Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

hijack

1 view
Skip to first unread message

SP_1

unread,
Jun 1, 2007, 4:29:13 PM6/1/07
to
Hi

Problem: I'm having a strange situation that I'm not sure how to diagnose
it; although, I would think it to be some kind of webpage hijacking.
Meaning, when I go to Google and search for something, say, 'honolulu'.
Many results would then come back - among which would be the website of the
City and County of Honolulu. When I clicked on the city website, I was
directed to some other search sites or to eBay, etc.

What I did: I tried to scan for virus, but no virus showed up.

Current solution: I also changed the user type of my username from
Administrator to Limited. That immediately stopped the problem. I was no
longer redirected.

Help: Beside saving all my files and do a clean install of Windows XP Home
to wipe out my laptop, I would appreciate if you could suggest something to
save me the trouble.

Thanks
Steve


PA Bear

unread,
Jun 1, 2007, 4:53:33 PM6/1/07
to
Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin; DTS-L.org

SP_1

unread,
Jun 1, 2007, 5:51:57 PM6/1/07
to
Thank you for the detailed instructions. I will keep you posted of any
result.

Steve

"PA Bear" <PABe...@gmail.com> wrote in message
news:uJhJ37Ip...@TK2MSFTNGP05.phx.gbl...

Gerald309

unread,
Jun 2, 2007, 3:25:58 PM6/2/07
to

=============================/.
Apparently you do not have any antispyware protection. What you were
not told yet is that these type infections - browser hijacker - are so
hum drum and easily removed by any reputible antispyware software
program. You need not perform anything as elaborate as the HiJackThis
Logs. The HiJackThis Utility is NOT an antispyware program and can
cause damage to your computer.

You will want to consider purchasing an antispyware program activating
real time protection that will block this type installation. The top
three for years have been Trend Micro Antispyware, Webroot Spysweeper,
and CounterSpy.

In the mean time you can install these free home versions for
immediate removal. Install one or all and update the definitions and
run a full scan. Delete what are known threats and quarantine anything
you are not sure of. If some software is not operating properly -
return to the quaratine folder and restore an item. Note the names of
the software and the quarantined infection. It is rare to get a "false
positive".

Ad-Aware [working-freeware, personal use - and premium version]
http://www.lavasoftusa.com/software/adaware/
Ad-Aware Personal provides advanced protection from known data-mining,
aggressive advertising, Trojans, dialers, malware, browser hijackers,
and tracking components. This software is downloadable free of charge
for personal use.
Microsoft AntiSpyware is now Windows Defender [working-freeware from
Microsoft] http://www.microsoft.com/athome/security/spyware/software/default.mspx
Windows Defender is a free program that helps protect your computer
against pop-ups, slow performance, and security threats caused by
spyware and other unwanted software. It features Real-Time Protection,
a monitoring system that recommends actions against spyware when it's
detected, and a new streamlined interface that minimizes interruptions
and helps you stay productive.

SUPERAntiSpyware [working-freeware, and premium version]
http://www.superantispyware.com
SUPERAntiSpyware scans your computer for known Spyware, Adware,
Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers and many other
types of threats, and allows you to remove or quarantine them. It
offers daily (manual) definition updates, as well as home page hijack
protection and customizable scan options. Furthermore, the program
includes a Repair feature that allows you to restore various settings
which are often changed by malware programs, but usually not corrected
by simply removing the parasite. The free version lacks real-time
blocking and protection as well as several other advanced options.

a-squared trojan remover (Free Working Version for life and Proactive
Premium Version)
http://www.emsisoft.com/en/software/free/
a-squared (a-squared) is a complementary product to antivirus software
and desktop firewalls on MS Windows computers. Antivirus software
specializes in detecting classic viruses. Many available products have
weaknesses in detecting other malicious software (Malware) like
Trojans, Dialers, Worms and Spyware (Adware). a-squared fills the gap
that malware writers exploit. Automatic updates: In a-squared Free the
updater must be run manually. The auto-update feature of a-squared
Personal checks hourly for new available updates and installs them
automatically. a-squared Free is freeware! You can download and use it
completely for free. You are also allowed to distribute it to third
parties. To be able to use it, you only must set up a free a-squared
Account, to get access to the update server. (Note you register by
simple sign up to activate definitions downloads free).

MORE INFORMATION:
Threats FAQ:
http://www.bluecollarpc.net/threatsfaq.html

Page hijacking
http://en.wikipedia.org/wiki/Page_hijacking
CastleCops - CLSID / BHO List / Toolbar Master List http://castlecops.com/bhonew.html
(Browser Toolbar Hijackers install an Active X in the Registry and are
called BHO - Browser Help Objects).
Browser Hijacker
http://www.bleepingcomputer.com/forums/index.php?showtutorial=41
Browser Heklp Objects (BHO)
http://www.pestpatrol.com/collateral.aspx?cid=64232
Browser Hi-Jackers (BHO Browser Helper Object)
http://en.wikipedia.org/wiki/Browser_Helper_Object

....and quit listening to a**holes preaching a miracle cure with
HiJackThis for your own PC Health. NEVER click "fix this" buttons with
HiJackThis or Spybot Search and Destroy Utilities.

Gerald309

unread,
Jun 2, 2007, 3:42:36 PM6/2/07
to
> Premium Version)http://www.emsisoft.com/en/software/free/

> a-squared (a-squared) is a complementary product to antivirus software
> and desktop firewalls on MS Windows computers. Antivirus software
> specializes in detecting classic viruses. Many available products have
> weaknesses in detecting other malicious software (Malware) like
> Trojans, Dialers, Worms and Spyware (Adware). a-squared fills the gap
> that malware writers exploit. Automatic updates: In a-squared Free the
> updater must be run manually. The auto-update feature of a-squared
> Personal checks hourly for new available updates and installs them
> automatically. a-squared Free is freeware! You can download and use it
> completely for free. You are also allowed to distribute it to third
> parties. To be able to use it, you only must set up a free a-squared
> Account, to get access to the update server. (Note you register by
> simple sign up to activate definitions downloads free).
>
> MORE INFORMATION:
> Threats FAQ:http://www.bluecollarpc.net/threatsfaq.html
>
> Page hijackinghttp://en.wikipedia.org/wiki/Page_hijacking
> CastleCops - CLSID / BHO List / Toolbar Master Listhttp://castlecops.com/bhonew.html

> (Browser Toolbar Hijackers install an Active X in the Registry and are
> called BHO - Browser Help Objects).
> Browser Hijacker
> http://www.bleepingcomputer.com/forums/index.php?showtutorial=41
> Browser Heklp Objects (BHO)http://www.pestpatrol.com/collateral.aspx?cid=64232
> Browser Hi-Jackers (BHO Browser Helper Object)http://en.wikipedia.org/wiki/Browser_Helper_Object

>
> ....and quit listening to a**holes preaching a miracle cure with
> HiJackThis for your own PC Health. NEVER click "fix this" buttons with
> HiJackThis or Spybot Search and Destroy Utilities.- Hide quoted text -
>
> - Show quoted text -

========================/.

PS .... Diagnosis is probably that your default "Search Assistant" has
been changed by a browser hijacker or other simple malware
installation or drive-by settings change.

If it was a "Joke Program" then this was kind of a hit and run drive
by installation in temporary files and is deleted in the next reboot
of the computer or start up.
Certain Joke Programs do all kinds of things as a joke - kind of
showing off for 'bragging rights' about some programming snippet. This
can include animation or coler changes of the mouse cursor a lot of
times. Performing a Syustem Restore generally cures this temporary
installation if a reboot does not. Here, I would lend to a little more
of a serious threat as a hijacker becasue it is definately interfering
with your use of search engines.

There is a "Page HiJacking" threat mentioned above that does not
appear to be the infection. Apparently while performing a search you
are suddenly being re-directed unexpectedly.

It may well be that this paticualar website is performing this for
cash support. You can search "click thru fraud" for other problems
there. You did not mention that your apparent hijacking problem is at
all searches or just the one website.

If it was just the one website, it is purposely engineered to do that
at their site and not an infection - though at the redirect sites you
may encounter infection such as adware.

How do I compare to your results at some "pro" hi jack this forum ?
I'll bet you did not get this type information and if you donated -
don't you feel like a real fool right now ?

Drop a line.

webmaster www.BlueCollarPC.Net
a Community Website.

Gerald309

unread,
Jun 2, 2007, 4:00:21 PM6/2/07
to
> a Community Website.- Hide quoted text -

>
> - Show quoted text -

===========================/.

PSS.... View this screenshot of avtive shields in paid subscription
antispyware activating real time protection:

ACTIVE SHIELDS
http://www.bluecollarpc.org/

Take a look at the following snapshot to see what protection you get
from paid subscription antispyware:


Webroot Spysweeper shields screenshot:
http://bluecollarpc.net/coppermine-photos/albums/userpics/10001/WebrootShields_SnapshotCopy.jpg

When purchasing antispyware software - make sure everything you see
there is included features in your choice, or otherwise you are
obviously getting ripped off. Trend Micro Antispyware also has these
same protections and a little more - as if that could be even possible


These shields protect hijacking and changing your default Search
Assistant (Default Search Engine) automatically.

Microsoft Windows Defender is the only free program with real time
portection and antispyware shields. Do not purchase antispyware
without these features or you just got ripped off for a basic scanner
- which are free.

webmaster www.BlueCollarPC.Org

0 new messages