Sign in with
Sign up | Sign in
Your question

Hijacked browser

Last response: in Windows XP
Share
Anonymous
March 30, 2005 10:07:31 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

My IE has been hijacked by a web site I visited. My home page was
changed, my search engine has been changed, and items were added to my
favorites. I am able to get all of these things back to normal, but
when I restart IE the junk is all back. Same if I reboot.

Additionally, there is a (bogus?) Windows Firewall look alike icon in
the system notification area with a hover note that "your computer may
be at risk". A balloon there wanted me to click on it, but I am
suspicious that this too is part of the spyware/adware that I caught.
There is also a periodic warning notification that appears with pretty
much the same message. It goes to an "MSN" site explaining
adware/spyware, but it also appears bogus because of the way the links
behave.

What is the best tool to get rid of this stuff? Are there known files
that I can find and dump? Has IE itself been altered or is it just
being pointed to the adware data for the alterations?

Dick Ballard
ballardr@att.net

More about : hijacked browser

March 30, 2005 11:20:10 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I use the following steps to get rid of spyware and they work for me. All
these programs are free. Do a "Google" to find them.

Download and install the latest version of:
Lavasoft's AdAware
Spybot Search and Destroy
CWShredder
HijackThis
Spyware Blaster
Microsoft AntiSpyware
McAfee's Stinger
Download and install the latest definition files for the above (except for
CWShredder and HijackThis which should be the latest versions).
Download and install the latest definition files for your anti-virus
program.
Disable System Restore.
Navigate to C:\Windows\Prefetch
Delete all files in the Prefetch folder. Don't delete the folder itself.
Delete all cached files in IE.
Run disk Cleanup. Check all items in options blocks and run.
Make sure the Recycle bin is empty.
Restart in Safe Mode.
Run all of the above programs (including anti-virus) one by one. Use care
with HijackThis.
Run them all again until they show no infection or malware.
Restart in normal mode and see if all is OK.
Enable System Restore.

Run these programs on a regular basis.

Good luck, let us know.

Fitz

"Dick Ballard" <ballardr@att.net> wrote in message
news:vtpl41tbpqcqok7ffok03c9dkkrsn47lk7@4ax.com...
> My IE has been hijacked by a web site I visited. My home page was
> changed, my search engine has been changed, and items were added to my
> favorites. I am able to get all of these things back to normal, but
> when I restart IE the junk is all back. Same if I reboot.
>
> Additionally, there is a (bogus?) Windows Firewall look alike icon in
> the system notification area with a hover note that "your computer may
> be at risk". A balloon there wanted me to click on it, but I am
> suspicious that this too is part of the spyware/adware that I caught.
> There is also a periodic warning notification that appears with pretty
> much the same message. It goes to an "MSN" site explaining
> adware/spyware, but it also appears bogus because of the way the links
> behave.
>
> What is the best tool to get rid of this stuff? Are there known files
> that I can find and dump? Has IE itself been altered or is it just
> being pointed to the adware data for the alterations?
>
> Dick Ballard
> ballardr@att.net
Anonymous
March 31, 2005 12:58:39 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

What do you mean by "use care" with HijackThis?

Does "cached files" in IE mean "Temporary Internet Files" under
Internet Options?

Dick Ballard
ballardr@att.net


On Wed, 30 Mar 2005 19:20:10 GMT, "Fitz" <linc007@hotmail.com> wrote:

>I use the following steps to get rid of spyware and they work for me. All
>these programs are free. Do a "Google" to find them.
>
>Download and install the latest version of:
> Lavasoft's AdAware
> Spybot Search and Destroy
> CWShredder
> HijackThis
> Spyware Blaster
> Microsoft AntiSpyware
> McAfee's Stinger
>Download and install the latest definition files for the above (except for
>CWShredder and HijackThis which should be the latest versions).
>Download and install the latest definition files for your anti-virus
>program.
>Disable System Restore.
>Navigate to C:\Windows\Prefetch
>Delete all files in the Prefetch folder. Don't delete the folder itself.
>Delete all cached files in IE.
>Run disk Cleanup. Check all items in options blocks and run.
>Make sure the Recycle bin is empty.
>Restart in Safe Mode.
>Run all of the above programs (including anti-virus) one by one. Use care
>with HijackThis.
>Run them all again until they show no infection or malware.
>Restart in normal mode and see if all is OK.
>Enable System Restore.
>
>Run these programs on a regular basis.
>
>Good luck, let us know.
>
>Fitz
>
>"Dick Ballard" <ballardr@att.net> wrote in message
>news:vtpl41tbpqcqok7ffok03c9dkkrsn47lk7@4ax.com...
>> My IE has been hijacked by a web site I visited. My home page was
>> changed, my search engine has been changed, and items were added to my
>> favorites. I am able to get all of these things back to normal, but
>> when I restart IE the junk is all back. Same if I reboot.
>>
>> Additionally, there is a (bogus?) Windows Firewall look alike icon in
>> the system notification area with a hover note that "your computer may
>> be at risk". A balloon there wanted me to click on it, but I am
>> suspicious that this too is part of the spyware/adware that I caught.
>> There is also a periodic warning notification that appears with pretty
>> much the same message. It goes to an "MSN" site explaining
>> adware/spyware, but it also appears bogus because of the way the links
>> behave.
>>
>> What is the best tool to get rid of this stuff? Are there known files
>> that I can find and dump? Has IE itself been altered or is it just
>> being pointed to the adware data for the alterations?
>>
>> Dick Ballard
>> ballardr@att.net
>
March 31, 2005 8:12:58 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Yes, by cached files I mean your temp internet files.

When using HijackThis, carefully examine each entry that is displayed to
determine what it is. You'll likely have many entries. Look at each one to
see if something in it rings a bell, e.g. "Adobe". Adobe is a legitimate
program as is Paperport, Logitech, NeroCheck, QuickTime. If you recognize
the program as legit, ignore it. If you don't recognize it, go to the
directory it's installed in and see if it's familiar. If it's still not
familiar, do a Google on the suspect entry to see what info is available.


"Dick Ballard" <ballardr@att.net> wrote in message
news:ke4m41912emipvalck1urla9u4oifrcgp7@4ax.com...
> What do you mean by "use care" with HijackThis?
>
> Does "cached files" in IE mean "Temporary Internet Files" under
> Internet Options?
>
> Dick Ballard
> ballardr@att.net
>
>
> On Wed, 30 Mar 2005 19:20:10 GMT, "Fitz" <linc007@hotmail.com> wrote:
>
>>I use the following steps to get rid of spyware and they work for me. All
>>these programs are free. Do a "Google" to find them.
>>
>>Download and install the latest version of:
>> Lavasoft's AdAware
>> Spybot Search and Destroy
>> CWShredder
>> HijackThis
>> Spyware Blaster
>> Microsoft AntiSpyware
>> McAfee's Stinger
>>Download and install the latest definition files for the above (except for
>>CWShredder and HijackThis which should be the latest versions).
>>Download and install the latest definition files for your anti-virus
>>program.
>>Disable System Restore.
>>Navigate to C:\Windows\Prefetch
>>Delete all files in the Prefetch folder. Don't delete the folder itself.
>>Delete all cached files in IE.
>>Run disk Cleanup. Check all items in options blocks and run.
>>Make sure the Recycle bin is empty.
>>Restart in Safe Mode.
>>Run all of the above programs (including anti-virus) one by one. Use care
>>with HijackThis.
>>Run them all again until they show no infection or malware.
>>Restart in normal mode and see if all is OK.
>>Enable System Restore.
>>
>>Run these programs on a regular basis.
>>
>>Good luck, let us know.
>>
>>Fitz
>>
>>"Dick Ballard" <ballardr@att.net> wrote in message
>>news:vtpl41tbpqcqok7ffok03c9dkkrsn47lk7@4ax.com...
>>> My IE has been hijacked by a web site I visited. My home page was
>>> changed, my search engine has been changed, and items were added to my
>>> favorites. I am able to get all of these things back to normal, but
>>> when I restart IE the junk is all back. Same if I reboot.
>>>
>>> Additionally, there is a (bogus?) Windows Firewall look alike icon in
>>> the system notification area with a hover note that "your computer may
>>> be at risk". A balloon there wanted me to click on it, but I am
>>> suspicious that this too is part of the spyware/adware that I caught.
>>> There is also a periodic warning notification that appears with pretty
>>> much the same message. It goes to an "MSN" site explaining
>>> adware/spyware, but it also appears bogus because of the way the links
>>> behave.
>>>
>>> What is the best tool to get rid of this stuff? Are there known files
>>> that I can find and dump? Has IE itself been altered or is it just
>>> being pointed to the adware data for the alterations?
>>>
>>> Dick Ballard
>>> ballardr@att.net
>>
>
!