Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computer Certification > A+ Certification > browser hijacked

Reply
Thread Tools

browser hijacked

 
 
me
Guest
Posts: n/a
 
      02-08-2006
Ok, here is a puzzler. Yesterday afternoon after I got home my brother told
me that there was an attack on the computer from the internet and all of a
sudden a series of pop-ups appeared and the browser homepage was immediately
changed to http://www.bilfen-kizlari.com I have used HijackThis, and Spybot
S&D and though HijackThis did find a couple things--nothing that would
indicate to me any type of browser hijacker. I went into the registry and
eliminated the three references that I could find of the website--I have
went into the registry and manually set my homepage back to my original
homepage. The problem is--in Internet Explorer--tools\options, the option
to change and set my homepage is now greyed out with no visible way of
fixing it. I have also just finished using spybot S&D and it found
absolutely nothing that would indicate any kind of problem--it literally
found nothing. I have used adaware and it found only a couple of things
from Alexa and a couple cookies. So I am at a loss. There are no visible
signs of spyware installed. I am using an XP Pro machine with 512mb DDR
SDRAM on an Athlon 3000+ with a 256mb DDR video card. I am using a
firewall which detected and intercepted the attack, and I also using a popup
blocker that came with adaware. All known registry entries to this website
have been deleted, and apparently Spybot nor HijackThis can find anything.
I have looked in Msconfig to see what was starting up--and the only things
in that are my normal software. I have looked at the running processes and
there seems to be nothing out of the ordinary.

So that is the background. Does anyone have any ideas for me?


 
Reply With Quote
 
 
 
 
Adam Leinss
Guest
Posts: n/a
 
      02-08-2006
"me" <(E-Mail Removed)> wrote in
news:z_aGf.483$(E-Mail Removed):

> The problem is--in Internet Explorer--tools\options, the option
> to change and set my homepage is now greyed out with no visible
> way of fixing it.


Download Spyware Blaster....there is an option to lock the home page
(i.e. grey it out so users cannot change it). So lock it and then
unlock it.

Adam
--
Visit my PC Tech blog at www.leinss.com/blog
 
Reply With Quote
 
 
 
 
me
Guest
Posts: n/a
 
      02-08-2006
doing a reinstall for something like this is unacceptable.
"Mark Mandell" <(E-Mail Removed)> wrote in message
news:7KcGf.15234$(E-Mail Removed) link.net...
>
> "me" <(E-Mail Removed)> wrote in message
> news:z_aGf.483$(E-Mail Removed)...
> > Ok, here is a puzzler. Yesterday afternoon after I got home my brother
> > told
> > me that there was an attack on the computer from the internet and all of

a
> > sudden a series of pop-ups appeared and the browser homepage was
> > immediately
> > changed to http://www.bilfen-kizlari.com I have used HijackThis, and
> > Spybot
> > S&D and though HijackThis did find a couple things--nothing that would
> > indicate to me any type of browser hijacker. I went into the registry

and
> > eliminated the three references that I could find of the website--I have
> > went into the registry and manually set my homepage back to my original
> > homepage. The problem is--in Internet Explorer--tools\options, the

option
> > to change and set my homepage is now greyed out with no visible way of
> > fixing it. I have also just finished using spybot S&D and it found
> > absolutely nothing that would indicate any kind of problem--it literally
> > found nothing. I have used adaware and it found only a couple of things
> > from Alexa and a couple cookies. So I am at a loss. There are no

visible
> > signs of spyware installed. I am using an XP Pro machine with 512mb

DDR
> > SDRAM on an Athlon 3000+ with a 256mb DDR video card. I am using a
> > firewall which detected and intercepted the attack, and I also using a
> > popup
> > blocker that came with adaware. All known registry entries to this
> > website
> > have been deleted, and apparently Spybot nor HijackThis can find

anything.
> > I have looked in Msconfig to see what was starting up--and the only

things
> > in that are my normal software. I have looked at the running processes
> > and
> > there seems to be nothing out of the ordinary.
> >
> > So that is the background. Does anyone have any ideas for me?
> >

> First of all, if your sure the HiJack This doesn't have that site, then
> check into a program called Ewido.net which you can find on Google.
> Download and run this.
>
> Do you have SP2 with the pop up blocker set to be enabled? If not, it
> probably wouldn't work out anyway(if you try downloading) because that

site
> might create problems in the installation. So you might wind up having to
> uninstall and reinstall Internet Explorer. If that doesn't work, you'd

most
> likely have to reformat and reinstall Windows.
>
>



 
Reply With Quote
 
lizzieb
Guest
Posts: n/a
 
      02-08-2006
I would also try downloading and updating a trial version of webroot
spysweeper - I have found it can sort out most problems without having to
mess about too much. Although not sure if the latest version is fully
enable in trial mode. If not let me know as I have the earlier version.

Lizzzie

"me" <(E-Mail Removed)> wrote in message
news:z_aGf.483$(E-Mail Removed)...
> Ok, here is a puzzler. Yesterday afternoon after I got home my brother
> told
> me that there was an attack on the computer from the internet and all of a
> sudden a series of pop-ups appeared and the browser homepage was
> immediately
> changed to http://www.bilfen-kizlari.com I have used HijackThis, and
> Spybot
> S&D and though HijackThis did find a couple things--nothing that would
> indicate to me any type of browser hijacker. I went into the registry and
> eliminated the three references that I could find of the website--I have
> went into the registry and manually set my homepage back to my original
> homepage. The problem is--in Internet Explorer--tools\options, the option
> to change and set my homepage is now greyed out with no visible way of
> fixing it. I have also just finished using spybot S&D and it found
> absolutely nothing that would indicate any kind of problem--it literally
> found nothing. I have used adaware and it found only a couple of things
> from Alexa and a couple cookies. So I am at a loss. There are no visible
> signs of spyware installed. I am using an XP Pro machine with 512mb DDR
> SDRAM on an Athlon 3000+ with a 256mb DDR video card. I am using a
> firewall which detected and intercepted the attack, and I also using a
> popup
> blocker that came with adaware. All known registry entries to this
> website
> have been deleted, and apparently Spybot nor HijackThis can find anything.
> I have looked in Msconfig to see what was starting up--and the only things
> in that are my normal software. I have looked at the running processes
> and
> there seems to be nothing out of the ordinary.
>
> So that is the background. Does anyone have any ideas for me?
>
>



 
Reply With Quote
 
smackedass
Guest
Posts: n/a
 
      02-08-2006

"me" <(E-Mail Removed)> wrote in message
news:kPcGf.1113$(E-Mail Removed)...

> doing a reinstall for something like this is unacceptable.


Even if it's the path of least resistance? I'm of the philosophy that some
things just aren't worth beating your head bloody over...

smackedass



 
Reply With Quote
 
me
Guest
Posts: n/a
 
      02-08-2006
This is an update as to my dilemma and the tad bit of confusion I am
experiencing as I deal with this. I have used the following programs to try
and root out this little problem with my computer browser.
Ewido 3.5
Spybot S&D
Adaware
ES Trust EZ Antivirus
HijackThis

You would think that one of these would detect the little bug that cuased
this problem but thus far--absolutely nothing has been found by any of these
programs that would indicate to me there was ever a problem with my
browser--and yet there is. EZ Antivirus did find some Java based virii in
my separate 40Gb hard drive that is acting as a backup, but other than that
and a few cookie issues detected by Ewido--absolutely NOTHING has been found
to indicate any type of problem ever existed with my computer and yet my
browser option in Tools\Options is still greyed out.
I am totally befuddled by this--either this attack is extremely new and
nothing has been developed to detect it yet or my computer was actually
hacked from the internet without ever having to install anything. I am very
confused now, but still refuse to give up on this. I'm hard headed on some
things and I am not yet ready to cut my losses and reinstall.


 
Reply With Quote
 
me
Guest
Posts: n/a
 
      02-08-2006
yes, everything is taken care of properly--my browser automatically deletes
all temp files on exiting. I clear all cookies, all sites, everything every
time I exit the internet.


 
Reply With Quote
 
me
Guest
Posts: n/a
 
      02-11-2006
yes it does--I set it up to delete everything on exiting.
"Thumper" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Wed, 8 Feb 2006 16:09:33 -0500, "me" <(E-Mail Removed)> wrote:
>
> >yes, everything is taken care of properly--my browser automatically

deletes
> >all temp files on exiting.

>
> No it doesn't.
>
>
>
> > I clear all cookies, all sites, everything every
> >time I exit the internet.
> >

>
> Clear ALL temporary files.
> Thumper



 
Reply With Quote
 
mhaase-at-springmind.com
Guest
Posts: n/a
 
      02-11-2006
On Tue, 7 Feb 2006 16:35:28 -0800 , "me" <(E-Mail Removed)> wrote:

>Ok, here is a puzzler. Yesterday afternoon after I got home my brother told
>me that there was an attack on the computer from the internet and all of a
>sudden a series of pop-ups appeared and the browser homepage was immediately
>changed to http://www.bilfen-kizlari.com I have used HijackThis, and Spybot
>S&D and though HijackThis did find a couple things--nothing that would
>indicate to me any type of browser hijacker. I went into the registry and
>eliminated the three references that I could find of the website--I have
>went into the registry and manually set my homepage back to my original
>homepage. The problem is--in Internet Explorer--tools\options, the option
>to change and set my homepage is now greyed out with no visible way of
>fixing it. I have also just finished using spybot S&D and it found
>absolutely nothing that would indicate any kind of problem--it literally
>found nothing. I have used adaware and it found only a couple of things
>from Alexa and a couple cookies. So I am at a loss. There are no visible
>signs of spyware installed. I am using an XP Pro machine with 512mb DDR
>SDRAM on an Athlon 3000+ with a 256mb DDR video card. I am using a
>firewall which detected and intercepted the attack, and I also using a popup
>blocker that came with adaware. All known registry entries to this website
>have been deleted, and apparently Spybot nor HijackThis can find anything.
>I have looked in Msconfig to see what was starting up--and the only things
>in that are my normal software. I have looked at the running processes and
>there seems to be nothing out of the ordinary.
>
>So that is the background. Does anyone have any ideas for me?



An attack on the computer from the Internet?! That's a good one.
Couldn't have had anything to do with stuff he was downloading and/or
web sites he was visiting, huh?

Anyway, one of the best anti-spyware apps I've found lately is the one
from Microsoft (believe it or not). Download & run that, and it may
find something.

But what I've run into lately is a few baddies that have managed to
hide their entries in the registry. IOW, the entries are there, but
Regedit (and you) can't see them. These entries will load files that
themselves are hidden.

In order to clean this, you have to access the disk & registry while
Windows is not running. Winternals has their Administrator's Pak,
which includes their ERD Commander - let's you boot from a CD, then
access a Windows instalation without it running. Unfortunately,
that's $500 for a temp license. You might try RegMon from
SYSINTERNALS.COM to see if it lets you watch whats going on in the
registry....or do a Google search on Hidden registry keys and see what
turns up.

Also, get a copy of one of the utilities that lets you read NTFS files
from DOS, then look in the regular startup folders and any temporary
folders for hidden files. You may have to use the ATTRIB command to
unhide them.

Good luck! Took me a few hours to discover this latest spyware trick.
Once I did, it was a quick clean....(but we have the Winternals
product).

M



 
Reply With Quote
 
aleinss@hotmail.com
Guest
Posts: n/a
 
      02-11-2006

me wrote:

> I am totally befuddled by this--either this attack is extremely new and
> nothing has been developed to detect it yet or my computer was actually
> hacked from the internet without ever having to install anything. I am very
> confused now, but still refuse to give up on this. I'm hard headed on some
> things and I am not yet ready to cut my losses and reinstall.


Did you try my suggestion? The home page can be locked via the Local
Security Policy...that's probably why the scans do not find anything.

Adam

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
no close virus..Hijacked browser !!! Computer Support 5 12-04-2003 07:02 PM
Browser Hijacked Ivor Smallone Computer Support 2 11-12-2003 12:31 AM
help! browser's been hijacked. lisa10 Computer Support 5 10-23-2003 10:58 PM
Help browser hijacked richmac Computer Support 5 07-18-2003 02:41 AM
Browser hijacked...? Mike Hawk Computer Support 7 07-08-2003 08:27 PM



Advertisments