homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam

The Geek Culture Forums


Post New Topic  New Poll  Post A Reply
my profile | directory login | | search | faq | forum home
  next oldest topic   next newest topic
» The Geek Culture Forums   » Other Geeky Stuff   » Ask a Geek!   » I've been hijacked

 - UBBFriend: Email this page to someone!    
Author Topic: I've been hijacked
Cap'n Vic

Member # 1477

Icon 1 posted December 12, 2008 09:23      Profile for Cap'n Vic     Send New Private Message       Edit/Delete Post   Reply With Quote 
I've never been able to not clean one of these fuckers up but this one has my head spinning.

My Dell XP machine used mostly by my kids and wife has some sort of freaky hijack thing going on. When googling (both in FF and IE) there seems to be some sort of javascript (?) pointing my searches to shopping sites, the same ones appear and spoof the header of the site, but the links go to the shopping sites, Iíve run a bunch of stuff (in safe mode), Spy bot, Stinger, AdAware, Mcafee all to no avail. When I turn off javascripting in FF the problem goes away. Most of the searches point to monstermarketplace.com. I've uninstalled all instances of java (including the Macromedia suite)

During a search, the statusbar briefly displays 1.2.3.0...

Here is a screen shot of what a search looks like. Thoughts? A registry cleaner maybe?

 -

--------------------
(!) (T) = 8-D

Posts: 5471 | From: One of the drones from sector 7G | Registered: Jun 2002  |  IP: Logged
CommanderShroom
BlabberMouth, a Blabber Odyssey
Member # 2097

Member Rated:
4
Icon 1 posted December 12, 2008 10:03      Profile for CommanderShroom     Send New Private Message       Edit/Delete Post   Reply With Quote 
Now that is a new one. I have not seen anything quite like that particular before.

I did a couple of general searches. One led to something on LavaSoft where they mentioned that it was only happening to a single account and not on all accounts. Any chance that is the same case for you? Maybe attempt to go into the root account or create a new account and see if it continues?

The one I read on LavaSoft only mentioned IE being hijacked like that. There is another one here that looks very interesting. Browser hijack that affects both IE and Firefox that is creating a second file named sysaudio.sys in the system32 directory.

Here is the link to the LavaSoft conversation.

Good luck Vic

Posts: 2463 | From: Utarrrrggggghhh!!!!!!!! | Registered: Mar 2003  |  IP: Logged
GrumpySteen

Solid Nitrozanium SuperFan
Member # 170

Icon 1 posted December 12, 2008 11:14      Profile for GrumpySteen     Send New Private Message       Edit/Delete Post   Reply With Quote 
You've probably been hit by wareout.

Manual removal instructions and an automated remover here

Posts: 6364 | From: Tennessee | Registered: Jan 2000  |  IP: Logged
TheMoMan
BlabberMouth, a Blabber Odyssey
Member # 1659

Member Rated:
4
Icon 1 posted December 13, 2008 03:19      Profile for TheMoMan         Edit/Delete Post   Reply With Quote 
__________________ Cap'n Vic __ Knowing the MrsMoMans habits when on-line. Don't be supprised if you find that it was an installed app in the start folder. Most of the stuff I have to remove were put on the computer in an attempt to get a certain screen saver or wallpaper. So what if a dialog box comes up get rid of it.

--------------------
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.


Benjamin Franklin,

Posts: 5836 | From: Just South of the Huron National Forest, in the water shed of the Rifle River | Registered: Sep 2002  |  IP: Logged


All times are Eastern Time  
Post New Topic  New Poll  Post A Reply Close Topic    Move Topic    Delete Topic next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:

Contact Us | Geek Culture Home Page

© 2015 Geek Culture

Powered by Infopop Corporation
UBB.classicTM 6.4.0



homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam