OT, Help, Browser take over attack |
|
Porsche, and the Porsche crest are registered trademarks of Dr. Ing. h.c. F. Porsche AG.
This site is not affiliated with Porsche in any way. Its only purpose is to provide an online forum for car enthusiasts. All other trademarks are property of their respective owners. |
|
OT, Help, Browser take over attack |
DNHunt |
Mar 27 2004, 08:51 AM
Post
#1
|
914 Wizard? No way. I got too much to learn. Group: Members Posts: 4,099 Joined: 21-April 03 From: Gig Harbor, WA Member No.: 598 |
Every time I visit here I get a browser take over the next time I connect. It adds some pretty digusting stuff to our favorites list and I'm not sure what else it may be trying to do. Ad-Aware will remove it but, it comes back. Here's what Ad-Aware says about it.
Vendor:Possible Browser Hijack attempt Category:Malware Object Type:RegData Size:- Location:Software\Microsoft\Internet Explorer\Main "Start Page" ("res://mshp.dll/index.html#37049") Last Activity:3-27-2004 Risk LevelMedium Comment:Possible browser hijack attempt Description:Possible attempt to control\redirect the browser. This object referrs to a "blacklisted" site. Anybody else get this? Any suggestions? Dave |
Bleyseng |
Mar 27 2004, 09:04 AM
Post
#2
|
Aircooled Baby! Group: Members Posts: 13,034 Joined: 27-December 02 From: Seattle, Washington (for now) Member No.: 24 Region Association: Pacific Northwest |
Try Spy Bot to remove it.
Is your start page on MSN? Move it to this BBS |
J P Stein |
Mar 27 2004, 09:42 AM
Post
#3
|
Irrelevant old fart Group: Members Posts: 8,797 Joined: 30-December 02 From: Vancouver, WA Member No.: 45 Region Association: None |
I too would try spybot.
After you scan with spybot there is an optional boxcheck that doesn't allow anyone to change the browser. To change it, the box needs to be unchecked. |
Bruce Allert |
Mar 27 2004, 09:53 AM
Post
#4
|
Hellions asleep Group: Members Posts: 3,289 Joined: 19-March 03 From: Eagle Creek, Orygun Member No.: 441 Region Association: Pacific Northwest |
I just had the exact same thing happen yesterday & is still going on. I've run SpyBot 5 times so far & keep coming up with more along with pop up ads whilst it's running!!! (IMG:style_emoticons/default/headbang.gif) I'm still fighting it. There's this one Casino that keeps installing itself too. When that starts I have to do an alt ctrl delete to shut it down. Sure would like to find all this shit & get it removed from the system!!! (IMG:style_emoticons/default/fighting19.gif)
..........b |
Mark Henry |
Mar 27 2004, 10:14 AM
Post
#5
|
that's what I do! Group: Members Posts: 20,065 Joined: 27-December 02 From: Port Hope, Ontario Member No.: 26 Region Association: Canada |
Yep I had the same thing and it would always come back.
It is attaching itself to another prorgarm, then when you blow it off it comes back. I ended up blowing off most of my games and ran spybot a couple of times on start-up. Once I was sure it was gone I reloaded the games I wanted and the problem was solved. It was the kliz (sp?) worm. |
sanglee007 |
Mar 27 2004, 11:36 AM
Post
#6
|
Unregistered |
Spybot / Adaware work well, and you can always run Hijackthis to get a log of what's going on with your system, and post it.
Hijack this download Hijack this download page incase the direct download doesn't work Sang |
mikester |
Mar 27 2004, 12:50 PM
Post
#7
|
Member Group: Members Posts: 326 Joined: 18-June 03 From: CA Member No.: 837 |
You can also run the google tool bar as it has a pop-up blocker that works fairly well.
|
tracks914 |
Mar 27 2004, 07:11 PM
Post
#8
|
Canadian Member Group: Benefactors Posts: 2,083 Joined: 15-January 03 From: Timmins, Ontario, Canada Member No.: 153 Region Association: None |
I run Netscape browser and Mail programs at home and Microsoft at work. Microsoft gets 10 times more hits and problems than Netscape does. Netscape is still free and keeps Big Bill from owning everything on the web.
I haven't been hijacked yet with my home browser. It only seems to happen when I run Explorer. (IMG:style_emoticons/default/laugh.gif) |
Joe Bob |
Mar 27 2004, 07:20 PM
Post
#9
|
Retired admin, banned a few times Group: Members Posts: 17,427 Joined: 24-December 02 From: Boulder CO Member No.: 5 Region Association: None |
I ended up getting the Spysweeper from Webroot.....I had a nasty attachment that was recurring and AdAware and SpyBot wouldn't kill it....
Spysweeper has a subscription service for updates while the others did not....at least back then. |
Qarl |
Mar 27 2004, 07:23 PM
Post
#10
|
Shriveled member Group: Benefactors Posts: 5,233 Joined: 8-February 03 From: Florida Member No.: 271 Region Association: None |
EVERYONE should run this software. It's free and will clear a lot of spyware crap off your PC.
http://www.safer-networking.org/index.php?...p?page=download Scroll down and download Spybot Search and Destory 1.2 Also the updates. Install the software, then the updates. Close everything down. and run the program Then immunize your PC against future crap. You will be surprised how much stuff gets to your computer. Also your computer MAY run faster if it finds a lot of stuff and clears it off. My neighbor has 3 boys that are always surfing the net (for porn, I'm sure). Anyways, they had so much stuff, that Windows took about 10 minutes to boot. |
Malmz |
Mar 27 2004, 10:26 PM
Post
#11
|
CSOBOSC founding member Group: Benefactors Posts: 489 Joined: 22-April 03 From: So. Cal Member No.: 602 |
Yep, my key while at clients. Spybot Search and Destroy 1.2 with all the updates get install on every machine I touch now. Make sure you immunize and lock the browser (also on the immunize tab, you have to scroll down to see it).
When that doesn't work, hijackthis. Another free tool that just digs deeper. I have even totally cleaned house with hijackthis when necessary and then just installed any start program as necessary. If you delete everything with hijackthis, it will erase your default Explorer page so don't be shocked if you bring up IE and it goes to a blank page. Save a log (option in the program) just in case you need to add anything back. Bagle-Q kicked my ass on a couple computers last week. Comes in email and you don't have to execute anything to launch it. Got a hold of it now, but it's a nasty little virus that came in under the radar... sm |
Bruce Allert |
Mar 28 2004, 07:52 AM
Post
#12
|
Hellions asleep Group: Members Posts: 3,289 Joined: 19-March 03 From: Eagle Creek, Orygun Member No.: 441 Region Association: Pacific Northwest |
I did the Spybot install but had to install Ad-Ware due to ads poping up without having any sites open. Also installed Google tool bars for watching & stopping pop ups. I think I'm finally clean (IMG:style_emoticons/default/beer.gif)
...........b |
Malmz |
Mar 28 2004, 12:32 PM
Post
#13
|
CSOBOSC founding member Group: Benefactors Posts: 489 Joined: 22-April 03 From: So. Cal Member No.: 602 |
Also, Hotbar was made my Satan. (IMG:style_emoticons/default/happy11.gif) If you have it, remove it. I have found more slow systems due to Hotbar then anything else recently.
sm |
914gt40 |
Feb 21 2005, 12:40 PM
Post
#14
|
Newbie Group: Members Posts: 4 Joined: 14-February 05 From: Montreal, Canada Member No.: 3,600 |
I agree with Mikez, Spysweeper from webroot.com rules!
you can try before you buy and I bought it because out of all I've tried it is the best! |
rhodyguy |
Feb 21 2005, 01:09 PM
Post
#15
|
Chimp Sanctuary NW. Check it out. Group: Members Posts: 22,071 Joined: 2-March 03 From: Orion's Bell. The BELL! Member No.: 378 Region Association: Galt's Gulch |
major attempt at browser change for me too. i get the message with the attempt to change from mynetzero.net/s/search?r=minisearch, to websearch.drsnsrch.com/sidesearch.cgi?uid=1864807806id=5.0. i have to hit "restore old settings" about 6 times before the notice goes away. then, everytime i open a new page the notice reappears. i am getting major popups that i NEVER got before, over the last couple of weeks. i run spybot regularly and get the no threats found. (IMG:http://www.914world.com/bbs2/html/emoticons/confused24.gif)
k |
balljoint |
Feb 21 2005, 01:33 PM
Post
#16
|
914 Wizard Group: Members Posts: 10,000 Joined: 6-April 04 Member No.: 1,897 Region Association: None |
Mozilla Firefox and Thunderbird I just switched over to this browser and e-mail software. It's free and because it is different enough from the MS stuff, it is not as susceptible to all the crap out there. Quite frankly, it has made surfing for porn enjoyable again.
Mozilla |
rhodyguy |
Feb 21 2005, 01:44 PM
Post
#17
|
Chimp Sanctuary NW. Check it out. Group: Members Posts: 22,071 Joined: 2-March 03 From: Orion's Bell. The BELL! Member No.: 378 Region Association: Galt's Gulch |
i seem to get the b.c. notice frequently when ever there is an update from mc. i am computer skills lacking. it's all a big "what do i do?" to me.
k |
dinomium |
Feb 21 2005, 01:50 PM
Post
#18
|
Git on a chair son, all the good stuff is goin over yer head! Group: Benefactors Posts: 2,777 Joined: 2-January 03 From: Bremerton, WA Member No.: 74 Region Association: Pacific Northwest |
Dave, you might have to remove the bug manually from the registry... Every day I have to kleen out the crap that the web puts into the client machines. And yes even Netscape gets hit!
Gain, CoolWebSearch and Bargin Buddy are what we see here at work, but he porn ones are REALLY hard to kill. PM me if you need a home visit... |
rhodyguy |
Feb 21 2005, 01:57 PM
Post
#19
|
Chimp Sanctuary NW. Check it out. Group: Members Posts: 22,071 Joined: 2-March 03 From: Orion's Bell. The BELL! Member No.: 378 Region Association: Galt's Gulch |
you might as well come by my place too dino. i would have you walk me through on the phone, but if i have to be online, the computer gets in the way of the telephone.
k |
TravisNeff |
Feb 21 2005, 02:09 PM
Post
#20
|
914 Guru Group: Members Posts: 5,082 Joined: 20-March 03 From: Mesa, AZ Member No.: 447 Region Association: Southwest Region |
Hacking the registry doesn't always stop the problem. They usually hide in hkey_local_machine\software\microsoft\windows\currentversion\run
You delete the entry, and in a second or two it pops back up again. However if you can find out the name of the file, you can do a google search on it and 99% of the time you will get some comprehensive instructions on removal. |
Lo-Fi Version | Time is now: 3rd May 2024 - 07:37 PM |
All rights reserved 914World.com © since 2002 |
914World.com is the fastest growing online 914 community! We have it all, classifieds, events, forums, vendors, parts, autocross, racing, technical articles, events calendar, newsletter, restoration, gallery, archives, history and more for your Porsche 914 ... |