Re: Toolbar Hijacking attempt in progress



I didn't see anything that didn't belong under MSConfig nor did anything
look wrong in netstat. I uninstalled Spybot Search and destroy, re-booted
and then re-installed it. Voila! No more loop and the problem seems to be
gone. I think Spybot had successfully blocked the attack and just got stuck
in a portion of the deletion. Google Toolbar was gone, but I reinstalled
that too.

Thank you for all the help! I appreciate it.
Allan

"Allan Waghalter" <awaghalter@xxxxxxxxxxx> wrote in message
news:ZNlMf.1764$tu.897@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I am not as experienced as most of you so bear with me. I turned off my
modem and my router an re-booted. I get the same thing:
"Registry change denied! Registry denied change of 2318CB1=4965-11d4
9818-009027 AF CD4F (category global browser toolbar) based on your
blacklist). That tells me the attack is from a file that has already been
downloaded to my machine and not from an open outside port. Am I correct?

How do I check for open ports?
What do you think of my exporting the current registry, turning off Spybot
and allow the hijacking to take place and then import the saved registry
back?
Thanks for your help!
Allan

It is in a loop and keeps recycling itself. This has gone on now for
three days so it shows no signs of timing out.
"donnie" <donnie@xxxxxxxxxxxxx> wrote in message
news:bom102p9phejg2sc5vg90i2s8ipnhm71if@xxxxxxxxxx
On Sat, 25 Feb 2006 21:18:52 GMT, "Allan Waghalter"
<awaghalter@xxxxxxxxxxx> wrote:

Spybot search and destroy is preventing an attempted hijack of my google
toolbar and/or home page. Because I told Spybot search and destroy to
remember that I didn't want the global browser toolbar @
2318CB1=4965-11d4
9818-009027 AF CD4F changed, it in a loop trying to make the change. I
assume that if I uninstall Spybot the infiltrator will go ahead and
change
the toolbar. It may then be difficult to get their stuff off as it is so
persistent in wanting on. Can anyone advise me what to do?
Thanks,
Allan

##########################################
Are you sure that the attempt to change it is from the outside and not
somehing that's already loaded on your PC? I didn't know that spybot
had that option but I'll look for it. In any event, I would port scan
my PC to see what ports are opened.




.