Author Topic: help, explorer has been hijacked...eek (Read 455 times)

humble · « **on:** May 23, 2003, 02:06:53 PM »

My son has been using my computer and somehow downloaded something...my explorer now is a pass thru some other site and I'm getting all kinds of popups. Couple of the guys gave me some suggestions on downloads to kill the pop ups....which have helped a bit. But not a real fix...any ideas on how to troubleshoot this....never experienced this before.

SunKing · « **Reply #1 on:** May 23, 2003, 02:45:14 PM »

Skuzzy this needs to be a sticky..

Shut down "Messenger" in Start->Settings->Control Panel->Administrative Tools->Services

kbman · « **Reply #2 on:** May 23, 2003, 03:16:39 PM »

http://www.lavasoftusa.com/software/adaware/

Hi humble,
this URL is for AdAware which is a shareware app that cleans your system of all known spyware programs. What you described seems to be a problem with Win XP but you may have other spyware problems now or in the future. AdAware will help root them out.

kbman

Skuzzy · « **Reply #3 on:** May 23, 2003, 04:02:18 PM »

It's in the Tech posting sticky SunKing.

humble · « **Reply #4 on:** May 23, 2003, 06:08:15 PM »

This is not a problem with messenger...I have it disabled. Ad-aware can find the dll but not get rid of it...then next go around it morphed. If you edit registry computer will automatically restore old registry on reboot. Apparently it is a kind of virus aimed at explorer...literally took it over. Ad-aware seems to haver helped treat the symptoms...but not the root problem. Local friend told me taht McCaffie (sp?) has an FAQ on it on their site.

Ack-Ack · « **Reply #5 on:** May 23, 2003, 06:26:41 PM »

Quote

Originally posted by humble
This is not a problem with messenger...I have it disabled. Ad-aware can find the dll but not get rid of it...then next go around it morphed. If you edit registry computer will automatically restore old registry on reboot. Apparently it is a kind of virus aimed at explorer...literally took it over. Ad-aware seems to haver helped treat the symptoms...but not the root problem. Local friend told me taht McCaffie (sp?) has an FAQ on it on their site.

What it sounds like you have is a 'hijacker' spywre.dll that literally hijacks your IE and sets in its own bookmarks and home page and will not allow you to change it.

You might want to check out MajorGeeks.com and download one of their 'hijacker' destroyer programs. You might also want to use Spy-Bot Destroyer in conjuction with Ad-Aware. Both detect stuff that the other one doesn't, so it's a good idea to run both programs when searching for any spyware.dlls on your system.

Ack-Ack

humble · « **Reply #6 on:** May 23, 2003, 07:13:45 PM »

Thanks Ack-Ack....sounds like exactly what I've got

humble · « **Reply #7 on:** May 23, 2003, 07:54:49 PM »

Ack-Ack....downloaded "highjack this"....great little program. Took me 2 minutes to go thru and fix things up...owe you a beer...or two...or three...

Ack-Ack · « **Reply #8 on:** May 23, 2003, 08:28:17 PM »

Quote

Originally posted by humble
owe you a beer...or two...or three...

Hell, let's make it a pitcher and call it even. Glad it helped and you're back up and running.

Ack-Ack

BOOT · « **Reply #9 on:** May 29, 2003, 10:17:41 AM »

If all else fails... you can find the critters manually... I had this happen with a redirect to Orbitz... Ad Aware couldn't detect it.

Go to MY COMPUTER... Click C:\Program Files
find the COMMON FILES folder... you will find it tucked away in one of the folders... This particular one (Orbitz) was the hardest to detect that I have ever come across... It did not show up in the filename... I had to right click and show properties to find it...