Re: browser hacked... again



"Si Cottick" wrote:

On Fri, 01 Dec 2006 15:10:23 -0500, Ted Zieglar <teddy.z@xxxxxxxxxxxx>
wrote:

Best of luck to you.

Heh. No answer for the questions then? Or "whoops, I completely fooked
up my post and went off on a tangent"? Actually, I had been looking
for a GENUINE answer to my question, from someone able to answer
without spouting complete bollocks. So if anyone APART from Ted has
any ideas, I'd love to hear from you


Ted Zieglar
"Backup is a computer user's best friend."

Si Cottick wrote:
On Fri, 01 Dec 2006 13:55:06 -0500, Ted Zieglar <teddy.z@xxxxxxxxxxxx>
wrote:

Browser hijacking is indeed a crime - but so is allowing a computer to
be infected by malware, which is what you did. Where I work this can get
you fired, and many other companies are of like mind.

Because you don't know exactly what malware is on your computer - the
browser hijacker may be only the tip of the iceberg - you need to
contact your network administrator now, before your computer infects the
network. The network administrator has the tools to disinfect your
computer. Show contrition and you may be spared.

System Restore will not restore an infected restore point. You'll need
to remove all your restore points and start fresh - after your computer
is disinfected, which may not even be possible. Backup your (employer's)
data files now, in case you need to do a clean install.
---
Ted Zieglar
"Backup is a computer user's best friend."

You're making incorrect assumptions, Ted. I dont HAVE a network
administrator, and my company wont fire me for having the misfortune
to be infected. Also, as far as I'm aware, nowhere in the whole damn
world is it "illegal" to be a similarly unfortunate victim of a
malicious attack.

My laptop never gets to work, it lives here with me where I check my
email and write the occasional document. As for "being spared if I
show contrition", would you mind telling me what I did wrong? Turned
the f&%king thing on? My company chose the software setup of the
machine - seems like the tool they chose wasnt up to the job. But you
think thats MY fault?

I think whats far more likely to get you fired where you work is an
outrageously flawed logic progress. Or possibly for being a top-poster
which DEFINTELY should be illegal :o)

Si Cottick wrote:
Browser hacking should be a capital offence - we should be allowed to
hang them on street corners to set an example to other
gutter-dwellers.

Anyway... Internet Explorer (6) running on XP home. Opening the
browser shows google.co.uk in the address bar, but the progress bar
shows eurosamp.com for a half second and then
bxnu.com_blah_id?=eurosamp.com/. I take that to mean that my hacker is
sending me to his site and then redirecting to his affiliate account
at bxnu.com hoping to profit from my searches. He's obviously a ***
tho - no matter what search I run from his affiliate page, it simply
refreshes the page again!

I assume these are Russian scum who are immune to complaints to hosts,
so how do I get my browser back. Like I say, I'd *much* prefer to
track him down and remove all of his fingers with a pair of pliers,
but I'll settle for having control of my browser back again. I'm
running Norton Internet Security 2006 (employers choice not mine)
which is fully updated. Is there any point in complaining to bxnu
about their affiliate or are they likely to laugh and ignore me? And
what do I need to do to return Explorer to its previous state? (I cant
run a system restore - I just get a message saying "cannot restore
to..." - really useful error message, that!)
TIA

Hi Si,
Ted was talking in General,and for sure we don't know your environment or
your set up, but in general if the company software is that not good and you
know that 4 sure, you should talk to them and let them know your concerns,
otherwise all your works and efforts will be sucked!! because you have badly
written Program/Software installed from your company!.

The best is to scan your computer with online scanner from here:
http://www.pandasecurity.com/activescan
http://www.trendmicro.com
And also for malwares from here:
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org for Spybot S&D
Then try to Disable the Add-Ons on your Browser somehow your browser been
hooked by Add-ons or Plug-ins which act as an ear/spy for that site to direct
you to where they want you to go.
On how to disable the Add-ons follow this:
Click start >> Control Panel >> Double Click Networking and Internet
Connections >> Double click Internet Options, on the IE Properties window
click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons and click [OK] to confirm your Changes.

Reboot your machine and see if you will be redirected.
If no joy then keep reading:

Opena Run command and type in :
regedit.exe click [OK]
On the Registry Editor locate this Keys and See the Entries for eny of these
Toolbar Hijackers.
[-] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl =
Look in the Right Pane/Window for any Entries and Post them here or Delete
them if you know they are the Culprit.

[-] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks
1=\WebBrowser
2= \ Explorere
3= \ShellBrowser

If you have more than these what they are?.
[-] HKEY_LOCAL_MACHINE\Software\Microsoft\Search\Install =
In the Right Pane/Window you will see something like this:
[ab]InstallPath REG_SZ C:\Program Files\Common
Files\Microsoft Shared\MSsearch\
If you have more this What they are?.
[-] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Internet
settings\ZoneMap\Domain
Msn.com
more than this delete if you not sure it belong to you.
--------------------------------------------------------
2= See what settings you have on the following KEYS:
Click on *Main*
[+]HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main.

and look in Right Pane/Window and Locate *Start Page* Right
Click on it and select Modify and enter the Data say for ex;
http://www.microsoft.com as your Home page and then Locate also this *Local
Page* and Right Click on it and select Modify and put the following;
C:\WINDOWS\SYSTEM\blank.htm

The same with this KEY:
[+] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
On the *Start Page* change it into http://www.microsoft.com

Leave the *Local Page* as it is if it have this stringe of Data:
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}...... etc

Exit the Registry Eidtor and Reboot your computer and see if the Issue gone
and you have your Home page which is Microsoft.com for Example.
------------------------------------------------------------------
3= Also Opne the Windows Explorer and Click on the C partition on your
computer and locate the Hosts file and open it with Notepad and see the
entries there, if the websites created entries to redirect you delete it and
save the Hosts file then Reboot your machine, to access the Hosts file do the
follwoing;
Click Start >> All Programs >> Accessories >> Double click Windows Explorer
and there click on Windows to expand and on System32 to expand then on
drivers to expand and click on the sub-folder *etc* look in the Right
Pane/Window you will see a Hosts file but not the one with the extension .SAM
leave this as is.
Right Click and select open with and open with Notepad and edit it from
there and Save it then reboot.
The path will look like ths "C:\Windows\System32\drivers\etc".
-------------------------------------------------------------------------
4= If all fail download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Please perform one step (1,2,3,4) at a time and see if that will help your
issue.
HTH.
Please let us know.
Regards,
nass
----
www.nasstec.co.uk


.