Re: Toolbar Hijacking attempt in progress

"Allan Waghalter" <awaghalter@xxxxxxxxxxx> wrote in message
I didn't see anything that didn't belong under MSConfig nor did anything
look wrong in netstat. I uninstalled Spybot Search and destroy, re-booted
and then re-installed it. Voila! No more loop and the problem seems to be
gone. I think Spybot had successfully blocked the attack and just got
stuck in a portion of the deletion. Google Toolbar was gone, but I
reinstalled that too.

Thank you for all the help! I appreciate it.

"Allan Waghalter" <awaghalter@xxxxxxxxxxx> wrote in message
I am not as experienced as most of you so bear with me. I turned off my
modem and my router an re-booted. I get the same thing:
"Registry change denied! Registry denied change of 2318CB1=4965-11d4
9818-009027 AF CD4F (category global browser toolbar) based on your
blacklist). That tells me the attack is from a file that has already been
downloaded to my machine and not from an open outside port. Am I

How do I check for open ports?
What do you think of my exporting the current registry, turning off
Spybot and allow the hijacking to take place and then import the saved
registry back?
Thanks for your help!

It is in a loop and keeps recycling itself. This has gone on now for
three days so it shows no signs of timing out.
"donnie" <donnie@xxxxxxxxxxxxx> wrote in message
On Sat, 25 Feb 2006 21:18:52 GMT, "Allan Waghalter"
<awaghalter@xxxxxxxxxxx> wrote:

Spybot search and destroy is preventing an attempted hijack of my google
toolbar and/or home page. Because I told Spybot search and destroy to
remember that I didn't want the global browser toolbar @
9818-009027 AF CD4F changed, it in a loop trying to make the change. I
assume that if I uninstall Spybot the infiltrator will go ahead and
the toolbar. It may then be difficult to get their stuff off as it is
persistent in wanting on. Can anyone advise me what to do?

Are you sure that the attempt to change it is from the outside and not
somehing that's already loaded on your PC? I didn't know that spybot
had that option but I'll look for it. In any event, I would port scan
my PC to see what ports are opened.

To get these type of reports you must have been using the tea timer option
which is like a process and registry live protection tool - In your system
tray you should see a window like icon with a pad lock on it, right click
that and then select settings, you are now viewing your black listed and
white listed items, they will enable you to fine tune what system changes
are allowed and those that are blocked.