HomePage Hijack and regwizc.dll (all?)

Topic

New Reply

I have read a lot about this and I think it is bogus. What I am looking for is someone to show me otherwise — if possible. Here is the issue:

There are plenty of people who believe that unregistering the regwizc.dll will prevent the “HomePage hijack”. As best I can tell, this is simply a HOAX. Here are some of the sites that make this claim:

1. How can I avoid home page hijacking? (DSLR FAQ#3846)
2. default home and search page keep changing
3. MS reg change to stop homepage stealing forever
4. disabling the REGWIZC.DLL to stop hacking into your registry?
5. An outstanding registry hack to avoid homepage hijacking in IE

Are all of these people wrong? Are they right?

As best I can tell, around 1998-99 Microsoft released a patch that “deactivated” the regwizc.dll by setting the Kill Bit in the registry. Every computer I have looked at in the past 5 days has this Kill Bit set. If IE cannot use regwizc.dll, then unregistering it DOES NOTHING and all of these reports are bogus…

Any input is welcome. Thanks.

Reply | Quote

Replies

Edited by Claude on 06-Aug-02 16:25.

Well, the MS Search engine doesn’t give much away. However, it’s a known buffer-overflow problem in

RegWizCtrl 1.0 Type Library – REGWIZC.DLL (v3, 0, 0, 0),

by overflowing to the RET point of the stack. We are talking 1999, ie last century, when a patch was released.

So, in order for you to be fully protected, you MUST go back to 1998!

Edited by Claude to show Extended Search Result at Microsoft

Reply | Quote

I believe the buffer overflow problem is prevented by setting the Kill Bit. The Kill Bit should also prevent any Hijacking problems. Microsoft does not report this. Phil is correct about the numbers.

Merc, I got this:
The page cannot be displayed
The page you are looking for is currently unavailable.

But I am not sure that a program is needed. Maybe your site doesn’t allow me to connect because I am using too many connections to it?? ;-]

Reply | Quote

Hi Rick
Sorry, can’t find any difficulty with downloading Start Page Guard. As you say, though, it probably isn’t relevant anyway. As far as I’m aware there’s no restriction on how many dnlds you can make from the server.
Cheers

Reply | Quote

It was probably a fluke — I actually could not connect to your site — so I was just ‘pulling your leg’ about the connection stuff! ;-]

I believe StartPageGuard should work well — at least the way I believe it works. I think SPG simply watches over the HomePage key in the registry and notifies you if something is trying to modify it.

After literally a week of investigation I am convinced that unregistering regwizc.dll to prevent HomePage Hijacking is completely a hoax. This MAY have worked years ago — when regwizc.dll had a buffer overflow problem. Newer versions of regwizc.dll apparently do not have this problem, AND one of the MS Security Patches killed IE’s ability to use regwizc.dll anyway. So for two reasons, I believe this is a hoax.

Thanks for the input.

Reply | Quote

It might be of interest to find out what the #91 app on my website actaully does……
Rgds

Reply | Quote

Hi rm:
I can’t confirm or dispute it, but I did notice that “all these people” are fewer than the # of links. Two are by the same person; one claims to have read it somewhere & is just passing it along; and the language of all of them suggests the same source. That doesn’t make it right or wrong, but it does reduce the number of independent people claiming it’s right.

Reply | Quote