A program is hijacking my browser... - VeggieBoards - A Vegetarian Community
Forum Jump: 
 
Thread Tools
#1 Old 12-25-2003, 04:10 PM
Banned
 
Tame's Avatar
 
Join Date: Oct 2001
Posts: 13,022
And I have no idea how to get rid of it.



I tried SpySubtract. Reports nothing looks like spyware on my machine.



AdWare-6 lists tells me the same thing.



I have Zone Alarm installed, ran a Norton virus scan, but I am still getting these hijackings, which are somehow getting past my popup stopper also.



My start page keeps getting switched to search-space.com.



Help?
Tame is offline  
Sponsored Links
Advertisement
 
#2 Old 12-25-2003, 04:25 PM
Banned
 
Kurmudgeon's Avatar
 
Join Date: Jan 2003
Posts: 5,034
Have you been going to VS?



Okay, seriously, what Operating System and browser are you using? I may be able to help a little if it is Windows and/or Internet Explorer.
Kurmudgeon is offline  
#3 Old 12-25-2003, 04:28 PM
Banned
 
Tame's Avatar
 
Join Date: Oct 2001
Posts: 13,022
Quote:
Originally Posted by Kurmudgeon View Post

Have you been going to VS?



Okay, seriously, what Operating System and browser are you using? I may be able to help a little if it is Windows and/or Internet Explorer.



Windows XP and IE. (I know they sck, but they came with the system.)



I'm thinking Tame, JR visited some sites he, ahem, shouldn't have in between when I bought it and when I got all of my security softare installed.
Tame is offline  
#4 Old 12-25-2003, 04:44 PM
Banned
 
Kurmudgeon's Avatar
 
Join Date: Jan 2003
Posts: 5,034
I guess this is more of a cure than prevention, but to stop the start page being hijacked:



http://www.mvps.org/winhelp2002/ietips.htm

(Scroll down to "Protecting your Internet Explorer", although this whole page has useful stuff.)



So to lock the start page:

http://www.mvps.org/winhelp2002/HKCU_Hide_HomePage.reg

(You can just click on this, click "Open", then "Yes"..... I tested it and it worked fine.)



To enable the start page being changed:

http://www.mvps.org/winhelp2002/UnlockHomePage.reg



So that should prevent programs changing the start page.
Kurmudgeon is offline  
#5 Old 12-25-2003, 04:52 PM
Banned
 
Tame's Avatar
 
Join Date: Oct 2001
Posts: 13,022
Cool. That is done and looks like it worked.



Now, any advice on how to get rid of what is redirecting my browser?
Tame is offline  
#6 Old 12-25-2003, 04:53 PM
Banned
 
Tame's Avatar
 
Join Date: Oct 2001
Posts: 13,022
I forgot to add - THANKS!
Tame is offline  
#7 Old 12-25-2003, 05:08 PM
Joe
Beginner
 
Joe's Avatar
 
Join Date: Oct 2001
Posts: 5,659
I don't know the answer to your problem, but you might find some of the things on this site helpful. The site focuses on other aspects of the spyware problem, but does suggest some free removal tools.



http://www.unwantedlinks.com/removespyware.htm



[ETA: By the time I wrote this, the problem had already been solved.

Might help prevent some future problems.]
Joe is offline  
#8 Old 12-25-2003, 05:17 PM
Banned
 
Tame's Avatar
 
Join Date: Oct 2001
Posts: 13,022
Joe - thanks for the link. If the hijacks continue, I will need everything I can get.



Since I locked the start page, no new attacks. We'll see what happens though. This was starting to piss me off.
Tame is offline  
#9 Old 12-25-2003, 05:20 PM
Banned
 
Kurmudgeon's Avatar
 
Join Date: Jan 2003
Posts: 5,034
The following program may be able to reveal something:

http://www.merijn.org/files/hijackthis.zip
Kurmudgeon is offline  
#10 Old 12-25-2003, 05:21 PM
Beginner
 
JLRodgers's Avatar
 
Join Date: Apr 2003
Posts: 4,819
Tame, there's probably a program running when you start up the computer... if you see something funny that's running (either in the processes, or registry) seach for in in google... it should tell you what it is.



http://www.liutilities.com/products/...rocesslibrary/

A pretty useful listing of common programs listed in the registry startup and processes (including viruses and things that hijack the browser!) I think the site wants you to buy stuff... but don't mess with it, just use the links to see what the programs are that are running.



The registry location (although don't delete or change anything... you could mess up stuff):

HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\C urrentVersion\\Run

[on many PC's this is empty or close to it]



Also HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\ CurrentVersion\\Run

[many times has a lot of stuff running...]



You can alawys export the registry key to back it up, and remove items in the Run part (just individual items, not the run folder itself), but I wouldn't unless you know it's a bad thing, and it's been exported first.
JLRodgers is offline  
#11 Old 12-25-2003, 05:26 PM
Banned
 
Tame's Avatar
 
Join Date: Oct 2001
Posts: 13,022
Okay, I do have backWeb.exe...but my computer is a Compaq, and I read thaht they do use that program for something. I know roughly when this crap started, and backWeb was on there well before that date.
Tame is offline  
#12 Old 12-25-2003, 05:28 PM
Beginner
 
Robert's Avatar
 
Join Date: Oct 2001
Posts: 3,192
Tame: please see the following URL. Post #2 outlines a procedure to uninstall this search page hijack:



http://www.computercops.us/postt9894.html
Robert is offline  
#13 Old 12-25-2003, 05:29 PM
Banned
 
Tame's Avatar
 
Join Date: Oct 2001
Posts: 13,022
Okay, I just ran CWshredder which I found from Kurm's link, and it did find a spyware program of some sort. It took it out, and so far no problems.
Tame is offline  
#14 Old 12-25-2003, 05:30 PM
Banned
 
Tame's Avatar
 
Join Date: Oct 2001
Posts: 13,022
Quote:
Originally Posted by Robert View Post

Tame: please see the following URL. Post #2 outlines a procedure to uninstall this search page hijack:



http://www.computercops.us/postt9894.html



Heh. I had just found that!
Tame is offline  
#15 Old 12-25-2003, 05:30 PM
Banned
 
Kurmudgeon's Avatar
 
Join Date: Jan 2003
Posts: 5,034
A quicker way to see things loaded at startup is:

Click Start, Run, type in msconfig, then press Enter.

The top right tab (Startup) should show a list of what is loading at startup.
Kurmudgeon is offline  
#16 Old 12-25-2003, 05:48 PM
Banned
 
Tame's Avatar
 
Join Date: Oct 2001
Posts: 13,022
JL and Kurm - just checked, nothing looks suspicious. Also, since I ran the CWshredder, no further hijack attempts. It's been sometime, and I haven't went this long without an attempt.
Tame is offline  
#17 Old 12-25-2003, 05:53 PM
Beginner
 
Robert's Avatar
 
Join Date: Oct 2001
Posts: 3,192
Ok, cool. Watch for it though Tame. Also... if you have not already done so, go and get yourself Spybot Search and Destroy... run it and then click the Immunize button. In there you can lock up stuff like your start page, so that these scumbag websites cannot manipulate IE.



What I did was change my Internet Settings around. I set my Internet Zone to HIGH security, and manually add sites I trust to my Trusted Sites zone. NO site can execute Active X controls or anything unless I specifically allow them to by adding their site to my trsuted zones list. Bit of a pain, but I have never had any browser infections since, no matter what type of site I stumble onto.
Robert is offline  
#18 Old 12-25-2003, 05:56 PM
Banned
 
Tame's Avatar
 
Join Date: Oct 2001
Posts: 13,022
Robert - I think the problem was that Tame, Jr went running amock before all my security was in place. I *think* between the software I ahve and my firewalls I should be in good shape. We shall see. I may download Spybot to be on the safe side.
Tame is offline  
#19 Old 12-25-2003, 05:58 PM
Beginner
 
JLRodgers's Avatar
 
Join Date: Apr 2003
Posts: 4,819
And make sure IE's updated! A few of the patches prevent some of the hijacking.
JLRodgers is offline  
#20 Old 12-25-2003, 06:15 PM
Beginner
 
Vegan_Cannibal's Avatar
 
Join Date: Nov 2002
Posts: 92
hope we learned our lesson about downloading from XXX sites! your lucky you fixxed it in time- some of these "malware" programs can kill your motherboard- then your up sausage distillery creek with out a paddle!
Vegan_Cannibal is offline  
#21 Old 12-25-2003, 06:48 PM
Banned
 
Tame's Avatar
 
Join Date: Oct 2001
Posts: 13,022
Quote:
Originally Posted by Vegan_Cannibal View Post

hope we learned our lesson about downloading from XXX sites! your lucky you fixxed it in time- some of these "malware" programs can kill your motherboard- then your up sausage distillery creek with out a paddle!



Uh, "we" have not been downloading from XXX sites. And from personal experience, you can get this trash from a variety of ways.
Tame is offline  
#22 Old 12-25-2003, 07:01 PM
Beginner
 
schu's Avatar
 
Join Date: Jun 2003
Posts: 1,111
yea..you can get it by accidentally clicking a box that pops up on any website..they often try to install a "plugin" which is actually spyware/a browser hijack
schu is offline  
#23 Old 12-26-2003, 11:13 AM
Beginner
 
Sevenseas's Avatar
 
Join Date: Jul 2003
Posts: 25,068
I have tried some of the things mentioned here to cure my spyware/popup problems. The HijackThis program lists a huge pile of some probably useless things, but the program says that I shouldn't delete/fix them all because some of them might be "good" and important. Does anyone know what to do in this situation? (Most of the listed items begin with "04 - HKLM\\..\\Run".) Also, when I checked my startup program list, there's like about 30 items, but I don't know what to remove from there, either.



(I've downloaded various free popup-blockers, used the Immunize function of the Spybot Search & Destroy, have WinXP with IE6, but it's all messed up: my desktop freezes often so I have to reboot, and I think this is a result of all the spyware/popups.)



I changed some ActiveX settings in the IE properties, and now I time and time again get some ActiveX-related box with Yes and No - how can I get rid of this, do I have to change the settings back?



Is there any IE setting which allows only one window to open at a time? That would help a lot, but I haven't found that kind of settings.



(Hmm, a lot of questions.)

"and I stand

upon a mountain

made of weak and useless men"

Sevenseas is offline  
#24 Old 12-26-2003, 01:24 PM
Beginner
 
JLRodgers's Avatar
 
Join Date: Apr 2003
Posts: 4,819
The link I posted above:

http://www.liutilities.com/products/...rocesslibrary/



Has the spyware program names listed (along with many legitimate ones)... many should be the same name in the registry.
JLRodgers is offline  
#25 Old 12-26-2003, 03:30 PM
Beginner
 
kpickell's Avatar
 
Join Date: Dec 2002
Posts: 16,090
Quote:
Originally Posted by JLRodgers View Post


The registry location (although don't delete or change anything... you could mess up stuff):

HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\C urrentVersion\\Run

[on many PC's this is empty or close to it]

Also HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\ CurrentVersion\\Run

[many times has a lot of stuff running...]



I can't think of a single program you would ever want to be in either of those registery folders, except possible your virus scanner if that. Anytime someone tells me their computer is running slow or doing odd things I have them delete everything from those two locations and reboot.



Update your definitions in Spybot Search and Destroy and set it to Immunize everything.
kpickell is offline  
#26 Old 12-27-2003, 01:35 PM
Beginner
 
Sevenseas's Avatar
 
Join Date: Jul 2003
Posts: 25,068
Quote:
Originally Posted by JLRodgers View Post

The link I posted above:

http://www.liutilities.com/products...processlibrary/



Has the spyware program names listed (along with many legitimate ones)... many should be the same name in the registry.



Thanks for the link (didn't understand what it meant when I read your previous post), apparently I had at least two spyware programs (in my startup list), which I removed, and this seems to function much better now (haven't had to reboot yet, and there haven't been any popups to my knowledge).

"and I stand

upon a mountain

made of weak and useless men"

Sevenseas is offline  
#27 Old 01-25-2004, 10:37 PM
Beginner
 
aarealskei's Avatar
 
Join Date: Apr 2003
Posts: 569
I know I'm a bit late with this, but if you ever get into a jam, Tame, PM me. I have yet to see something that my husband couldn't fix or help someone else fix - and he doesn't ask questions, he just provides solutions to problems. To be honest, sometimes I think I'm married to a computer instead of a human. But like I said, I know this is a bit late, but keep me in mind if you run into further problems.
aarealskei is offline  
#28 Old 01-25-2004, 10:40 PM
Beginner
 
k@rm@_girl's Avatar
 
Join Date: Jan 2004
Posts: 163
spy bot will get rid of it. I got one once from clicking on a pop up. (no, I wasn't looking at anything racey)
k@rm@_girl is offline  
Reply

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off