I have this same problem. Where in the registry is the file msoffice.hta? Thanks.

0

I have this same problem. Where in the registry is the file msoffice.hta? Thanks.

0

This bug was just a lame attempt by a web designer to force people to use his search engine. The msoffice.hta is a hidden file that, unless you search specifically for it with the "Find Files and Folders" in the start menu. You will never see it. It's not in your registry. If I remember right though, it should be in your windows folder. Anyway, hope this helps you out. Regards, ~Methois

0

There are many differnt versions of this type of trojan. Trojan.Ghost.(A & B) Trojan.bootconf, and the one we are dealing with is VBS.Bootconf. Symantec knows nothing about this file, although most of you above have found the answers. Turn off your system restore. Click Start. Right-click My <nobr><a class="iAs" style="border-bottom:darkgreen 1px solid;text-decoration:underline;color:darkgreen;background-color:transparent;" href="http://itxt.vibrantmedia.com/al.asp?ipid=7&cc=us&cf=1&ai=1450402&di=100688&ts=20031105172709" target="_blank" oncontextmenu="return false;" onmouseover="kwE(event,100688);" onmouseout="kwL(event);" onmousemove="kwM(100688);">Computer</nobr>, and then click Properties. Click the System Restore tab. Select "Turn off System Restore" or "Turn off System Restore on all drives" check box Click Apply. As noted in the message, this will delete all existing restore points. Click Yes to do this. Click OK. Proceed with my instructions below. The easier way to rid of this annoying virus is locate the msoffice.hta file. You can do a search or an easy way to find this is go to Start > Run > and type MSCONFIG. A box pops up, but do not change anything in this box that pops up, it is your System Configuration, and if you change somethign you shouldnt, your computer might not boot up. Click on the start up tab. Scroll down untill you find a start up item labeled msoffice. To ensure this is the correct file look at the Command line. The command line should inclued the following C:\Windows\.....\msoffice.hta. In my case it was hidding in the Fonts(C:\Windows\Fonts\msoffice.hta. Now that you are aware that this is the correct file, Uncheck it. Click ok, then Click Exit without Restart. What this does is stops that file from being loaded when windows is booted up. When this file loads, it restores the virus to its original state, and eliminates any changes to made to the registry, and internet explorer options. Now that you made changes in your MSCONFIG, you can navigate to where the msoffice.hta is located. This file might be hidden, so in your explorer click tools > folder options > View > Show hidden files and folders > click ok. Once you have done this you will be able to see the msoffice.hta file. Delete it. Now you need to edit your registry. Click Start, and then click Run. (The Run dialog box appears.) Type regedit Then click OK. (The Registry Editor opens.) Navigate to the key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer In the right pane, delete the values: "Search" = <encoded URL> (i just replaced these values with www.msn.com) "SearchURL" = <encoded URL> Navigate to the key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search In the right pane, delete the values: "SearchAssistant" = <encoded URL> "CustomizeSearch" = <encoded URL> Exit the Registry Editor. Now this should rid you of this annoying virus. reboot your computer. Once you have rebooted a message will pop up from the configuration we made in your MSCONFIG. check the available check box and click ok. now you should be good to go, you might need to change your internet settings in internet explorer. Connect to the Internet and go to the page that you want to set as your home page. Click Tools, and then click Internet Options. In the Home page section of the General tab, click Use Current, and then click OK. now you need to turn your system restore back on. Turn on your system restore. Click Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Clear the "Turn off System Restore" or "Turn off System Restore on all drives" check box. Click Apply, and then click OK

0

For some reason html coding go stuck in my first part of my message/instructions so here is how to turn off the system restore. Click Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Select "Turn off System Restore" or "Turn off System Restore on all drives" check box Click Apply. As noted in the message, this will delete all existing restore points. Click Yes to do this. Click OK. Proceed with my instructions below.

0

Anyone still having problems? I was until about 1 minute ago. http://www.spywareinfo.com/~merijn/files/cwshredder.zip That should do it , it did it for me. Its a program written to fix this problem =)

0

NO NO NO !!!! You have a hijacker virus. read the following notes. I was able to FINALLY get rid of a very sneaky trojan/hijacker/virus. It has something to do with http:/tooncomics.com/main/b1.php For me. But it couls be diff pages for you but resulst the sam. Anyways This virus was able to beat Spybot!! It could even reset BHO's that you lock inside spybot and reset the homeage after every reboot and add porn links to your favorites file!! Not only that but it runs IE in the background and visits porn Hosts/sites. This activity can only be seen in task manager. THE FIX; Get HIJACKTHIS.exe and run it. DELETE everything that hijackthis shows you that has tooncomics in it. ESPECIALLY DELETE following files. O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe O4 - HKCU\..\Run: [loader] C:\WINDOWS\loader.exe AND this is where the virus actually hides. You can rename these files as .txt file and open them in notepad and see for yourself its all there. C:\WINDOWS\iedll.exe C:\WINDOWS\loader.exe Good luck !

0

Alright. I have searchdot.net as well, including times that it changes to search.com and allneedsearch and others. I have done all the stuff listed above, dug through registry, changed stuff and deleted MSoffice.hta, to the dot. However i still have this damn bug. Unfortanitly now, not sure if it is from this, when i am online i am auto forwarded to various porn sites. Can anyone offer sum help on removing this?

0