Re: Home page hijacked Plus+++

From: Doc (anonymous_at_discussions.microsoft.com)
Date: 05/26/04 

Date: Tue, 25 May 2004 18:33:58 -0700

>-----Original Message-----
>On Fri, 21 May 2004 12:51:04 -0700, Doc
<*email_address_deleted*> wrote:
>
>>Home page is hijacked and "Tools..Current:" settings do
not resolve. Ad-Ware, Anti-Virus or Firewall will not
download. Spybot installed but unable to
destroy "Webdialer" corruption. Outlook Express also
infected. All settings enabled. Windows 98 IE 5.
>>
>>What am I dealing with?. Thanks Doc
>
>Doc,
>
>Focus on removing the problem - once it's gone, it will
be a lot easier to
>decide what it was.
>
>Try these free online virus scans, hopefully not all
sites should be blocked:
><http://www.bitdefender.com/scan/license.php>
><http://www.pandasoftware.com/activescan/com/activescan_pr
incipal.htm>
><http://security.symantec.com/ssc/home.asp>
><http://housecall.trendmicro.com/housecall/start_corp.asp>
>
>Download McAfee Stinger, available at:
>http://download.nai.com/products/mcafee-avert/stinger.exe
>If necessary, download Stinger onto a clean computer, and
copy it to a floppy or
>other removable media.
>
>Now check for, and learn to defend against, additional
carriers of infection.
>Have you downloaded these programs before? Download them
again, as many are
>revised frequently, to keep up with the current level of
malware being attempted
>constantly - get the absolutely most current version of
each product listed.
>They're all free - and most pretty small, so they
download quickly enough.
>
>First, download LSP-Fix and WinsockXPFIx from
<http://www.cexx.org/lspfix.htm>,
>and CWShredder from
<http://www.majorgeeks.com/download4086.html>. All are
>free.
>
>Next, close all Internet Explorer and Outlook windows,
then run CWShredder.
>Have it fix all variants.
>
>Now check for, and remove, spyware. Get HijackThis
><http://www.majorgeeks.com/download.php?det=3155> and
Spybot S&D
><http://www.safer-networking.org/index.php?
page=download>. Both free.
>1) Install and run Spybot. First update it ("Search for
updates"), then run a
>scan ("Check for problems"). Trust Spybot, and make all
recommended deletions.
>2) Install and run HijackThis. Do NOT make any changes
immediately. Save the
>HJT Log.
>3) Have your HJT log interpreted by experts at one or
more of the following
>forums (and post it here):
><http://forums.net-integration.net/>
><http://www.spywareinfo.com/forums/>
><http://forums.tomcoyote.org/>
><http://www.wilderssecurity.com/>
>
>If removal of any spyware affects your ability to access
the internet (some
>spyware builds itself into the network software, and its
removal may damage your
>network), run LSP-Fix and / or WinsockXPFIx.
>
>Finally, improve your chances for the future.
>
>Harden your browser. There are various websites which
will check for
>vulnerabilities, here are three which I use.
>http://www.jasons-toolbox.com/BrowserSecurity/
>http://bcheck.scanit.be/bcheck/
>https://testzone.secunia.com/browser_checker/
>
>Harden your operating system. Check at least monthly for
security updates.
>http://windowsupdate.microsoft.com/
>
>Block possibly dangerous websites with a Hosts file.
Three Hosts file sources I
>use:
>http://www.accs-net.com/hosts/get_hosts.html
>http://www.mvps.org/winhelp2002/hosts.htm
>(The third is included, and updated, with Spybot (see
above)).
>
>Maintain your Hosts file with:
>eDexter <http://www.accs-net.com/hosts/get_hosts.html>
>Hostess <http://accs-net.com/hostess/>
>
>Finally, Doc, please don't contribute to the success of
email address mining
>viruses. Learn to munge your email address properly, to
keep yourself a bit
>safer when posting to open forums. Protect yourself and
the rest of the
>internet - never post your address unmunged.
>http://www.mailmsg.com/SPAM_munging.htm
>
>Cheers,
>Chuck
>Paranoia comes from experience - and is not necessarily a
bad thing.
>.
>Great advise. Followed all instructions as well as
updating IE5 to IE6.Ran CWShredder, spybot, Stinger,
bitdefender, and "hijackthis"log below. Home page still
hijacked with same substitute page also appearing on email
when "REPLY" button is engaged. "illegal operation" pops
up continually on many new web pages.

Quantcast