bROWSER HIHACKS
 

Damn stuff never ends. I'm getting hijacked on my home pc. Click links and goes to other sites.

What's the best free thing out there now? I'm using avira antivirus and nothing in there is stopping this bs :smash:

I use ghostery in my browser,
malwarebytes, spybot, CCleaner, regcleaner, Symantec Anti-virus.

I can still get clapped, I need some av for my non-outlook email client.

When it comes to the internet you can't get enough protection.

i will agree with striperman, but i will not agree with non experienced people using ccleaner and regcleaner. windows clean up is a better alternarive imo. there is a program called hijack this that is great for these problems but its a bit advancedm however u can have the log file reviewedon the inet for free. if all else failes got to bleeping computer .com and look for combofix. its prob the single most powerful tool on the market. download run in safe mode and clean up with the rest. but that is just my 2.5 cents
Posted from my iPhone/Mobile device

Combofix installed and uninstalled as it is incompatible with most AV's including Symantec and Proventia.

I'm an old Com developer I've hacked my way out many a broken registry, but do back it up first.

I've always seen CCleaner as being pretty benign when just cleaning up your browser caches.

its the extra option in ccleaner that can be dangerous. as far as combofix that is why i run it in save mode. it will be fine with his antivirus. i would never again in my life install a symantic product on a machine.
Posted from my iPhone/Mobile device

If I had a choice I wouldn't either.
I got friggin Bit9 on this too and it really beetches about removing stuff like that.

I just installed combofix and it was beetchin.
I don't use that extra registry option on CCleaner

If you use Firefox, download NoScript. Most browser hijacks are implanted with javascript. NoScript prevents javascript from executing and can protect you from most issues.

Read an article a few days ago... something like 98% of browser hijacks initiate from scumbags exploiting legitimate websites. Frequently, the malware is injected into the AdServer and any website that utilizes that advertising company is now vulnerable.

Long gone are the days when all you had to do was avoid shady porn websites and you'd be safe.


If you really want to put up a heavy layer of protection, check out Sandboxie - Sandbox software for application isolation and secure Web browsing. It creates a virtual "Sandbox" on your hard drive for programs to "play" in. The programs can't install, edit or delete any files outside of the "Sandbox". Then when you close the browser, everything in the sandbox is deleted. It's not perfect, but pretty damn close to it. Only a matter of time before the feature is directly incorporated into web browsers.

Chrome has a similar feature built-in but you're right Mr. D. most hacks are exploits of existing sites, i.e. the Facebook, Like hack.

did you install it in safe mode? and what anti virus was it crying about, i general tend to ignor that warning if i am in safe mode of i disable the services. I have however recently stumbled upon a root kit that will not allow you to disable or remove your anyvirus, it embeds itself in the " regedit.exe" file, ironicly just rename it and move over a cleanone will fix alot, it pooches permissions.

ok i downloaded no script.

Before I click anything here...is this site legit.

Removal looks like it could be a spoof site

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5469

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/6/2011 7:34:46 AM
mbam-log-2011-01-06 (07-34-46).txt

Scan type: Quick scan
Objects scanned: 241715
Time elapsed: 25 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SO WTF :smash:

It didn't give me a chance to do that. it fragged some of my GFE software too. VMPlayer.

Booger - do a FULL SCAN with the latest updates, not a quick scan.

Tnx bossman will do that now.

or do an advanced search for all files modified or created on a specific day

3 hours in on a full scan and still nada.

Now, download and run Prevx CSI

Also, go to your web browser and restore settings to default

It's still going 4.5 hours now

CSI oh boy what you getting me into

probably find dead bodies in my shop tomorrow

did u try and chage your home page ? are u using firefox and IE? if it opens in both your host file maybe modified.
Posted from my iPhone/Mobile device

scan just finished with nothing found. I know there's something there because every time I click on a google link it's a crapshoot what site comes up.

SKIPPY GUESS WHAT I FOUND TODAY

Booger is a tech moron. Don't go to that site again.

If all else fails reload OS.
Posted from my iPhone/Mobile device

I'm no expert, but it sounds like a worm. I had one that redirected my browsing to some obscure site, constantly. Did you try System Restore? It might work, taking your OS back to an earlier date.

can you bring it to the shop Sunday i will fix it in 1/2 hour

possibilities are endless

:rotf2::rotf2::rotf2::rotf2::rotf2::rotf2::rotf2:: rotf2::rotf2::rotf2::rotf2::rotf2::rotf2:

Skippy this is the machine with the os on two disks

If you can fix that in a 1/2 hour I will make an appt for you for a sweaty hummer from bar rafaeli :rotf2:

THE MISSING DISCS

I told you to blow that up 3 years ago and use a clean slate, new machine, with the system padlocked and you removed from administrative rights.

Someone pointed to Sandboxie above - I think Booger 2.2 should be run in the Sandbox to protect the computer ;)

I've been told I don't play well in the sandbox

:hee:

You in the sandbox is designed to protect the other kids, or in this case, your computer. :devil2::buds:

yea I am starting to think seriously about building another box. Just dreading taking all the stuff off here and transferring though.

ugh.

Before you build, list what you want and need it to do, and what you are looking for and what level of redundancy. Reason I say this is that a few us intervening (in a good way) early might stop you from going Frankenstein on it. Probably no different results that you'll notice but sure as #&@^# safer for the rest of us :tooth:

Seriously, I'm sure we could come up with a straight forward way of doing (say Dell or HP with Intel RAID1), Acronis or Storagecraft backup, yada, etc, yada

DOOD you could have just said I like wearing pink tutu's and frilly boots and it would mean the same to me in nerd speak :rotf2:

First i would try to restore to an ealier date. If that doesn't work , Kaspersky or Dr Web rescue disc will get it. Both have free downloads of the continuously updated .ISO file and then you use it to burn the drive image and create the bootable rescue disc. All free. I have had my search corrupted before and a restore fixed it. I have also had some where I needed to run the boot drive anti virus.

Absolutely no where is safe anymore. I once got a virus from a site that showed the names , numbers etc for Lawyers in NJ. I also got one once when looking up old Irish sayings on sites on St Patricks Day.

Its a jungle out there!! :)

Oh , BTW , after I set up my system , I clone the C drive. I then unplug the original and run my system off the cloned drive. Anything that gets me so bad the rescue discs won't fix , I simply F disc , reformat and clone the drive again from the original. To make this successful I also backup my email and other important files etc on a second hard drive which is a removeable USB drive.

In a disater , reclone from ground zero, unplug the original drive ahain, copy the files I backed up from the removeable USB and I'm back in action..

Oh, BTW , the Kaspersky also has an isolated environment to use while surfing similar to the "Sandbox" JD described. I don't like it as it seems to really slow things down.

ok it just did it again.

I was on google's home page, searched "waterman pen"

top link was waterman.com

it took me to:

Waterman Pens | Lowest US Prices | Buy Waterman Pens at DealParty.com

If I go back on the google page and right click the link I get this url:

Waterman : fine writing and luxury pen collections

I have the script blocker on...didn't do anything..

now any time I click the link again even if I reload it I get the real waterman site....

I'm not the only one...

MalWare Removal • View topic - Search Engine Browser Hijack/Redirect

http://www.bleepingcomputer.com/forums/topic336314.html