Browser Hijacker

By mretzloff
May 7, 2007
Topic Status:
Not open for further replies.
  1. mretzloff

    mretzloff Newcomer, in training Topic Starter Posts: 130

    Thanks.

    Should I scan with Spyware Blaster? If so, in what part of the order?

    Thanks.
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    As I`ve just said. All you do with Spyware Blaster is update it, enable all protection and close the programme, that`s it.

    You can`t scan with it, that`s not how it works. Read the tutorial I linked to and all will be revealed. ;)

    Regards Howard :)

    This thread is for the use of mretzloff only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. mretzloff

    mretzloff Newcomer, in training Topic Starter Posts: 130

    Is there a good firewall that does NOT have those annoying pop ups?
  4. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    A good firewall will naturally have those pop ups to inform you of any potential compromise to your internet security. If you do not wish to have those pop ups, then you would need to set the firewall to be fully automated. In such a case, for it to do its job really well it would have to restrict several things in your system, even if they were legit. It always has to be some sort of balance in between if you wish to retain some sort of control over your internet habits.

    To draw an analogy, the strongest, strictest terrorist measures will result in more red tape, less freedom, more restrictions etc. But a laxer system will increase the risk inevitably.

    Regards,
    Your friendly Momok =)
  5. mretzloff

    mretzloff Newcomer, in training Topic Starter Posts: 130

    momok, which would you recommend?

    I downloaded Comodo.
  6. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Personally I use Comodo. It has several settings for you to choose, even including learning mode. If I'm not wrong, you can also set it to be fully automated. It is definitely a useful firewall if you know how to tweak the settings well. How you wish to tweak it is again subject to user preference and needs.

    There are two other firewalls commonly recommended:

    Zone Alarm
    Kerio

    You may try them out if you wish. But do note that it is not recommended to run more than one firewall at any point of time.


    Regards,
    Your friendly Momok =)

    This thread is for the use of mretzloff only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. mretzloff

    mretzloff Newcomer, in training Topic Starter Posts: 130

    I've been experiencing some problems again. Sometimes when I search on Google and I click on a link, I'm redirected to another search engine that searches for whatever I searched for on Google. Also, today the date and time format changed by itself.

    Here's a HJT logfile from today:

    View attachment 20964



    Thank to to whoever helps :)
  8. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Your system has been hijacked.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O17 - HKLM\System\CCS\Services\Tcpip\..\{2DEA6FDA-024F-41B1-833E-D3E369DB2E8B}: NameServer = 85.255.114.78,85.255.112.120

    O17 - HKLM\System\CCS\Services\Tcpip\..\{F5AB3BCB-87F3-452E-BD45-209DE3386BC5}: NameServer = 85.255.114.78,85.255.112.120

    O17 - HKLM\System\CS3\Services\Tcpip\..\{2DEA6FDA-024F-41B1-833E-D3E369DB2E8B}: NameServer = 85.255.114.78,85.255.112.120

    O17 - HKLM\System\CS4\Services\Tcpip\..\{2DEA6FDA-024F-41B1-833E-D3E369DB2E8B}: NameServer = 85.255.114.78,85.255.112.120

    Click on the fix checked button.

    Close HJT and reboot your computer.

    Post a fresh HJT log as well as the C:\fixwareout\report.txt.

    Regards Howard :)

    This thread is for the use of mretzloff only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. mretzloff

    mretzloff Newcomer, in training Topic Starter Posts: 130

  10. jobeard

    jobeard TS Ambassador Posts: 13,025   +221

    (a) no; your system needs security and better usage patterns,
    eg: avoid IM, chat

    (b) Macs can be attacked too, but there's less activity on that platform
    primarily due to the small percentage of users.
    FOR A CERTAINTY, attacks aimed at the registry would never work on a Mac :)
  11. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Your HJT log is now clean.

    Unless you`re having further problems, you should be good to go.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of mretzloff only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  12. mretzloff

    mretzloff Newcomer, in training Topic Starter Posts: 130

    How do I turn off the Firxwareout? Every time I turn the computer on, it pops up.
  13. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Just uninstall the Fixwareout programme.

    Regards Howard :)

    This thread is for the use of mretzloff only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. mretzloff

    mretzloff Newcomer, in training Topic Starter Posts: 130

    I can't find it on my computer :( I went to "Add or Remove Programs" and it wasn't there.

    Any help? Thanks.

    EDIT: I found it. Sorry about that.
  15. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Go to C:\Fixwareout and delete the folder.

    Regards Howard :)

    This thread is for the use of mretzloff only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  16. mretzloff

    mretzloff Newcomer, in training Topic Starter Posts: 130

    My computer is running somewhat slow and restarts itself every 5 minutes or so. Could someone help me? I'll post a HJT log. I just wanna get this post in before it restarts itself.

    EDIT: Here's the logfile:

    View attachment 21542


    Thank you!
  17. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Your HJT log looks clean.

    Go and read this thread HERE and see if it helps you to identify the culprit.

    If it doesn`t, please attach 5 or 6 of your latest minidumps.

    Regards Howard :)
  18. mretzloff

    mretzloff Newcomer, in training Topic Starter Posts: 130

    Thanks. What's a "minidump"?
  19. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    A minidump is a snapshot of what was happening when Windows crashed and can contain useful info as to what caused the crash.

    You will find you mindumps in the C:\windows\minidumps folder.

    Regards Howard :)
  20. mretzloff

    mretzloff Newcomer, in training Topic Starter Posts: 130

    I'm not sure if this is the correct forum, but how often should one change their password?
  21. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    I`d say every six months or sooner if you think there`s a chance it`s been compromised.

    Regards Howard :)
  22. TimeParadoX

    TimeParadoX Newcomer, in training Posts: 2,438

    I change all my passwords ( including TechSpot's ) around every other month or so, But that's just me ;)
  23. mretzloff

    mretzloff Newcomer, in training Topic Starter Posts: 130

    I can't find the "C:\windows\minidump" folder. Could someone help me? Where should I look?

    Thanks.
  24. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Is Windows setup to write minidumps?

    Right click my computer, and select properties, and then the advanced tab.

    Under startup and recovery click on settings. Make sure the write debugging information box is set to small memory dump. Also make sure that the overwrite any existing file box isn`t checked. Click ok/apply/ok.

    Reboot your computer.

    Now when your system crashes, Windows should write a minidump to the folder c:\windows/minidump

    Regards Howard :)
  25. mretzloff

    mretzloff Newcomer, in training Topic Starter Posts: 130

    I'm sorry that this has nothing to do with security, but how do you erase your hard drive? I'm thinking about donating my old computers to Goodwill but don't want my tax returns and all that stuff to remain on my hard drive. How can I erase EVERYTHING on the hard drive and how can I be 100% sure it is truly erased?

    Thanks.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.