browser hijacked

Discussion in 'A+ Certification' started by me, Feb 8, 2006.

  1. me

    me Guest

    Ok, here is a puzzler. Yesterday afternoon after I got home my brother told
    me that there was an attack on the computer from the internet and all of a
    sudden a series of pop-ups appeared and the browser homepage was immediately
    changed to http://www.bilfen-kizlari.com I have used HijackThis, and Spybot
    S&D and though HijackThis did find a couple things--nothing that would
    indicate to me any type of browser hijacker. I went into the registry and
    eliminated the three references that I could find of the website--I have
    went into the registry and manually set my homepage back to my original
    homepage. The problem is--in Internet Explorer--tools\options, the option
    to change and set my homepage is now greyed out with no visible way of
    fixing it. I have also just finished using spybot S&D and it found
    absolutely nothing that would indicate any kind of problem--it literally
    found nothing. I have used adaware and it found only a couple of things
    from Alexa and a couple cookies. So I am at a loss. There are no visible
    signs of spyware installed. I am using an XP Pro machine with 512mb DDR
    SDRAM on an Athlon 3000+ with a 256mb DDR video card. I am using a
    firewall which detected and intercepted the attack, and I also using a popup
    blocker that came with adaware. All known registry entries to this website
    have been deleted, and apparently Spybot nor HijackThis can find anything.
    I have looked in Msconfig to see what was starting up--and the only things
    in that are my normal software. I have looked at the running processes and
    there seems to be nothing out of the ordinary.

    So that is the background. Does anyone have any ideas for me?
     
    me, Feb 8, 2006
    #1
    1. Advertising

  2. me

    Adam Leinss Guest

    "me" <> wrote in
    news:z_aGf.483$:

    > The problem is--in Internet Explorer--tools\options, the option
    > to change and set my homepage is now greyed out with no visible
    > way of fixing it.


    Download Spyware Blaster....there is an option to lock the home page
    (i.e. grey it out so users cannot change it). So lock it and then
    unlock it.

    Adam
    --
    Visit my PC Tech blog at www.leinss.com/blog
     
    Adam Leinss, Feb 8, 2006
    #2
    1. Advertising

  3. me

    me Guest

    doing a reinstall for something like this is unacceptable.
    "Mark Mandell" <> wrote in message
    news:7KcGf.15234$...
    >
    > "me" <> wrote in message
    > news:z_aGf.483$...
    > > Ok, here is a puzzler. Yesterday afternoon after I got home my brother
    > > told
    > > me that there was an attack on the computer from the internet and all of

    a
    > > sudden a series of pop-ups appeared and the browser homepage was
    > > immediately
    > > changed to http://www.bilfen-kizlari.com I have used HijackThis, and
    > > Spybot
    > > S&D and though HijackThis did find a couple things--nothing that would
    > > indicate to me any type of browser hijacker. I went into the registry

    and
    > > eliminated the three references that I could find of the website--I have
    > > went into the registry and manually set my homepage back to my original
    > > homepage. The problem is--in Internet Explorer--tools\options, the

    option
    > > to change and set my homepage is now greyed out with no visible way of
    > > fixing it. I have also just finished using spybot S&D and it found
    > > absolutely nothing that would indicate any kind of problem--it literally
    > > found nothing. I have used adaware and it found only a couple of things
    > > from Alexa and a couple cookies. So I am at a loss. There are no

    visible
    > > signs of spyware installed. I am using an XP Pro machine with 512mb

    DDR
    > > SDRAM on an Athlon 3000+ with a 256mb DDR video card. I am using a
    > > firewall which detected and intercepted the attack, and I also using a
    > > popup
    > > blocker that came with adaware. All known registry entries to this
    > > website
    > > have been deleted, and apparently Spybot nor HijackThis can find

    anything.
    > > I have looked in Msconfig to see what was starting up--and the only

    things
    > > in that are my normal software. I have looked at the running processes
    > > and
    > > there seems to be nothing out of the ordinary.
    > >
    > > So that is the background. Does anyone have any ideas for me?
    > >

    > First of all, if your sure the HiJack This doesn't have that site, then
    > check into a program called Ewido.net which you can find on Google.
    > Download and run this.
    >
    > Do you have SP2 with the pop up blocker set to be enabled? If not, it
    > probably wouldn't work out anyway(if you try downloading) because that

    site
    > might create problems in the installation. So you might wind up having to
    > uninstall and reinstall Internet Explorer. If that doesn't work, you'd

    most
    > likely have to reformat and reinstall Windows.
    >
    >
     
    me, Feb 8, 2006
    #3
  4. me

    lizzieb Guest

    I would also try downloading and updating a trial version of webroot
    spysweeper - I have found it can sort out most problems without having to
    mess about too much. Although not sure if the latest version is fully
    enable in trial mode. If not let me know as I have the earlier version.

    Lizzzie

    "me" <> wrote in message
    news:z_aGf.483$...
    > Ok, here is a puzzler. Yesterday afternoon after I got home my brother
    > told
    > me that there was an attack on the computer from the internet and all of a
    > sudden a series of pop-ups appeared and the browser homepage was
    > immediately
    > changed to http://www.bilfen-kizlari.com I have used HijackThis, and
    > Spybot
    > S&D and though HijackThis did find a couple things--nothing that would
    > indicate to me any type of browser hijacker. I went into the registry and
    > eliminated the three references that I could find of the website--I have
    > went into the registry and manually set my homepage back to my original
    > homepage. The problem is--in Internet Explorer--tools\options, the option
    > to change and set my homepage is now greyed out with no visible way of
    > fixing it. I have also just finished using spybot S&D and it found
    > absolutely nothing that would indicate any kind of problem--it literally
    > found nothing. I have used adaware and it found only a couple of things
    > from Alexa and a couple cookies. So I am at a loss. There are no visible
    > signs of spyware installed. I am using an XP Pro machine with 512mb DDR
    > SDRAM on an Athlon 3000+ with a 256mb DDR video card. I am using a
    > firewall which detected and intercepted the attack, and I also using a
    > popup
    > blocker that came with adaware. All known registry entries to this
    > website
    > have been deleted, and apparently Spybot nor HijackThis can find anything.
    > I have looked in Msconfig to see what was starting up--and the only things
    > in that are my normal software. I have looked at the running processes
    > and
    > there seems to be nothing out of the ordinary.
    >
    > So that is the background. Does anyone have any ideas for me?
    >
    >
     
    lizzieb, Feb 8, 2006
    #4
  5. me

    smackedass Guest

    "me" <> wrote in message
    news:kPcGf.1113$...

    > doing a reinstall for something like this is unacceptable.


    Even if it's the path of least resistance? I'm of the philosophy that some
    things just aren't worth beating your head bloody over...

    smackedass
     
    smackedass, Feb 8, 2006
    #5
  6. me

    me Guest

    Re: browser hijacked--update

    This is an update as to my dilemma and the tad bit of confusion I am
    experiencing as I deal with this. I have used the following programs to try
    and root out this little problem with my computer browser.
    Ewido 3.5
    Spybot S&D
    Adaware
    ES Trust EZ Antivirus
    HijackThis

    You would think that one of these would detect the little bug that cuased
    this problem but thus far--absolutely nothing has been found by any of these
    programs that would indicate to me there was ever a problem with my
    browser--and yet there is. EZ Antivirus did find some Java based virii in
    my separate 40Gb hard drive that is acting as a backup, but other than that
    and a few cookie issues detected by Ewido--absolutely NOTHING has been found
    to indicate any type of problem ever existed with my computer and yet my
    browser option in Tools\Options is still greyed out.
    I am totally befuddled by this--either this attack is extremely new and
    nothing has been developed to detect it yet or my computer was actually
    hacked from the internet without ever having to install anything. I am very
    confused now, but still refuse to give up on this. I'm hard headed on some
    things and I am not yet ready to cut my losses and reinstall.
     
    me, Feb 8, 2006
    #6
  7. me

    me Guest

    yes, everything is taken care of properly--my browser automatically deletes
    all temp files on exiting. I clear all cookies, all sites, everything every
    time I exit the internet.
     
    me, Feb 8, 2006
    #7
  8. me

    me Guest

    yes it does--I set it up to delete everything on exiting.
    "Thumper" <> wrote in message
    news:...
    > On Wed, 8 Feb 2006 16:09:33 -0500, "me" <> wrote:
    >
    > >yes, everything is taken care of properly--my browser automatically

    deletes
    > >all temp files on exiting.

    >
    > No it doesn't.
    >
    >
    >
    > > I clear all cookies, all sites, everything every
    > >time I exit the internet.
    > >

    >
    > Clear ALL temporary files.
    > Thumper
     
    me, Feb 11, 2006
    #8
  9. On Tue, 7 Feb 2006 16:35:28 -0800 , "me" <> wrote:

    >Ok, here is a puzzler. Yesterday afternoon after I got home my brother told
    >me that there was an attack on the computer from the internet and all of a
    >sudden a series of pop-ups appeared and the browser homepage was immediately
    >changed to http://www.bilfen-kizlari.com I have used HijackThis, and Spybot
    >S&D and though HijackThis did find a couple things--nothing that would
    >indicate to me any type of browser hijacker. I went into the registry and
    >eliminated the three references that I could find of the website--I have
    >went into the registry and manually set my homepage back to my original
    >homepage. The problem is--in Internet Explorer--tools\options, the option
    >to change and set my homepage is now greyed out with no visible way of
    >fixing it. I have also just finished using spybot S&D and it found
    >absolutely nothing that would indicate any kind of problem--it literally
    >found nothing. I have used adaware and it found only a couple of things
    >from Alexa and a couple cookies. So I am at a loss. There are no visible
    >signs of spyware installed. I am using an XP Pro machine with 512mb DDR
    >SDRAM on an Athlon 3000+ with a 256mb DDR video card. I am using a
    >firewall which detected and intercepted the attack, and I also using a popup
    >blocker that came with adaware. All known registry entries to this website
    >have been deleted, and apparently Spybot nor HijackThis can find anything.
    >I have looked in Msconfig to see what was starting up--and the only things
    >in that are my normal software. I have looked at the running processes and
    >there seems to be nothing out of the ordinary.
    >
    >So that is the background. Does anyone have any ideas for me?



    An attack on the computer from the Internet?! That's a good one.
    Couldn't have had anything to do with stuff he was downloading and/or
    web sites he was visiting, huh?

    Anyway, one of the best anti-spyware apps I've found lately is the one
    from Microsoft (believe it or not). Download & run that, and it may
    find something.

    But what I've run into lately is a few baddies that have managed to
    hide their entries in the registry. IOW, the entries are there, but
    Regedit (and you) can't see them. These entries will load files that
    themselves are hidden.

    In order to clean this, you have to access the disk & registry while
    Windows is not running. Winternals has their Administrator's Pak,
    which includes their ERD Commander - let's you boot from a CD, then
    access a Windows instalation without it running. Unfortunately,
    that's $500 for a temp license. You might try RegMon from
    SYSINTERNALS.COM to see if it lets you watch whats going on in the
    registry....or do a Google search on Hidden registry keys and see what
    turns up.

    Also, get a copy of one of the utilities that lets you read NTFS files
    from DOS, then look in the regular startup folders and any temporary
    folders for hidden files. You may have to use the ATTRIB command to
    unhide them.

    Good luck! Took me a few hours to discover this latest spyware trick.
    Once I did, it was a quick clean....(but we have the Winternals
    product).

    M
     
    mhaase-at-springmind.com, Feb 11, 2006
    #9
  10. me

    Guest

    Re: browser hijacked--update

    me wrote:

    > I am totally befuddled by this--either this attack is extremely new and
    > nothing has been developed to detect it yet or my computer was actually
    > hacked from the internet without ever having to install anything. I am very
    > confused now, but still refuse to give up on this. I'm hard headed on some
    > things and I am not yet ready to cut my losses and reinstall.


    Did you try my suggestion? The home page can be locked via the Local
    Security Policy...that's probably why the scans do not find anything.

    Adam
     
    , Feb 11, 2006
    #10
  11. me

    me Guest

    Re: browser hijacked--Fixed the problem

    I managed to fix the problem, identify the virus, remove it, remove its
    registry components, and then re-grey the tools\options\ change your start
    page option myself to prevent future problems from other jackass websites
    who think they can change your start page without your knowledge. Thanks to
    everyone for their ideas and help on this one as I worked through the attack
    and the problems.
     
    me, Feb 11, 2006
    #11
  12. me

    me Guest

    Re: browser hijacked--Fixed the problem

    The scumware was identified by EzAntivirus as W32.Aleurongeneric (I think I
    spelled it correctly). The fix came from manually editing the registry to
    find and get rid of the virus which was names something similar to
    A000013.exe I also deleted any references to the scum website, and then
    used Spybot S&D to again grey out my explorer option to change the website,
    and I have closed the gaps in my firewall that allowed the attack to begin
    with. The only thing I did not like was that, though Ez antivirus
    identified the virus, it did not remove it or give me the option to
    quarantine it,. so I had to manually find and delete the registry entry. I
    also turned off system restore to prevent the program from residing anywhere
    else.

    As for the reference from mhaase-at-spring-mind.com that the "story" about
    the attack from the internet was fact. My popupblocker identifies any
    websites the computer has visited--the computer did not visit any type of
    website that should have attracted an attack. I track things very carefully
    and this attack was unprovoked, and nothing out of the ordinary happened
    prior to provoke it--such as visiting sites that you shouldn't.
     
    me, Feb 11, 2006
    #12
  13. Re: browser hijacked--Fixed the problem

    On Sat, 11 Feb 2006 12:37:22 -0800, "me" <> wrote:

    >As for the reference from mhaase-at-spring-mind.com that the "story" about
    >the attack from the internet was fact. My popupblocker identifies any
    >websites the computer has visited--the computer did not visit any type of
    >website that should have attracted an attack. I track things very carefully
    >and this attack was unprovoked, and nothing out of the ordinary happened
    >prior to provoke it--such as visiting sites that you shouldn't.



    So your computer was just sitting there on line, and through no action
    of the operator:

    1) a virus/spyware from the Internet hit your IP address

    2) went through the firewall,

    3) somehow injected a program into your computer,

    4) then ran it

    thereby infecting the machine with a virus/spyware.

    Sorry, but that's extreeeeeeemely far fetched. The list of conditions
    that would have to exist for that to happen is really unlikely, and it
    would have to include things that the average home user doesn't do
    (like running servers with open ports).

    My point is that stories like this get spread around and the average
    (naive) computer user starts to believe "It's nothing *I* did that
    caused the spyware infection...that stuff happens by itself".
    Therefore they never learn what they *ARE* doing that's causing the
    problem, and therefore never stop.

    I can 99.9% guaranty that your infection was caused by something your
    brother did. Possibly clicking "yes" on something he shouldn't have,
    possibly downloading some "helpful utility", or possibly visiting a
    website that initiated "drive-by" spyware.

    You say:

    "I am using a firewall which detected and intercepted the attack"

    Please tell us what the firewall log said. If this is something I've
    never heard of, I'd like to learn about it.

    Thanks!

    M
     
    mhaase-at-springmind.com, Feb 12, 2006
    #13
  14. Re: browser hijacked--update

    wrote:
    > me wrote:
    >
    >> I am totally befuddled by this--either this attack is extremely new and
    >> nothing has been developed to detect it yet or my computer was actually
    >> hacked from the internet without ever having to install anything. I am very
    >> confused now, but still refuse to give up on this. I'm hard headed on some
    >> things and I am not yet ready to cut my losses and reinstall.

    >
    > Did you try my suggestion? The home page can be locked via the Local
    > Security Policy...that's probably why the scans do not find anything.
    >
    > Adam
    >


    mhaase-at-springmind.com wrote:
    > On Sat, 11 Feb 2006 12:37:22 -0800, "me" <> wrote:
    >
    >> As for the reference from mhaase-at-spring-mind.com that the "story"

    about
    >> the attack from the internet was fact. My popupblocker identifies any
    >> websites the computer has visited--the computer did not visit any

    type of
    >> website that should have attracted an attack. I track things very

    carefully
    >> and this attack was unprovoked, and nothing out of the ordinary happened
    >> prior to provoke it--such as visiting sites that you shouldn't.

    >
    >
    > So your computer was just sitting there on line, and through no action
    > of the operator:
    >
    > 1) a virus/spyware from the Internet hit your IP address
    >
    > 2) went through the firewall,
    >
    > 3) somehow injected a program into your computer,
    >
    > 4) then ran it
    >
    > thereby infecting the machine with a virus/spyware.
    >
    > Sorry, but that's extreeeeeeemely far fetched. The list of conditions
    > that would have to exist for that to happen is really unlikely, and it
    > would have to include things that the average home user doesn't do
    > (like running servers with open ports).
    >
    > My point is that stories like this get spread around and the average
    > (naive) computer user starts to believe "It's nothing *I* did that
    > caused the spyware infection...that stuff happens by itself".
    > Therefore they never learn what they *ARE* doing that's causing the
    > problem, and therefore never stop.
    >
    > I can 99.9% guaranty that your infection was caused by something your
    > brother did. Possibly clicking "yes" on something he shouldn't have,
    > possibly downloading some "helpful utility", or possibly visiting a
    > website that initiated "drive-by" spyware.
    >
    > You say:
    >
    > "I am using a firewall which detected and intercepted the attack"
    >
    > Please tell us what the firewall log said. If this is something I've
    > never heard of, I'd like to learn about it.
    >
    > Thanks!
    >
    > M
    >
    >
    >
    >


    He DID state he changed firewall settings, which I interpreted to mean
    he closed some open ports.

    While I agree, the intrusion WAS MOST LIKELY a result of something he or
    his brother did, it IS possible to have your computer attacked and
    hacked IF you leave it sitting online "exposed" (on a cable modem or DSL
    w/no router, for example). i.e. Bots that ping IP addresses
    sequentially, do port scans, etc.

    Unfortunately, part of this thread was already gone from the news server
    when I subscribed to this group. I did read some of the
    suggestions--change IE settings and local policy settings. To that I
    would add, shelve Internet Explorer and get Firefox and the extensions
    NoScript and Ad-Block Plus. THEN go directly to http://www.grc.com/ and
    take the time to go thru all the options of ShieldsUP to see IF and
    WHERE any vulnerabilities can be found.

    In my opinion, the exposure and programmability of IE's object model
    make it an insecure browser out-of-the-box.

    My .02 cents worth.
     
    PPP Does NOT Equal Ping Pong Paddle, Feb 17, 2006
    #14
  15. Re: browser hijacked--update

    On Fri, 17 Feb 2006 12:16:22 -0800, PPP Does NOT Equal Ping Pong
    Paddle <ppp@nogamesdotppp> wrote:

    > wrote:
    >> me wrote:
    >>
    >>> I am totally befuddled by this--either this attack is extremely new and
    >>> nothing has been developed to detect it yet or my computer was actually
    >>> hacked from the internet without ever having to install anything. I am very
    >>> confused now, but still refuse to give up on this. I'm hard headed on some
    >>> things and I am not yet ready to cut my losses and reinstall.

    >>
    >> Did you try my suggestion? The home page can be locked via the Local
    >> Security Policy...that's probably why the scans do not find anything.
    >>
    >> Adam
    >>

    >
    >mhaase-at-springmind.com wrote:
    > > On Sat, 11 Feb 2006 12:37:22 -0800, "me" <> wrote:
    > >
    > >> As for the reference from mhaase-at-spring-mind.com that the "story"

    >about
    > >> the attack from the internet was fact. My popupblocker identifies any
    > >> websites the computer has visited--the computer did not visit any

    >type of
    > >> website that should have attracted an attack. I track things very

    >carefully
    > >> and this attack was unprovoked, and nothing out of the ordinary happened
    > >> prior to provoke it--such as visiting sites that you shouldn't.

    > >
    > >
    > > So your computer was just sitting there on line, and through no action
    > > of the operator:
    > >
    > > 1) a virus/spyware from the Internet hit your IP address
    > >
    > > 2) went through the firewall,
    > >
    > > 3) somehow injected a program into your computer,
    > >
    > > 4) then ran it
    > >
    > > thereby infecting the machine with a virus/spyware.
    > >
    > > Sorry, but that's extreeeeeeemely far fetched. The list of conditions
    > > that would have to exist for that to happen is really unlikely, and it
    > > would have to include things that the average home user doesn't do
    > > (like running servers with open ports).
    > >
    > > My point is that stories like this get spread around and the average
    > > (naive) computer user starts to believe "It's nothing *I* did that
    > > caused the spyware infection...that stuff happens by itself".
    > > Therefore they never learn what they *ARE* doing that's causing the
    > > problem, and therefore never stop.
    > >
    > > I can 99.9% guaranty that your infection was caused by something your
    > > brother did. Possibly clicking "yes" on something he shouldn't have,
    > > possibly downloading some "helpful utility", or possibly visiting a
    > > website that initiated "drive-by" spyware.
    > >
    > > You say:
    > >
    > > "I am using a firewall which detected and intercepted the attack"
    > >
    > > Please tell us what the firewall log said. If this is something I've
    > > never heard of, I'd like to learn about it.
    > >
    > > Thanks!
    > >
    > > M
    > >
    > >
    > >
    > >

    >
    >He DID state he changed firewall settings, which I interpreted to mean
    >he closed some open ports.
    >
    >While I agree, the intrusion WAS MOST LIKELY a result of something he or
    >his brother did, it IS possible to have your computer attacked and
    >hacked IF you leave it sitting online "exposed" (on a cable modem or DSL
    >w/no router, for example). i.e. Bots that ping IP addresses
    >sequentially, do port scans, etc.


    Of course, but the fact that he *does* have a firewall means that's
    extremely unlikely. Also, why would he have a firewall with any
    vulnerable ports open anyway? What's the purpose of the thing then?

    He also claims he's "very careful", which I would interpret to mean a)
    he *didn't* have any open ports (more evidence it was an operator
    error), and b) he probably *does* have a router.

    I simply asked him to tell us what his logs said so we/I could
    determine what happened.

    I get tired of people claiming that all sorts of wild unprovoked
    "attacks" are getting through to their computers. I'd like to help
    them get educated as to exactly what *IS* happening so they can
    prevent it, instead of spreading "Urban Computer Myths".

    I deal with clients everyday who, at the least little computing
    hiccup, claim their "computer must have a virus!" It's a VIRUS
    EPIDEMIC!!! EVERYBODY RUN FOR THE HILLS!!!!!!

    M
     
    mhaase-at-springmind.com, Feb 18, 2006
    #15
  16. me

    me Guest

    Re: browser hijacked--update

    I don't believe I asked for supposition based on information not supplied to
    you. I asked for ideas which were based on the information provided. I do
    not doubt what was said by my brother. I state again that the attack
    occured for a period of approximately 10 minutes and after the attack which
    came from a website on the internet--which I tracked and contacted the ISP
    about that little issue--my brower homepage was changed to a Turkish site.
    As for what you personally believe, as to whether what I said was truth or
    not I really just don't give a crap about whether you think the attack was
    unprovoked or not.
    I maintain the attack was unprovoked, and yes, I am very careful about
    how I do things on my computer. Probably more so than many of the
    "professionals". So, get over yourself. I asked for ideas based on the
    information supplied, not suppositions which you dug up from the far nether
    reaches of your mind.
     
    me, Feb 20, 2006
    #16
  17. Re: browser hijacked--update

    On Mon, 20 Feb 2006 09:30:31 -0800, "me" <> wrote:

    >I don't believe I asked for supposition based on information not supplied to
    >you. I asked for ideas which were based on the information provided. I do
    >not doubt what was said by my brother. I state again that the attack
    >occured for a period of approximately 10 minutes and after the attack which
    >came from a website on the internet--which I tracked and contacted the ISP
    >about that little issue--my brower homepage was changed to a Turkish site.
    > As for what you personally believe, as to whether what I said was truth or
    >not I really just don't give a crap about whether you think the attack was
    >unprovoked or not.
    > I maintain the attack was unprovoked, and yes, I am very careful about
    >how I do things on my computer. Probably more so than many of the
    >"professionals". So, get over yourself. I asked for ideas based on the
    >information supplied, not suppositions which you dug up from the far nether
    >reaches of your mind.



    And I gave you ideas & suggestions based on the information you
    provided....or did you miss that?

    All I'm asking is for more information on "the atack" (firewall logs,
    router config if any, etc) so we/I can learn from it. Apparantly
    you're not interested in discovering what actually happened - so
    unfortunately, you're destined to be "attacked" again.

    You *do* get awfully upset over a simple request, don't you?

    Anyway, I'll know better than to offer any help next time you ask.
     
    mhaase-at-springmind.com, Feb 20, 2006
    #17
  18. Re: browser hijacked--update

    The fact that his PC was intruded MAY make it too late for anything but
    severe remedies.

    To my knowledge, there are 2 levels of security we all need to be
    concerned about: 1.)Intrusion and 2.)Rootkits (software that can hide
    and gain total control of the OS).

    IF a rootkit has made its way onto that PC, then wiping ALL the drives
    on it are the only sure remedy. If by chance, one of the rogue programs
    made its way onto a floppy disk or cd burned by the host, then it might
    easily get put right back on the machine.

    Most of the focus these days (media hype/press, anyway) is on viruses,
    spyware, and spam. Rootkits are much more threatening and are a prime
    reason we should all be so concerned about viruses, worms, spyware,
    malware, spam, etc.

    In my opion, anyway!

    John


    mhaase-at-springmind.com wrote:
    > On Mon, 20 Feb 2006 09:30:31 -0800, "me" <> wrote:
    >
    >
    >>I don't believe I asked for supposition based on information not supplied to
    >>you. I asked for ideas which were based on the information provided. I do
    >>not doubt what was said by my brother. I state again that the attack
    >>occured for a period of approximately 10 minutes and after the attack which
    >>came from a website on the internet--which I tracked and contacted the ISP
    >>about that little issue--my brower homepage was changed to a Turkish site.
    >>As for what you personally believe, as to whether what I said was truth or
    >>not I really just don't give a crap about whether you think the attack was
    >>unprovoked or not.
    >> I maintain the attack was unprovoked, and yes, I am very careful about
    >>how I do things on my computer. Probably more so than many of the
    >>"professionals". So, get over yourself. I asked for ideas based on the
    >>information supplied, not suppositions which you dug up from the far nether
    >>reaches of your mind.

    >
    >
    >
    > And I gave you ideas & suggestions based on the information you
    > provided....or did you miss that?
    >
    > All I'm asking is for more information on "the atack" (firewall logs,
    > router config if any, etc) so we/I can learn from it. Apparantly
    > you're not interested in discovering what actually happened - so
    > unfortunately, you're destined to be "attacked" again.
    >
    > You *do* get awfully upset over a simple request, don't you?
    >
    > Anyway, I'll know better than to offer any help next time you ask.
    >
    >
    >
    >
    >
    >
    >
    >
     
    WinXP_Powered, Feb 21, 2006
    #18
  19. me

    Butterfield Guest

    On Tue, 7 Feb 2006 19:35:28 -0500, "me" <> wrote:

    >Ok, here is a puzzler. Yesterday afternoon after I got home my brother told
    >me that there was an attack on the computer from the internet and all of a
    >sudden a series of pop-ups appeared and the browser homepage was immediately
    >changed to http://www.bilfen-kizlari.com I have used HijackThis, and Spybot
    >S&D and though HijackThis did find a couple things--nothing that would
    >indicate to me any type of browser hijacker. I went into the registry and
    >eliminated the three references that I could find of the website--I have
    >went into the registry and manually set my homepage back to my original
    >homepage. The problem is--in Internet Explorer--tools\options, the option
    >to change and set my homepage is now greyed out with no visible way of
    >fixing it. I have also just finished using spybot S&D and it found
    >absolutely nothing that would indicate any kind of problem--it literally
    >found nothing. I have used adaware and it found only a couple of things
    >from Alexa and a couple cookies. So I am at a loss. There are no visible
    >signs of spyware installed. I am using an XP Pro machine with 512mb DDR
    >SDRAM on an Athlon 3000+ with a 256mb DDR video card. I am using a
    >firewall which detected and intercepted the attack, and I also using a popup
    >blocker that came with adaware. All known registry entries to this website
    >have been deleted, and apparently Spybot nor HijackThis can find anything.
    >I have looked in Msconfig to see what was starting up--and the only things
    >in that are my normal software. I have looked at the running processes and
    >there seems to be nothing out of the ordinary.
    >
    >So that is the background. Does anyone have any ideas for me?
    >


    For best results run spyware cleaners in safe mode.
     
    Butterfield, Mar 2, 2006
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike Hawk

    Browser hijacked...?

    Mike Hawk, Jul 8, 2003, in forum: Computer Support
    Replies:
    7
    Views:
    687
    Jimchip
    Jul 8, 2003
  2. richmac

    Help browser hijacked

    richmac, Jul 17, 2003, in forum: Computer Support
    Replies:
    5
    Views:
    618
    Baron Von Reeve
    Jul 18, 2003
  3. lisa10

    help! browser's been hijacked.

    lisa10, Sep 28, 2003, in forum: Computer Support
    Replies:
    5
    Views:
    505
    Boomer
    Oct 23, 2003
  4. Ivor Smallone

    Browser Hijacked

    Ivor Smallone, Nov 11, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    507
  5. Guest

    no close virus..Hijacked browser !!!

    Guest, Dec 3, 2003, in forum: Computer Support
    Replies:
    5
    Views:
    698
    ┬░Mike┬░
    Dec 4, 2003
Loading...

Share This Page