View Full Version : prolivation-nasty browser hijacker
November 18th, 2002, 12:38pm
This turned up on my computer last night: prolivation. Found it with spybot but it was a hassle to get it completely removed.
It is apparently some sort of browser hijacker which directs you to specific ads.
Found some info about it at: Spywareinfo.com forums under "spyware removal", on the third page . I think that spybot removes it but then still shows it as still being in the registry even though it is just in the spybot restore files. Not exactly sure about that, but if you run into provilation you might want to run spybot to get rid of it. Took me a little extra above and beyond that to get things straightened out......:rolleyes:
November 18th, 2002, 7:33pm
Are you running firewalls? If not there are several free ones out there that could help in preventing "hijacking" You can get some info on why you need a firewall at:
For information on free firewall try:
Hope you don't think I am being pushey but everyone needs to run firewalls...even if they are on dialup and especially if they are broadband.
November 18th, 2002, 8:55pm
I've downloaded, but not yet installed Spybot. In reading some of the FAQs, it addressed the issue of seemingly leaving fragments and registry references. Don't know if it applies in this particular case...but he did say that some of the residual markers are intentional and left in order to trick the malicious programming into believing you already have it installed, just in case you run into it again...
November 19th, 2002, 3:39am
Sky-sure am running a firewall, been using zone alarm. I don't think the firewall was the problem. Was having a problem a while back and reset web settings and internet settings to default. Forgot to go in and fine tune them a bit, so I think this thing slipped by.
GC-spybot's latest version is supposed to remove prolivation, but it kept showing 2 reg entries even after using it. Wound up getting rid of prolivation by using the reg fix at Spywareinfo, but lost my iereset.inf file somehow in the process and have been trying to figure out how to fix that. Must be some easy way to do it, but I haven't figured it out yet.
Tried to run sfc /scannow to repair the IE6 and that didn't work, also tried to download the IE6 SP1 and that didn't fix it either.
November 19th, 2002, 6:14am
You may find some help here..written in language I can understand, but not explain in a short text, so I will point you to an excellent link.
or if you are really brave, and feel comfortable tweaking with the registry, you can try:
First, go to Start/Run, and type the following: regedit /e reg.reg
Now you've exported (made a copy of) your entire registry to a Desktop reg.file (courtesy Mosaic1)
Go to Start/Run, and type Regedit.
Drill Down to HKEY_CURRENT_USER\Sotware\Policies\Microsoft\Internet Explorer.
You wil find probably find a subkey called 'Control Panel' there.
There will probably be one or more of the following values in there: SecAddSites, SecChangeSettings, Homepage, and SecurityTab.
Delete them. You can also highlight the entire subkey 'Control Panel' there, and choose delete.
If you can't find it in HKEY_CURRENT_USER, try HKEY_USERS\.DEFAULT.
Or try a keyword search. Also do a keyword search for entries by the name of NoFolderOptions and NoBrowserOptions.
This should get rid of your restrictions.
Now clear your temporary Internet Files, get rid of your cookies, and go to Tools/Internet Options/security. Set all ActiveX and Scripting options that are now set to 'allow' to 'prompt'.
Then go to Internet Options/advanced, and remove the checkmark at 'Allow install on demand'.
And here's Reghakr's tip to disable anything changing your Start Page ever again, once you've removed the restrictions, and restored your favorite Start page:
Backup the registry and/or export the following keys:
go to Start>Run, type regedit. Navigate to:
Right-click on the Internet Explorer key, choose new>Key, name it Control Panel. Right-click on the Control Panel, chose new>DWORD value, name it Homepage. Right-click on Homepage, choose modify and type in the number 1.
This should lock your home page, so no other web site can change it.
I will not take credit for the above info. I had it saved to my favorites in the event it ever happen to me. Good Luck!
November 19th, 2002, 11:01pm
Thanks for the info Sky. I try to narrow the possibilities for these sorts of things happening while still maintaining ease of use. There is a certain amount of compromise there that allows the occasional nasty critter to crawl onboard my machine.
I wound up calling Microsoft today to get the IERESET.INF file that I needed and that was all it took to get things back to full functionality.
From now on I will be more conscious of retweaking my settings AFTER I have used any "reset to default" buttons. (I think that's how this thing got me)
As a result of finding and removing PROLIVATION, I got a cram course in spyware which covered quite a bit of ground.
spywareinfo.com turned out to be a valuable resource.
Thanks again for your help and good luck with your sweeps!..:smile3: ..