I am running IE6.1 and netacape and some where in time on my home system a changed was made with out me kowinfg to my DNS settings to some web page this web pagfe was search engine a favorites some how.
After looking more into this is had changed my full computer name.
I managed to take all this out of the dns settings. Now I can't see to get this ouit of the home page section when you set your home page to a certain page it wants to add a entry in front of it and add a tool bar at the bottom of the page when you bring up IE.

http://y8236.ecpm.com/passthrough/index.h


The entry is above.
I can't see to get rid of this entry from the home page settings in IE options. I have scanned my system numerious times fro adwear and have it removed and scanned system with nortion antivirus as well.
How can you tell if a system has been hacked into I have a hardware firewall in place and 2 software firewalls in places as well. Can a person tell if his or her system has been broken into.

Thanks for any help on this.

Search for ecpm.com in the registry - export and then delete any keys you find.

Also run Spybot (http://security.kolla.de/) - download it, run the install then immediately go to "online" and update it. Download the updates and then restart it. Then run search and destroy.

You can also immunise with spybot against many hijackings.

This particular one seems to be part of lop.com hijack... and it's evil.

You may need to go as far as this - in your case it will be ecpm.com


If you run a scan of Spybot Search & Destroy (fully updated, including betas), then lop.com will be wasted. If you still get the page redirect, go into your regigtry and enter XXXX.com (X being a random letter) or lop.com in your search query and delete every instance you find. If you still get the page redirect/lop install, you mind wanna disconnect your internet cable and run a text-within-file search for the offending domain during the night (it will take a while so you'd better get some sleep then). Delete every file that has that line of text in it (xxxx.com)


From cexx.org forums

IE 6.1? WTF, is that beta or something?

Originally posted by Radical Dreamer
IE 6.1? WTF, is that beta or something?

I took it to mean that the security rollup package has been installed...

Originally posted by NooNoo
....This particular one seems to be part of lop.com hijack... and it's evil.....

No disagreement here ! BUT spybot seems still to be having problems with c2.lop :rolleyes: .....

If C2.lop is already on the machine spybot currently can't shift it, why is anybody's guess especially spybot's writers !!! :D .... there's a ream of 'error reports' on their website detailing this 'glitch' ....;)

Perhaps 'the other one' ? A very similar product is 'adaware' (download here) ..... (http://www.lavasoftusa.com/)

I have tried to remove the gator.com from regedit and want let me delete it.
Spybot does find it but seems it want take care of it. any other way of getting rid of the this off my system. Also took off zone alarm and installerd norton personal fire wall for home as well zone alarm did not see to be secure enough.
I have a linksys router installed that has a hardware fire wall as well. ALso XP has a built in fire wall too.

So how do we get rid of this last thing gator.com.
Puzzled.

Turn off system restore
Boot to safemode
then try and remove it

How to remove is found here http://www.doxdesk.com/parasite/lop.html
it is towards the bottom of the page.