# What is prolivation, what has it done to me, and how do I get rid of it?



## garbesi (Oct 18, 2002)

prolivation.com/cgi-bin/r.cgi? is showing in the address bar for web sites I have manually typed in.

What the heck is it?

How did it get there?

What has happened to me?

Has information in my computer been compromised?

How do I get rid of it?


----------



## Byteman (Jan 24, 2002)

Hi, Your web browser has been hijacked....getting to be a common problem> we highly reccommend these two programs to rid yourself of this and other pests: SpyBot and AdAware- you should use them both. All the info is in this link:http://forums.techguy.org/t97657/s.html


----------



## Rollin' Rog (Dec 9, 2000)

Welcome to TSG garbesi.

You can get rid of prolivation and other hijackers by installing and running Spybot following my directions in this thread:

http://forums.techguy.org/showthread.php?s=&threadid=97657

Be sure to update it as Prolivation is one of the recently added (10/15) targets:

http://security.kolla.de/index.php?lang=en&page=bots


----------



## Byteman (Jan 24, 2002)

HO HO Rog- One time I dont have to say "sorry, I was posting while you were! How about that- sent him the same link, yours matter of fact....you must be doing something right. I HATE hijackings....


----------



## TonyKlein (Aug 26, 2001)

Prolivation does a little more.

Take a look here:

http://www.lavasoftsupport.com/index.php?act=ST&f=9&t=211

I believe that SpyBot doesn't fix the Iereset.inf hack yet, but it will in the next update.


----------



## Byteman (Jan 24, 2002)

Anyone know where prolivation comes in from, so we know what to avoid?


----------



## garbesi (Oct 18, 2002)

I tried spybot. prolivation is still there.
also, even though I have run spybot several times and rebooted, the following problem shows up every time, even though I direct spybot to fix it (and it says it has):

Internet Explorer: Data source object exploit (Registry change)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\01004=W=3

What should I do next?

Also - what does it mean to have your browser "hijacked"? Is any personal information in my computer or exchanged online at risk?

Thanks for the help thus far - spybot did find some other things that it cleaned up.

Gregg


----------



## TonyKlein (Aug 26, 2001)

SpyBot has trouble removing prolivation. An update is in the works.

Try this:

Download the attached http.txt, save as (rename to) http.*reg*, and doubleclick.
Answer 'yes' when asked whether you want the contents of the regfile merged into the Registry.

Subsequently, reboot.

Prolivation also hacks your Iereset.inf file.

That's the file that's used when you go to Internet Options > Programs and hit "reset web settings".

Instead of restoring the default search and startpages, and other stuff, it adds Prolivation back... 

So don't press that button before you've extracted a fresh copy of Iereset.inf from your Internet Explorer cabs to your Windows\Inf directory.

Good luck,


----------



## garbesi (Oct 18, 2002)

Thanks, Tony.

Evidently, I have stumbled into a part of the internet where everyone has a certain minimum level of computer savvy that I lack.

I think I can figure out how to extract a file from my IE cabs.......


Gregg


----------



## Rollin' Rog (Dec 9, 2000)

Tony has really been keeping up with this stuff and the extra help here is really appreciated.

As for the other problem with Spybot, it is a "bug" and we had some discussion of it here:

http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi?s=3da835080bafffff;act=ST;f=28;t=472

If you navigate to the registry entry (run regedit) shown in my attachment and set the dword value to 3 (just double click the entry to modify) you should eliminate that false detection by spybot. I'm not sure if this is a default value or not, it seemed to return after I reset it, but then spybot no longer detected it.


----------



## garbesi (Oct 18, 2002)

OK - I have run regedit and I have looked everywhere for the CAB version of my iereset.inf file without success.

I have looked through all the CAB files on my C drive and the iereset.inf file is not there.

My version of IE was installed by COMCAST when we upgraded to broadband - therefore I do not have a CD for it. Is that where the IE CAB files would be? Do I need to get a CD ROM for IE? What if I upgrade to IE6 online?

Thanks,
Gregg


----------



## TonyKlein (Aug 26, 2001)

That would be a good idea.

Go for IE 6.0 SP1 right away.

Cheers,


----------



## garbesi (Oct 18, 2002)

Ok - I have done everything recommended. 
Spybot installed and run
Ad-Aware installed and run
Refupdate installed and run
Ran regedit to fix spybot bux
IE 6 sp 1 installed
I think I was successful in extracting iereset.inf from another computer in the house.

It appears that prolivation is gone.

Now - do these programs only fix problems after the fact, or is there something I can run all the time while online to prevent this from happening?

You guys have been a BIG HELP - thanks!

Gregg


----------



## TonyKlein (Aug 26, 2001)

As new spy/foistware versions are continually being developed, it's hard to keep abreast.

You would do well to tighten your security settings a little.

Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

- Set ALL ActiveX options that are at present set to 'allow', to 'prompt'.

Now you will be _asked_ whether you want ActiveX objects to be executed and whether you want software to be installed.

Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.

Cheers,


----------



## suckapunch (Jan 1, 2003)

i would like the help from anyone who knows about this prolivation thing and some instruction on how to get it off my computer please


----------



## brendandonhu (Jul 8, 2002)

Did you read this thread?


----------

