Re: Home page hijacked Plus+++

From: Chuck (none_at_example.net)
Date: 05/21/04

• Next message: Jurren Bouman: "Re: scumware"
• Previous message: DenoxiS: "Re: cannot delete 8w32util.dll - access denied"
• In reply to: Doc: "Home page hijacked Plus+++"
• Next in thread: Doc: "Re: Home page hijacked Plus+++"
• Reply: Doc: "Re: Home page hijacked Plus+++"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 21 May 2004 16:47:07 -0500

On Fri, 21 May 2004 12:51:04 -0700, Doc <*email_address_deleted*> wrote:

>Home page is hijacked and "Tools..Current:" settings do not resolve. Ad-Ware, Anti-Virus or Firewall will not download. Spybot installed but unable to destroy "Webdialer" corruption. Outlook Express also infected. All settings enabled. Windows 98 IE 5.
>
>What am I dealing with?. Thanks Doc

Doc,

Focus on removing the problem - once it's gone, it will be a lot easier to
decide what it was.

Try these free online virus scans, hopefully not all sites should be blocked:
<http://www.bitdefender.com/scan/license.php>
<http://www.pandasoftware.com/activescan/com/activescan_principal.htm>
<http://security.symantec.com/ssc/home.asp>
<http://housecall.trendmicro.com/housecall/start_corp.asp>

Download McAfee Stinger, available at:
http://download.nai.com/products/mcafee-avert/stinger.exe
If necessary, download Stinger onto a clean computer, and copy it to a floppy or
other removable media.

Now check for, and learn to defend against, additional carriers of infection.
Have you downloaded these programs before? Download them again, as many are
revised frequently, to keep up with the current level of malware being attempted
constantly - get the absolutely most current version of each product listed.
They're all free - and most pretty small, so they download quickly enough.

First, download LSP-Fix and WinsockXPFIx from <http://www.cexx.org/lspfix.htm>,
and CWShredder from <http://www.majorgeeks.com/download4086.html>. All are
free.

Next, close all Internet Explorer and Outlook windows, then run CWShredder.
Have it fix all variants.

Now check for, and remove, spyware. Get HijackThis
<http://www.majorgeeks.com/download.php?det=3155> and Spybot S&D
<http://www.safer-networking.org/index.php?page=download>. Both free.
1) Install and run Spybot. First update it ("Search for updates"), then run a
scan ("Check for problems"). Trust Spybot, and make all recommended deletions.
2) Install and run HijackThis. Do NOT make any changes immediately. Save the
HJT Log.
3) Have your HJT log interpreted by experts at one or more of the following
forums (and post it here):
<http://forums.net-integration.net/>
<http://www.spywareinfo.com/forums/>
<http://forums.tomcoyote.org/>
<http://www.wilderssecurity.com/>

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.

Finally, improve your chances for the future.

Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/

Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/

Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).

Maintain your Hosts file with:
eDexter <http://www.accs-net.com/hosts/get_hosts.html>
Hostess <http://accs-net.com/hostess/>

Finally, Doc, please don't contribute to the success of email address mining
viruses. Learn to munge your email address properly, to keep yourself a bit
safer when posting to open forums. Protect yourself and the rest of the
internet - never post your address unmunged.
http://www.mailmsg.com/SPAM_munging.htm

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

---

• Next message: Jurren Bouman: "Re: scumware"
• Previous message: DenoxiS: "Re: cannot delete 8w32util.dll - access denied"
• In reply to: Doc: "Home page hijacked Plus+++"
• Next in thread: Doc: "Re: Home page hijacked Plus+++"
• Reply: Doc: "Re: Home page hijacked Plus+++"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Cant send/rec e-mail - ?reinstall? ... Again, can use Internet OK, but can't update AdAware, ... SpyBot etc. (can't on ... scan shortly after seeking/installing updates (also ... > download updates. ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress) Re: internet / virus scan ... Try these free online virus scans, ... They're all free - and most pretty small, so they download quickly enough. ... Install and run Spybot. ... Block possibly dangerous websites with a Hosts file. ... (microsoft.public.windowsxp.help_and_support) Re: Download and Install does not complete ... AVG Free, Spybot - Search and Destroy, SpywareBlaster, Windows Firewall ... A Search of my computer didn't find any file called Systems events log or ... trying to do this download. ... (microsoft.public.windowsupdate) Re: cant get updates ... Next, download LSP-Fix from, and CWShredder ... Install and run Spybot. ... Install and run HijackThis. ... Block possibly dangerous websites with a Hosts file. ... (microsoft.public.windowsxp.general) Re: Cannot Load Web Pages ... >All of a sudden I cannot load any web pages at all. ... Then, download LSP-Fix from, and CWShredder ... Install and run Spybot. ... Block possibly dangerous websites with a Hosts file. ... (microsoft.public.windowsxp.help_and_support)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)