Re: Toolbar Hijacking attempt in progress



I didn't see anything that didn't belong under MSConfig nor did anything
look wrong in netstat. I uninstalled Spybot Search and destroy, re-booted
and then re-installed it. Voila! No more loop and the problem seems to be
gone. I think Spybot had successfully blocked the attack and just got stuck
in a portion of the deletion. Google Toolbar was gone, but I reinstalled
that too.

Thank you for all the help! I appreciate it.
Allan

"Allan Waghalter" <awaghalter@xxxxxxxxxxx> wrote in message
news:ZNlMf.1764$tu.897@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I am not as experienced as most of you so bear with me. I turned off my
modem and my router an re-booted. I get the same thing:
"Registry change denied! Registry denied change of 2318CB1=4965-11d4
9818-009027 AF CD4F (category global browser toolbar) based on your
blacklist). That tells me the attack is from a file that has already been
downloaded to my machine and not from an open outside port. Am I correct?

How do I check for open ports?
What do you think of my exporting the current registry, turning off Spybot
and allow the hijacking to take place and then import the saved registry
back?
Thanks for your help!
Allan

It is in a loop and keeps recycling itself. This has gone on now for
three days so it shows no signs of timing out.
"donnie" <donnie@xxxxxxxxxxxxx> wrote in message
news:bom102p9phejg2sc5vg90i2s8ipnhm71if@xxxxxxxxxx
On Sat, 25 Feb 2006 21:18:52 GMT, "Allan Waghalter"
<awaghalter@xxxxxxxxxxx> wrote:

Spybot search and destroy is preventing an attempted hijack of my google
toolbar and/or home page. Because I told Spybot search and destroy to
remember that I didn't want the global browser toolbar @
2318CB1=4965-11d4
9818-009027 AF CD4F changed, it in a loop trying to make the change. I
assume that if I uninstall Spybot the infiltrator will go ahead and
change
the toolbar. It may then be difficult to get their stuff off as it is so
persistent in wanting on. Can anyone advise me what to do?
Thanks,
Allan

##########################################
Are you sure that the attempt to change it is from the outside and not
somehing that's already loaded on your PC? I didn't know that spybot
had that option but I'll look for it. In any event, I would port scan
my PC to see what ports are opened.




.



Relevant Pages

  • Re: Toolbar Hijacking attempt in progress
    ... "Registry change denied! ... downloaded to my machine and not from an open outside port. ... What do you think of my exporting the current registry, turning off Spybot ... toolbar and/or home page. ...
    (alt.computer.security)
  • Re: Toolbar Hijacking attempt in progress
    ... I think Spybot had successfully blocked the attack and just got ... "Registry change denied! ... downloaded to my machine and not from an open outside port. ... It is in a loop and keeps recycling itself. ...
    (alt.computer.security)
  • Re: help with spyware needed please
    ... Why dont you want to install something like spybot? ... Otherwise..know your registry. ... Most hide in the run section, and and the toolbar ... spybot is free and good. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Toolbar Hijacking attempt in progress
    ... toolbar and/or home page. ... Because I told Spybot search and destroy to ... remember that I didn't want the global browser toolbar @ 2318CB1=4965-11d4 ... In any event, I would port scan ...
    (alt.computer.security)
  • Re: Listening To Ports
    ... I use both Spybot and Adaware and usually run them every other day to check ... I have not figured out what is going on with port 1025 since a search ... John Elsbury wrote: ...
    (comp.security.misc)