What I forgot to update about last night, was that I corrected most of the issues I was working on under Windows ME. I use AdAware on every Windows system I build, touch, etc. It gets rid of all of that spyware crap that gets into a lot of computers. The WinME machine had an older version and it didn’t find anything…version 5.6 i believe. The main problem was that every time you rebooted the computer, no matter what you changed your browser start page to, it would change it to something else. I disabled system restore, removed wscript and cscript and I still had the same problem. I even delted a rogue hta file. Still did the same thing. So I downloaded a newer version of AdAdware and it found 48….48 pieces of spyware in the system registry. BonzaiBuddy was the main culprit. I also had a couple of other pieces of software found at Spywareinfo.com . StartPage guide was start in the right direction.
While I had these problems, they were not allowing me to update IE 5.5 to any higher service pack and version. It would crap out on IE 6 and even Media Player 7. Once removed they installed fine. The only problem I still have is with the IDE Cache update that I installed with the initial problem. It doesn’t work now. So when I go back over there, I have to correct that. This was the most I’ve seen a computer infected with spyware….pittyful.
To sum up I:</br>
– Ran regedit, and did a search on the offending website, and replaced that. reboot
– That didn’t work, so I tried to search sysedit (originally came with Win3.1 and it really shocked me that it is unchanged and ships with WinME) and see if something was loading up on startup via win.ini.
– Ran AdAware, found nothing.
– Removed wscript & cscript (windows scripting), reboot.
– Browser loaded same offending site, wscript and cscript return.
– Check web for restore, learn how to disable.
– Went to disable PCHealth and System Restore, reboot.
– Started up in DOS mode via boot disk, delete _restore directory.
– On reboot, delete wscript * cscript clear internet temp files and cookies., reboot.
– Wscript and CScript are gone, but the offending site is still as a home page.
– Searched google for “browser home page changing on reboot” where I found info on HTA (HTML Application) files, I found one strange one, deleted. Reboot.
– same problem, search google and find spywareinfo.com. Try startpage guide and it finds that the page changes.
– Downlaod new AdAware 5.83 , found 48 pieces of spyware and removed….reboot
– Started up and removed startpage, reboot.
– Started up opened browser and offending site was gone.
– reboot and still works.