Re: adblocker hijacked, I think
From: sponge (yosponge_at_yahoo.com)
Date: 01/20/04
- Previous message: \: "Re: Blocking Ports 137 to 139"
- In reply to: Big Will: "adblocker hijacked, I think"
- Next in thread: NeoSadist: "Re: adblocker hijacked, I think"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 19 Jan 2004 20:39:51 -0800
On Mon, 19 Jan 2004 15:53:27 -0800, "Big Will"
<SpamWSpamiSpamlSpamlSpamBSpam4SpameSpamvSpaaaaameSpammityrSpam@nIdontlikeSpametzero.net>
wrote:
>Hi guys. I'm wondering if anyone has run into this problem before,
and
>might have a solution. For the record, I also have posted this on a
>computercops.biz forum, and will hopefully have a response from them
or one
>of you soon. I have NIS 2003, and have been impressed with the
adblocking
>for about a year. Last year, however, something was blocking the
adblocker.
>C:\Documents and Settings\William Whitehead\Local
Settings\Temp\Temporary
>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
>http://home.peoplepc.com/homepage/search/
>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
>http://home.peoplepc.com/homepage
Looks like you were infected with the PeoplePC. These are the same
folks, IIRC, who made the "pop-up blocker" used by Earthlnik. This is
your most likely culprit. Remove any ISP-provided software,
particularly any pop-up blocker and install one by someone else. I
recommend Proxomitron.
>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
=
>http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft
>Internet Explorer provided by Compaq
>N2 - Netscape 6: user_pref("browser.startup.homepage",
>"http://www.mozilla.org/start/"); (C:\Documents and Settings\William
You're smarter than the average bear, using Mozilla. As long as you do
not use IE except for updates, you're pretty safe against future
stuff. However, I would not use my real last name in any browser
setup; I see yours in a number of Registry keys and your Mozilla
folder.
>O2 - BHO: Citi Virtual Account Numbers Browser Helper Object -
>{E8C0F153-B768-4e68-B14F-40F0E8531675} -
C:\WINDOWS\System32\BhoCiti.dll
Thiis makes me real nervous! Probably not related to your problem, but
IE is the single biggest security risk on any Windows system!
>O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
>Files\Real\Update_OB\realsched.exe -osboot
Get rid of this. Probably not related to your problem, but
RealPlayer/RealONE/RealJukebox is spyware nonetheless.
>O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR
Client
>Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
>O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI
Registry
>Information Class) -
>http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
>O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) -
>http://kr.pristontale.com/nprotect/nprotect/npx.cab
These two may be a part of DRM schemes. Can cause problems though not
likely, but I'm not familiar with what the latter even does.
Chaincast has been reported to cause a lot of problems. There's some
debate as to whether it's spyware, too, although I have not had the
chance to analyze it. I'd dump it. I believe it does cause conflicts
and may be responsible for that's happening to you.
Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 att yahoo dott com
- Previous message: \: "Re: Blocking Ports 137 to 139"
- In reply to: Big Will: "adblocker hijacked, I think"
- Next in thread: NeoSadist: "Re: adblocker hijacked, I think"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
