Kat

There was a fairly widely circulating virus about a year or two ago, called Troj/JetHome, that attempted to change your home page. The "original" version(s) would send you either to a "travel service" or to a porn site every time you booted.

Quite a number of less than upright sites have also been known to include something similar in some "free downloads" - and since you "approve" the download, your AV may let the kernel slip through, assuming it's part of something you asked for.

There is most likely a ".dll" somewhere on your machine that's calling for the change in home page, quite likely in your START or STARTUP folder(s); but it may be quite difficult to find 'mongst all the other claptrap there. In the instances I've seen, there has always also been an entry in the registry, where the actual name of the site is recorded. If you're confident enough about your ability to back up, search, and "correct" the registry, you can use regedit.exe to "search" the registry for the site address, and remove the line that asks for it. If you're not pretty confident about mucking around in the registry, I'd suggest getting a local expert to help.

Search for "Troj/JetHome" on any AV site for an idea of how it may be working - even if it's not a 'real' virus thing. It's not the only one around that does this, but it's a "model" for the method.

John