Some sort of virus/trojan/whatever keeps changing my browser home page - help!

Discussion in 'Computers' started by Ronald Epstein, Jan 29, 2004.

  1. Ronald Epstein

    Ronald Epstein Founder
    Owner

    Joined:
    Jul 3, 1997
    Messages:
    48,295
    Likes Received:
    5,478
    Trophy Points:
    9,110
    Real Name:
    Ronald Epstein
    I usually keep my browser home page set to Yahoo.

    Recently, it looks like I was attacked my some
    sort of malicious script that changes my home page
    to this site:

    http://searchcentral.cc/

    Even though I go back into TOOLS -> INTERNET OPTIONS
    and change my browser's home page back to YAHOO, my
    browser will ocassionaly start up at the page I
    listed above.

    Something got in my browser. Norton AntiVirus
    isn't detecting it and neither is a Trojan Remover
    software program.

    Any advice how to fix this?
     
  2. RobertR

    RobertR Lead Actor

    Joined:
    Dec 19, 1998
    Messages:
    9,765
    Likes Received:
    194
    Trophy Points:
    9,110
    Ron,

    I had the same problem. It's a very nasty program that plants itself in your system registry. I found a web page that runs a program that gets rid of it. I don't remember the web page, but a google search should find it. Hope this helps.
     
  3. Chun Lam

    Chun Lam Agent

    Joined:
    Jan 20, 2004
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    0
    Ron,

    It could be some spyware that was downloaded to your computer. Have you installed any freeware/shareware programs lately?

    Trying downloading a spyware program such as:

    Spyware Blaster.

    I'd paste the link, but I haven't reached the minimum # of posts yet. Just google it and it should be the fire link that comes up.


    Hope this helps.
     
  4. John*K

    John*K Stunt Coordinator

    Joined:
    Oct 20, 2001
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    0
    For trojans, TDS-3 seems to be strongly recommended.

    www.diamondcs.com.au

    And Nod32, for antivirus. Nod32 really is one of the best.

    www.nod32.com

    Spybot is supposed to be very good at removing adware/spyware. Used in conjunction with AdAware,it could be extremely effective.

    www.safer-networking.org

    I hope these help you. Unfortunately, they are not free. But i do believe that you get a free trial for each.

    Hope this helps you!
     
  5. John*K

    John*K Stunt Coordinator

    Joined:
    Oct 20, 2001
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    0
    Also should mention that I have read that you should not install anti-virus software and OS in the default directory. This is because some viruses actively seek-out known directories and delete vital files within them. Or, they can prevent you from installing these anti-virus software to begin with, based on the directory-seeking method.

    Instead of "Norton AV," you should try "NNN" or maybe something equally obscure.

    Best of luck.
     
  6. Chris_Morris

    Chris_Morris Screenwriter

    Joined:
    Jan 4, 2002
    Messages:
    1,887
    Likes Received:
    0
    Trophy Points:
    0
    Yep sounds like spy/adware. And here I thought Ron had learned from the Mozilla thread awhile back [​IMG]

    Ad-Aware or Spybot will get rid of it, or you can also try Pest scan which runs online via a Active X control.

    This spyware business is just getting way out of hand.


    Chris
     
  7. Ronald Epstein

    Ronald Epstein Founder
    Owner

    Joined:
    Jul 3, 1997
    Messages:
    48,295
    Likes Received:
    5,478
    Trophy Points:
    9,110
    Real Name:
    Ronald Epstein
    You guys are great!

    RobertR please keep looking for the page.
     
  8. John*K

    John*K Stunt Coordinator

    Joined:
    Oct 20, 2001
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    0
  9. PhillJones

    PhillJones Second Unit

    Joined:
    Jan 20, 2004
    Messages:
    472
    Likes Received:
    0
    Trophy Points:
    0
    I can't post URLs but do a search in google gorups for "t.rack.cc" and you should find loads of info, if it's the one I think it is. Some info below.

    Dealing with Coolwebsearch and affiliates

    CWShredder (Kills Coolwebsearch and affiliates) read this first!
    Download: "cwshredder.zip" Unzip and run the included "CWShredder.exe"

    Then follow up with either Ad-Aware or SpyBot, then HijackThis!
    More info on Coolwebsearch and the gang

    Editors Note: there are now nearly 10,000 Coolwebsearch affiliates!
    They do this as a "Pay-per-Click" scheme, basically getting a few cents for each user that gets hijacked to Coolwebsearch or one of it's major affiliates. Nice guys huh? Most of these affiliates are Adult related, so be careful where you surf and practice Safe Hex!
    One of the newer tricks Coolwebsearch uses is to block the infected user from accessing most major anti-spyware programs and sites. Download: CWS.SmartKiller from SpyBot S&D. If you can not access Merijn.org or you get redirected, use the direct IP address instead, this bypasses the HOSTS file hijack. Download: [HijackThis] [CWShredder]
     
  10. Mark Zimmer

    Mark Zimmer Producer

    Joined:
    Jun 30, 1997
    Messages:
    4,300
    Likes Received:
    40
    Trophy Points:
    0
    Thanks for the tips. I've got the same problem with an outfit search-space.com. I've tried Ad-Aware but the problem persists. I'll try CWShredder and Hijack This.
     
  11. Kimmo Jaskari

    Kimmo Jaskari Screenwriter

    Joined:
    Feb 27, 2000
    Messages:
    1,528
    Likes Received:
    0
    Trophy Points:
    0
  12. Mark Zimmer

    Mark Zimmer Producer

    Joined:
    Jun 30, 1997
    Messages:
    4,300
    Likes Received:
    40
    Trophy Points:
    0
    I think you're right. Microsoft is just too haphazard and lazy about creating exploitable crap like this. [​IMG] I may go mozilla. I always used to use Netscape in preference to IE because of these security issues, but it was incompatible with way too many websites to be useful so I felt forced into IE. I trust that Mozilla is updated on a more regular basis than Netscape?
     
  13. Brian W. Ralston

    Brian W. Ralston Supporting Actor

    Joined:
    Apr 4, 1999
    Messages:
    604
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Los Angeles, CA
    Real Name:
    Brian W. Ralston
    Spybot Search & Destroy will not only get ride of spyware on your computer.....there is a feature in the tools section of that program which will lock your web browser home page from being changed but any one else (or another program/virus) but you.
     
  14. John Watson

    John Watson Screenwriter

    Joined:
    Jul 14, 2002
    Messages:
    1,937
    Likes Received:
    0
    Trophy Points:
    0
    If these are real companies that perpetrate these hijacks, can they be prosecuted?

    The Micro soft site that Kimmo linked us to seems to use corporate names.

    Bill Gates commitment to trustworthy computing seems like pious hand-wringing. He seems to be the chief architect and stable master for the Trojan Horse that the home pc has become. [​IMG]
     
  15. Rob Gillespie

    Rob Gillespie Producer

    Joined:
    Aug 17, 1998
    Messages:
    3,632
    Likes Received:
    5
    Trophy Points:
    0
    Drop IE and use Firebird.
     
  16. Marshall Alsup

    Marshall Alsup Second Unit

    Joined:
    Jul 9, 2001
    Messages:
    497
    Likes Received:
    0
    Trophy Points:
    0
    Another vote for Spybot. I had the exact same problem and a problem where when I'd search in google it would bring up a nother browser window with my search performed at some other spyware ridden lesser search engine. It really pissed me off.

    I've been an Ad-Aware user for a long time, but it just wasn't fixing the problem. So I tried Spybot and it fixed it perfectly. I think Spybot is the better product between the two, but I use both just in case.

    Good Luck Ron,
    -Marshall
     
  17. NickT

    NickT Stunt Coordinator

    Joined:
    Nov 20, 2001
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    0
    Real Name:
    Nick
    Just a warning about using Hijack This!. It lists alot of settings in your computer where browser hijacks and malware can be, but not everything listed is bad or should be deleted. It's a tool that provides information to someone experienced to recommend what needs to be done to remove spyware/adware. I recommend having someone from one of the following sites take a look at your Hijack This! log and then proceed with their advice:

    http://www.wilderssecurity.com/index.php?board=17 You do not need to register, guest posting is allowed.

    Spywareinfo Support Forums Note that these forums are down this weekend (Jan 30th to Feb 2nd) since they are upgrading the site to a new bigger, faster server. Guest posting is also allowed here.

    Net-Intergration
    Need to be registered to post.

    Make sure you have the most current version of Hijack This! which is version 1.97.7 to make sure the latest detections are available.

    http://mjc1.com/mirror/hjt/ This link posted by John*K has a good set of instructions about how Hijack This! works and what to do.

    Part of the advice given when posting Hijack This! logs usually involves installing and running Spybot Search & Destroy and Ad Aware to search your system and remove unwanted programs. Both have support forums that can help you with any questions you may have about your scan results.

    Spybot S&D Support Forums

    Ad Aware Support Forums

    After doing all of that, you should take a few steps to prevent any of this from happening again, otherwise you may find yourself doing all of it again in another month or so. I highly recommend SpywareBlaster to prevent most reinfections from spyware/adware. The best thing about it is it doesn't need to run at all to protect you. You only need to run it to update it or to make any changes you want to. Unlike Spybot and Ad Aware, it can prevent spyware from being installed in the first place. Highly recommended.

    Another program that can prevent spyware from being installed is Spyware Guard , which is by the same person that created SpywareBlaster. It does need to run in order to protect you, but it scans in real time to prevent spyware installation. Note that this is the replacement for Browser Hijack Blaster, which is linked in a previous post by John*K.

    Perhaps the simplest and most important thing to do, is to change the security setting in Internet Explorer regarding Active X downloads. Many of the spyware programs get installed on your computer automatically because IE is set to automatically download and install Active X plug ins. This is essentially the same thing as allowing any .exe file to run without you even knowing about it. In Internet Explorer, go to the top and click the Tools tab, then click on Internet Options, then click the Security tab. The picture of the world with "Internet should be selected, if not click on it. Look down for the Custom Level button and click that. On the new window, the first thing is Active X Controls and Plug-ins. On the very first option, "Download signed Active X controls", click the circle next to Prompt. I suggest you also click Disable for "Download Unsigned Active X Controls" and "Initialize Active X Controls Not Marked As Safe". Then click the apply button followed by OK.

    What that will do is give a warning box whenever something wants to install itself. You have the option of saying yes or no, as well as getting more info on it. There are legitimate controls you may want to install, like a plug-in for Quicktime. However, most of the time, it will be something that you have no idea what it is, so you can click the No button and it won't install. The scary thing is that the option is defaulted at Enable, so anything will install itself without warning and that's why the spyware creators target this method of installation.

    The whole spyware business is getting like protecting yourself from viruses. You have to take steps to protect yourself, otherwise your computer will get trashed.
     
  18. NickT

    NickT Stunt Coordinator

    Joined:
    Nov 20, 2001
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    0
    Real Name:
    Nick

    You would think so, but the whole area of spyware is still new and they're aren't any real legal precedents to go by. For example, there is no legal definition of "spyware" that I'm aware of.

    Another thing is that most users "agree" to the installation of it by clicking yes on the EULA (End User License Agreement) that comes with most software downloads. It's that screen that has all the legal talk about no implied warranties, this software is provided as is, etc. So, in their eyes, you are agreeing to install the spyware, too bad for you if you didn't read the fine print.

    Also, many spyware programs are installed via Active X, and like I stated in my previous post at the end, IE set by default to automatically install anything from any web page that you visit. So by having Active X controls and plug-ins set to enable, I guess you are also agreeing to install their software.

    The main reason that Mozilla, Firebird, and Opera are safer than IE is because they don't suppoert Active X. Without Active X, nothing can be downloaded on your computer that way. Also, since most people use IE, it is targetted by the spyware people. There's little proffit to be made by targetting a browser that few people use. Just like Macs have very little if any spyware programs since most people use Windows.
     
  19. Jason Harbaugh

    Jason Harbaugh Cinematographer

    Joined:
    Jul 30, 2001
    Messages:
    2,968
    Likes Received:
    0
    Trophy Points:
    0
    I got this hijacker as well last week. It was the most obnoxious and genius thing I've ever seen. Not only are there dozens of variations of it now, but once you get it is hard as hell to remove completely. I followed all of the directions on multiple sites. Downloaded every utility and app out there. I thought I got rid of it, was even running smooth for a day but boom it came back.

    This thing made me do something I hadn't done in 2 years. Format. Not saying this is what you will have to do, but I never had a virus or malicious program in 10 years that I couldn't get rid of.
     

Share This Page