OT, Help, Browser take over attack Options

[DNHunt]

Every time I visit here I get a browser take over the next time I connect. It adds some pretty digusting stuff to our favorites list and I'm not sure what else it may be trying to do. Ad-Aware will remove it but, it comes back. Here's what Ad-Aware says about it.

Vendor:Possible Browser Hijack attempt
Category:Malware
Object Type:RegData
Size:-
Location:Software\Microsoft\Internet Explorer\Main "Start Page" ("res://mshp.dll/index.html#37049")
Last Activity:3-27-2004
Risk LevelMedium
Comment:Possible browser hijack attempt
Description:Possible attempt to control\redirect the browser. This object referrs to a "blacklisted" site.

Anybody else get this? Any suggestions?

Dave

[Bleyseng]

Try Spy Bot to remove it.
Is your start page on MSN? Move it to this BBS

[J P Stein]

I too would try spybot.

After you scan with spybot there is an optional boxcheck that doesn't allow anyone to change the browser. To change it, the box needs to be unchecked.

[Bruce Allert]

I just had the exact same thing happen yesterday & is still going on. I've run SpyBot 5 times so far & keep coming up with more along with pop up ads whilst it's running!!! (IMG:style_emoticons/default/headbang.gif) I'm still fighting it. There's this one Casino that keeps installing itself too. When that starts I have to do an alt ctrl delete to shut it down. Sure would like to find all this shit & get it removed from the system!!! (IMG:style_emoticons/default/fighting19.gif)

..........b

[Mark Henry]

Yep I had the same thing and it would always come back.

It is attaching itself to another prorgarm, then when you blow it off it comes back. I ended up blowing off most of my games and ran spybot a couple of times on start-up.

Once I was sure it was gone I reloaded the games I wanted and the problem was solved.
It was the kliz (sp?) worm.

[sanglee007]

Spybot / Adaware work well, and you can always run Hijackthis to get a log of what's going on with your system, and post it.


Hijack this download

Hijack this download page incase the direct download doesn't work

Sang

[mikester]

You can also run the google tool bar as it has a pop-up blocker that works fairly well.

[tracks914]

I run Netscape browser and Mail programs at home and Microsoft at work. Microsoft gets 10 times more hits and problems than Netscape does. Netscape is still free and keeps Big Bill from owning everything on the web.
I haven't been hijacked yet with my home browser. It only seems to happen when I run Explorer. (IMG:style_emoticons/default/laugh.gif)

[Joe Bob]

I ended up getting the Spysweeper from Webroot.....I had a nasty attachment that was recurring and AdAware and SpyBot wouldn't kill it....

Spysweeper has a subscription service for updates while the others did not....at least back then.

[Qarl]

EVERYONE should run this software. It's free and will clear a lot of spyware crap off your PC.

http://www.safer-networking.org/index.php?...p?page=download

Scroll down and download Spybot Search and Destory 1.2

Also the updates.

Install the software, then the updates.

Close everything down. and run the program

Then immunize your PC against future crap.

You will be surprised how much stuff gets to your computer. Also your computer MAY run faster if it finds a lot of stuff and clears it off.

My neighbor has 3 boys that are always surfing the net (for porn, I'm sure). Anyways, they had so much stuff, that Windows took about 10 minutes to boot.

[Malmz]

Yep, my key while at clients. Spybot Search and Destroy 1.2 with all the updates get install on every machine I touch now. Make sure you immunize and lock the browser (also on the immunize tab, you have to scroll down to see it).

When that doesn't work, hijackthis. Another free tool that just digs deeper. I have even totally cleaned house with hijackthis when necessary and then just installed any start program as necessary. If you delete everything with hijackthis, it will erase your default Explorer page so don't be shocked if you bring up IE and it goes to a blank page. Save a log (option in the program) just in case you need to add anything back.

Bagle-Q kicked my ass on a couple computers last week. Comes in email and you don't have to execute anything to launch it. Got a hold of it now, but it's a nasty little virus that came in under the radar...

sm

[Bruce Allert]

I did the Spybot install but had to install Ad-Ware due to ads poping up without having any sites open. Also installed Google tool bars for watching & stopping pop ups. I think I'm finally clean (IMG:style_emoticons/default/beer.gif)

...........b

[Malmz]

Also, Hotbar was made my Satan. (IMG:style_emoticons/default/happy11.gif) If you have it, remove it. I have found more slow systems due to Hotbar then anything else recently.

sm

[914gt40]

I agree with Mikez, Spysweeper from webroot.com rules!
you can try before you buy and I bought it because out of all I've tried it is the best!

[rhodyguy]

major attempt at browser change for me too. i get the message with the attempt to change from mynetzero.net/s/search?r=minisearch, to websearch.drsnsrch.com/sidesearch.cgi?uid=1864807806id=5.0. i have to hit "restore old settings" about 6 times before the notice goes away. then, everytime i open a new page the notice reappears. i am getting major popups that i NEVER got before, over the last couple of weeks. i run spybot regularly and get the no threats found. (IMG:http://www.914world.com/bbs2/html/emoticons/confused24.gif)

k

[balljoint]

Mozilla Firefox and Thunderbird I just switched over to this browser and e-mail software. It's free and because it is different enough from the MS stuff, it is not as susceptible to all the crap out there. Quite frankly, it has made surfing for porn enjoyable again.

Mozilla

[rhodyguy]

i seem to get the b.c. notice frequently when ever there is an update from mc. i am computer skills lacking. it's all a big "what do i do?" to me.

k

[dinomium]

Dave, you might have to remove the bug manually from the registry... Every day I have to kleen out the crap that the web puts into the client machines. And yes even Netscape gets hit!
Gain, CoolWebSearch and Bargin Buddy are what we see here at work, but he porn ones are REALLY hard to kill.
PM me if you need a home visit...

[rhodyguy]

you might as well come by my place too dino. i would have you walk me through on the phone, but if i have to be online, the computer gets in the way of the telephone.

k

[TravisNeff]

Hacking the registry doesn't always stop the problem. They usually hide in hkey_local_machine\software\microsoft\windows\currentversion\run

You delete the entry, and in a second or two it pops back up again. However if you can find out the name of the file, you can do a google search on it and 99% of the time you will get some comprehensive instructions on removal.