\PcCtlCom.exe
> O23 - Service: PDEngine - Raxco Software, Inc. - F:\Utilities\Program
> Files\PerfectDisk\PDEngine.exe
> O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. -
> F:\Utilities\Program Files\PerfectDisk\PDSched.exe
> O23 - Service: RegSrvc - Intel Corporation - C:\Program
> Files\Intel\Wireless\Bin\RegSrvc.exe
> O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel
> Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
> O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware -
> F:\Utilities\Program Files\SiSoftware Sandra Professional
> 2005\RpcDataSrv.exe
> O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware -
> F:\Utilities\Program Files\SiSoftware Sandra Professional
> 2005\RpcSandraSrv.exe
> O23 - Service: ScsiAccess - Unknown owner -
> F:\Applications\Multimedia\ProShowGold\ScsiAccess.exe
> O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro
> Incorporated. - F:\UTILIT~1\PROGRA~1\TRENDM~1\Tmntsrv.exe
> O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro
> Inc. - F:\UTILIT~1\PROGRA~1\TRENDM~1\TmPfw.exe
> O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc.
> - F:\UTILIT~1\PROGRA~1\TRENDM~1\tmproxy.exe
> O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program
> Files\Intel\Wireless\Bin\WLKeeper.exe
Gary Smith
07-09-2005, 11:07 PM
Frank D. Nicodem, Jr. <Mail@franknicodem.com> wrote:
> "Gary Smith" <bitbucket@example.com> wrote in message
> news:ewB8uflYFHA.4036@tk2msftngp13.phx.gbl...
>> Does it happen when you go to http://www.jsifaq.com/reghack.htm, click on
>> "Recent tips", and then click the Back button? Is ad.doubleclick.net in
>> your HOSTS file? I seem to recall seeing similar symptoms under those
>> conditions.
> Yes, in fact it does. In that simple circumstance, I went to the URL you
> mentioned, clicked on "Recent tips", and immediately my "Back" queue had a
> URL inserted into it named:
> ad.doubleclick.net/ad/msft.spon
That's exactly what used to happen to me when I had doubleclick in my
HOSTS file to block it. The effect was so annoying that I subsequently
removed all blocking entries from my HOSTS file except for ads.x10.com, a
site so annoying that I never want to hear about it again.
I now have doubleclick.net in the restricted sites zone, where it's
forbidden to store cookies, and I just ignore the ads.
Further note: Having read the a later response, I put ad.doubleclick.net
back into my HOSTS file and tried the JSI site again. This time the ads
were blocked, but the function of the back button was not disrupted the
way it had been formerly. This may be the solution for you.
Doing this experiement reminded me of the other reason I removed blocking
entries from my hosts file -- they slow slow things down. Whenever a
request is redirected to 127.0.0.1, IE waits for for a response until the
timeout period expires. Of course, there won't be a response, and the
delay itself can sometimes be as annoying as the ads.
--
Gary L. Smith gls432@yahoo.com
Columbus, Ohio
Spurious URLs being inserted into IE "Back" list
Powered by vBulletin. Related Links: