Results 1 to 7 of 7
  1. #1
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    HomePage Hijack and regwizc.dll (all?)

    I have read a lot about this and I think it is bogus. What I am looking for is someone to show me otherwise -- if possible. Here is the issue:

    There are plenty of people who believe that unregistering the regwizc.dll will prevent the "HomePage hijack". As best I can tell, this is simply a HOAX. Here are some of the sites that make this claim:

    1. How can I avoid home page hijacking? (DSLR FAQ#3846)
    2. default home and search page keep changing
    3. MS reg change to stop homepage stealing forever
    4. disabling the REGWIZC.DLL to stop hacking into your registry?
    5. An outstanding registry hack to avoid homepage hijacking in IE

    Are all of these people wrong? Are they right?

    As best I can tell, around 1998-99 Microsoft released a patch that "deactivated" the regwizc.dll by setting the Kill Bit in the registry. Every computer I have looked at in the past 5 days has this Kill Bit set. If IE cannot use regwizc.dll, then unregistering it DOES NOTHING and all of these reports are bogus...

    Any input is welcome. Thanks.

  2. #2
    Platinum Lounger
    Join Date
    Dec 2000
    Location
    Hornsby Heights, New South Wales, Australia
    Posts
    3,822
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: HomePage Hijack and regwizc.dll (all?)

    <P ID="edit" class=small>Edited by Claude on 06-Aug-02 16:25.</P>Well, the MS Search engine doesn't give much away. However, it's a known buffer-overflow problem in

    RegWizCtrl 1.0 Type Library - REGWIZC.DLL (v3, 0, 0, 0),

    by overflowing to the RET point of the stack. We are talking 1999, ie last century, when a patch was released.

    So, in order for you to be fully protected, you MUST go back to 1998! <img src=/S/sarcasm.gif border=0 alt=sarcasm width=15 height=15>

    Edited by Claude to show Extended Search Result at Microsoft
    Cheers, Claude.

  3. #3
    Bronze Lounger
    Join Date
    Feb 2001
    Location
    England
    Posts
    1,306
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: HomePage Hijack and regwizc.dll (all?)

    It might be of interest to find out what the #91 app on my website actaully does......
    Rgds

  4. #4
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: HomePage Hijack and regwizc.dll (all?)

    I believe the buffer overflow problem is prevented by setting the Kill Bit. The Kill Bit should also prevent any Hijacking problems. Microsoft does not report this. Phil is correct about the numbers.

    Merc, I got this:
    The page cannot be displayed
    The page you are looking for is currently unavailable.

    But I am not sure that a program is needed. Maybe your site doesn't allow me to connect because I am using too many connections to it?? ;-]

  5. #5
    Bronze Lounger
    Join Date
    Feb 2001
    Location
    England
    Posts
    1,306
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: HomePage Hijack and regwizc.dll (all?)

    Hi Rick
    Sorry, can't find any difficulty with downloading Start Page Guard. As you say, though, it probably isn't relevant anyway. As far as I'm aware there's no restriction on how many dnlds you can make from the server.
    Cheers

  6. #6
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: HomePage Hijack and regwizc.dll (all?)

    It was probably a fluke -- I actually could not connect to your site -- so I was just 'pulling your leg' about the connection stuff! ;-]

    I believe StartPageGuard should work well -- at least the way I believe it works. I think SPG simply watches over the HomePage key in the registry and notifies you if something is trying to modify it.

    After literally a week of investigation I am convinced that unregistering regwizc.dll to prevent HomePage Hijacking is completely a hoax. This MAY have worked years ago -- when regwizc.dll had a buffer overflow problem. Newer versions of regwizc.dll apparently do not have this problem, AND one of the MS Security Patches killed IE's ability to use regwizc.dll anyway. So for two reasons, I believe this is a hoax.

    Thanks for the input.

  7. #7
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Los Angeles Area, California, USA
    Posts
    7,453
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: HomePage Hijack and regwizc.dll (all?)

    Hi rm:
    I can't confirm or dispute it, but I did notice that "all these people" are fewer than the # of links. Two are by the same person; one claims to have read it somewhere & is just passing it along; and the language of all of them suggests the same source. That doesn't make it right or wrong, but it does reduce the number of independent people claiming it's right. <img src=/S/smile.gif border=0 alt=smile width=15 height=15>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •