Go Back   Velocity Reviews > Newsgroups > A+ Certification
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

A+ Certification - browser hijacked

 
Thread Tools Search this Thread
Old 02-08-2006, 12:35 AM   #1
Default browser hijacked


Ok, here is a puzzler. Yesterday afternoon after I got home my brother told
me that there was an attack on the computer from the internet and all of a
sudden a series of pop-ups appeared and the browser homepage was immediately
changed to http://www.bilfen-kizlari.com I have used HijackThis, and Spybot
S&D and though HijackThis did find a couple things--nothing that would
indicate to me any type of browser hijacker. I went into the registry and
eliminated the three references that I could find of the website--I have
went into the registry and manually set my homepage back to my original
homepage. The problem is--in Internet Explorer--tools\options, the option
to change and set my homepage is now greyed out with no visible way of
fixing it. I have also just finished using spybot S&D and it found
absolutely nothing that would indicate any kind of problem--it literally
found nothing. I have used adaware and it found only a couple of things
from Alexa and a couple cookies. So I am at a loss. There are no visible
signs of spyware installed. I am using an XP Pro machine with 512mb DDR
SDRAM on an Athlon 3000+ with a 256mb DDR video card. I am using a
firewall which detected and intercepted the attack, and I also using a popup
blocker that came with adaware. All known registry entries to this website
have been deleted, and apparently Spybot nor HijackThis can find anything.
I have looked in Msconfig to see what was starting up--and the only things
in that are my normal software. I have looked at the running processes and
there seems to be nothing out of the ordinary.

So that is the background. Does anyone have any ideas for me?




me
  Reply With Quote
Old 02-08-2006, 02:04 AM   #2
Adam Leinss
 
Posts: n/a
Default Re: browser hijacked
"me" <> wrote in
news:z_aGf.483$:

> The problem is--in Internet Explorer--tools\options, the option
> to change and set my homepage is now greyed out with no visible
> way of fixing it.


Download Spyware Blaster....there is an option to lock the home page
(i.e. grey it out so users cannot change it). So lock it and then
unlock it.

Adam
--
Visit my PC Tech blog at www.leinss.com/blog


Adam Leinss
  Reply With Quote
Old 02-08-2006, 02:39 AM   #3
me
 
Posts: n/a
Default Re: browser hijacked
doing a reinstall for something like this is unacceptable.
"Mark Mandell" <> wrote in message
news:7KcGf.15234$ link.net...
>
> "me" <> wrote in message
> news:z_aGf.483$...
> > Ok, here is a puzzler. Yesterday afternoon after I got home my brother
> > told
> > me that there was an attack on the computer from the internet and all of

a
> > sudden a series of pop-ups appeared and the browser homepage was
> > immediately
> > changed to http://www.bilfen-kizlari.com I have used HijackThis, and
> > Spybot
> > S&D and though HijackThis did find a couple things--nothing that would
> > indicate to me any type of browser hijacker. I went into the registry

and
> > eliminated the three references that I could find of the website--I have
> > went into the registry and manually set my homepage back to my original
> > homepage. The problem is--in Internet Explorer--tools\options, the

option
> > to change and set my homepage is now greyed out with no visible way of
> > fixing it. I have also just finished using spybot S&D and it found
> > absolutely nothing that would indicate any kind of problem--it literally
> > found nothing. I have used adaware and it found only a couple of things
> > from Alexa and a couple cookies. So I am at a loss. There are no

visible
> > signs of spyware installed. I am using an XP Pro machine with 512mb

DDR
> > SDRAM on an Athlon 3000+ with a 256mb DDR video card. I am using a
> > firewall which detected and intercepted the attack, and I also using a
> > popup
> > blocker that came with adaware. All known registry entries to this
> > website
> > have been deleted, and apparently Spybot nor HijackThis can find

anything.
> > I have looked in Msconfig to see what was starting up--and the only

things
> > in that are my normal software. I have looked at the running processes
> > and
> > there seems to be nothing out of the ordinary.
> >
> > So that is the background. Does anyone have any ideas for me?
> >

> First of all, if your sure the HiJack This doesn't have that site, then
> check into a program called Ewido.net which you can find on Google.
> Download and run this.
>
> Do you have SP2 with the pop up blocker set to be enabled? If not, it
> probably wouldn't work out anyway(if you try downloading) because that

site
> might create problems in the installation. So you might wind up having to
> uninstall and reinstall Internet Explorer. If that doesn't work, you'd

most
> likely have to reformat and reinstall Windows.
>
>





me
  Reply With Quote
Old 02-08-2006, 10:00 AM   #4
lizzieb
 
Posts: n/a
Default Re: browser hijacked
I would also try downloading and updating a trial version of webroot
spysweeper - I have found it can sort out most problems without having to
mess about too much. Although not sure if the latest version is fully
enable in trial mode. If not let me know as I have the earlier version.

Lizzzie

"me" <> wrote in message
news:z_aGf.483$...
> Ok, here is a puzzler. Yesterday afternoon after I got home my brother
> told
> me that there was an attack on the computer from the internet and all of a
> sudden a series of pop-ups appeared and the browser homepage was
> immediately
> changed to http://www.bilfen-kizlari.com I have used HijackThis, and
> Spybot
> S&D and though HijackThis did find a couple things--nothing that would
> indicate to me any type of browser hijacker. I went into the registry and
> eliminated the three references that I could find of the website--I have
> went into the registry and manually set my homepage back to my original
> homepage. The problem is--in Internet Explorer--tools\options, the option
> to change and set my homepage is now greyed out with no visible way of
> fixing it. I have also just finished using spybot S&D and it found
> absolutely nothing that would indicate any kind of problem--it literally
> found nothing. I have used adaware and it found only a couple of things
> from Alexa and a couple cookies. So I am at a loss. There are no visible
> signs of spyware installed. I am using an XP Pro machine with 512mb DDR
> SDRAM on an Athlon 3000+ with a 256mb DDR video card. I am using a
> firewall which detected and intercepted the attack, and I also using a
> popup
> blocker that came with adaware. All known registry entries to this
> website
> have been deleted, and apparently Spybot nor HijackThis can find anything.
> I have looked in Msconfig to see what was starting up--and the only things
> in that are my normal software. I have looked at the running processes
> and
> there seems to be nothing out of the ordinary.
>
> So that is the background. Does anyone have any ideas for me?
>
>





lizzieb
  Reply With Quote
Old 02-08-2006, 01:52 PM   #5
smackedass
 
Posts: n/a
Default Re: browser hijacked

"me" <> wrote in message
news:kPcGf.1113$...

> doing a reinstall for something like this is unacceptable.


Even if it's the path of least resistance? I'm of the philosophy that some
things just aren't worth beating your head bloody over...

smackedass





smackedass
  Reply With Quote
Old 02-08-2006, 03:32 PM   #6
me
 
Posts: n/a
Default Re: browser hijacked--update
This is an update as to my dilemma and the tad bit of confusion I am
experiencing as I deal with this. I have used the following programs to try
and root out this little problem with my computer browser.
Ewido 3.5
Spybot S&D
Adaware
ES Trust EZ Antivirus
HijackThis

You would think that one of these would detect the little bug that cuased
this problem but thus far--absolutely nothing has been found by any of these
programs that would indicate to me there was ever a problem with my
browser--and yet there is. EZ Antivirus did find some Java based virii in
my separate 40Gb hard drive that is acting as a backup, but other than that
and a few cookie issues detected by Ewido--absolutely NOTHING has been found
to indicate any type of problem ever existed with my computer and yet my
browser option in Tools\Options is still greyed out.
I am totally befuddled by this--either this attack is extremely new and
nothing has been developed to detect it yet or my computer was actually
hacked from the internet without ever having to install anything. I am very
confused now, but still refuse to give up on this. I'm hard headed on some
things and I am not yet ready to cut my losses and reinstall.




me
  Reply With Quote
Old 02-08-2006, 09:09 PM   #7
me
 
Posts: n/a
Default Re: browser hijacked
yes, everything is taken care of properly--my browser automatically deletes
all temp files on exiting. I clear all cookies, all sites, everything every
time I exit the internet.




me
  Reply With Quote
Old 02-11-2006, 01:15 AM   #8
me
 
Posts: n/a
Default Re: browser hijacked
yes it does--I set it up to delete everything on exiting.
"Thumper" <> wrote in message
news:...
> On Wed, 8 Feb 2006 16:09:33 -0500, "me" <> wrote:
>
> >yes, everything is taken care of properly--my browser automatically

deletes
> >all temp files on exiting.

>
> No it doesn't.
>
>
>
> > I clear all cookies, all sites, everything every
> >time I exit the internet.
> >

>
> Clear ALL temporary files.
> Thumper





me
  Reply With Quote
Old 02-11-2006, 02:01 AM   #9
mhaase-at-springmind.com
 
Posts: n/a
Default Re: browser hijacked
On Tue, 7 Feb 2006 16:35:28 -0800 , "me" <> wrote:

>Ok, here is a puzzler. Yesterday afternoon after I got home my brother told
>me that there was an attack on the computer from the internet and all of a
>sudden a series of pop-ups appeared and the browser homepage was immediately
>changed to http://www.bilfen-kizlari.com I have used HijackThis, and Spybot
>S&D and though HijackThis did find a couple things--nothing that would
>indicate to me any type of browser hijacker. I went into the registry and
>eliminated the three references that I could find of the website--I have
>went into the registry and manually set my homepage back to my original
>homepage. The problem is--in Internet Explorer--tools\options, the option
>to change and set my homepage is now greyed out with no visible way of
>fixing it. I have also just finished using spybot S&D and it found
>absolutely nothing that would indicate any kind of problem--it literally
>found nothing. I have used adaware and it found only a couple of things
>from Alexa and a couple cookies. So I am at a loss. There are no visible
>signs of spyware installed. I am using an XP Pro machine with 512mb DDR
>SDRAM on an Athlon 3000+ with a 256mb DDR video card. I am using a
>firewall which detected and intercepted the attack, and I also using a popup
>blocker that came with adaware. All known registry entries to this website
>have been deleted, and apparently Spybot nor HijackThis can find anything.
>I have looked in Msconfig to see what was starting up--and the only things
>in that are my normal software. I have looked at the running processes and
>there seems to be nothing out of the ordinary.
>
>So that is the background. Does anyone have any ideas for me?



An attack on the computer from the Internet?! That's a good one.
Couldn't have had anything to do with stuff he was downloading and/or
web sites he was visiting, huh?

Anyway, one of the best anti-spyware apps I've found lately is the one
from Microsoft (believe it or not). Download & run that, and it may
find something.

But what I've run into lately is a few baddies that have managed to
hide their entries in the registry. IOW, the entries are there, but
Regedit (and you) can't see them. These entries will load files that
themselves are hidden.

In order to clean this, you have to access the disk & registry while
Windows is not running. Winternals has their Administrator's Pak,
which includes their ERD Commander - let's you boot from a CD, then
access a Windows instalation without it running. Unfortunately,
that's $500 for a temp license. You might try RegMon from
SYSINTERNALS.COM to see if it lets you watch whats going on in the
registry....or do a Google search on Hidden registry keys and see what
turns up.

Also, get a copy of one of the utilities that lets you read NTFS files
from DOS, then look in the regular startup folders and any temporary
folders for hidden files. You may have to use the ATTRIB command to
unhide them.

Good luck! Took me a few hours to discover this latest spyware trick.
Once I did, it was a quick clean....(but we have the Winternals
product).

M





mhaase-at-springmind.com
  Reply With Quote
Old 02-11-2006, 06:58 AM   #10
aleinss@hotmail.com
 
Posts: n/a
Default Re: browser hijacked--update

me wrote:

> I am totally befuddled by this--either this attack is extremely new and
> nothing has been developed to detect it yet or my computer was actually
> hacked from the internet without ever having to install anything. I am very
> confused now, but still refuse to give up on this. I'm hard headed on some
> things and I am not yet ready to cut my losses and reinstall.


Did you try my suggestion? The home page can be locked via the Local
Security Policy...that's probably why the scans do not find anything.

Adam



aleinss@hotmail.com
  Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Browser Close onUserExit.js KumarHarsh Software 0 09-04-2009 12:14 PM
want to display .chm in browser control of ASP.NET 2.0 pratibhaskhaire General Help Related Topics 0 02-14-2008 06:23 AM
[needed] Browser plugin to show total data transfered? fatguysmart Software 0 08-08-2006 12:13 PM
Java servlets: Hi All! I want to display xml file in browser using servlets datta.saru Software 0 05-15-2006 04:30 PM
browser home page problem -D- A+ Certification 4 02-18-2004 10:49 PM




SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46