Solved

My Computer has been Hijacked

Posted on 2003-10-21
7
1,413 Views
Last Modified: 2010-04-11
I made the mistake of letting some popups through on a website I visited and now My computer has been hijacked by something calling itself "Mysearch" and has placed a toolbar on IE 6 that I can't get rid of. My computer has slowed to a crawl. I could not type this on it and had to go to another computer. There are several "new" icons on my desktop. One says "Spyware" removal" and takes me to a website completed unrelated to spyware. There are several programs that have installed themselves in my program files directory.

Please how do I get out of this mess!
0
Comment
Question by:annas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 3

Expert Comment

by:FlamingSword
ID: 9592460
You should probably rebuild the box to be sure.  If you have AV like symantec, run its latest pattern and see if it is something you can undo.  Most people here try to fix by using spyware removal tools, first spybot, then adaware, then spybot, then adaware,  and that may wash your machine clean and make you more aware.

One thing for sure, you were hacked by running code from a malicious website that sponsors but privacy invasion and user manipulation, such as Verisign.

The way they did it was to exploit a known vulnerability to Internet explorer. Because --- you had not patched that vulnerability. How many other vulnerabilities have exploited you?

That is why I think for peace of mind, you migh best just go reload the system from scratch, and then continue, installing each and every patch and service pack and rollup to eliminate all the vulnerabilities and exploits available, an not until then let the machine reconnect to the network.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 9592481
Answer: WindowsUpdate ...................  SpyBot
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 125 total points
ID: 9592821
USe these softwares

SpyBot-S&D

SpyBot-S&D is an adware and spyware detection and removal tool. This includes removal of certain advertising components, that may gather statistics as well as detection of various keylogging and other spy utilities. In addition, it also securely removes PC and Internet usage tracks, including browser history, temporary pages, cookies (with option to keep selected) and more. The program offers an attractive outlook-style interface that is easy to use and multi-lingual. SpyBot-S&D allows you to exclude selected cookies, programs or extensions from being reported, allowing you to prevent false positive messages for items that you dont want to be alerted of every time. It can even scan your download directory for files that have been downloaded, but not yet installed, allowing you to detect unwanted programs before you even install them. SpyBot produces a detailed and easy to understand report before it deletes any files and allows you to deselect any item that you do not want to be processed. In addition, a recovery feature allows you to restore your settings if needed. Very nice tool, that exceeds the capabilities of the popular Ad-Aware application.

http://www.webattack.com/download/dlspybot.shtml 

Ad-aware

AdAware is a privacy tool, that scans your memory, registry, hard, removable and optical drives for known data-mining, aggressive advertising, and tracking components. It then lists the results and offers to remove or quarantine the components. The program detects a wide range of adware/spyware related issues and can be updated with the latest signatures via the built-in update utility. Please be advised that removing certain components may impact the functionality of effected software applications. You should fully read the included Ad-aware documentation before removing any files!

http://www.webattack.com/download/dladaware.shtml 


HijackThis

HijackThis is a tool, that lists all installed browser add-on, buttons, starup items and allows you to inspect them, and optionally remove selected items. The program can create a backup of your original settings and also ignore selected items. Additional features include a simple list of all startup items, default start page, online updates and more. Intended for advanced users.

http://www.webattack.com/download/dlhijackthis.shtml 

Keylogger Hunter

Keylogger Hunter is a program that attempts to detect any keyloggers that may be running on your computer. It performs a system analysis, which takes about 3-5 minutes and then produces a list of suspicious files (if any). It detected 2 out of 3 running keyloggers in our test. Future versions are planned to be shareware.

http://www.webattack.com/download/dlklhunter.shtml 

KL-Detector

KL-Detector is designed to provide a way to find out whether your activity is being recorded with a keylogger application. It uses the fact that most keyloggers create a hidden log file on your hard drive and therefore scans for any suspicious activity during a test period that you have to initiate. Basically, it asks you to use the keyboard for several minutes, type some text or do similar activities, while it is monitoring your system to check if it can detect any suspicious logging activity. KL-Detector is intended for occasional use and not as a permanently running program, as normal PC activity may cause false positives. During our test, it did detect changes in a keylogger log file (that we installed), but it did not find the activity suspicious enough to warn us. Advanced users may get value by inspecting the logged items, however novice users should not rely on the results.

http://www.webattack.com/download/dlkldetector.shtml 

X-Cleaner Free

XCleaner is a privacy tool suite that detects and removes installed spyware and adware components and includes tools to securely delete files, edit the registry, disable startup programs and more. Additional features include IE home page protection, cookie, cache and history cleaning, built-in password generator and more. This free version also contains some additional feature options, however they are disabled and require upgrade to a full version. The spyware and adware scanning as well as many cleaning features however can be used freely.

http://www.webattack.com/download/dlxcleaner.shtml 

SpywareBlaster

SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage. This allows you to run Internet Explorer with Active-X enabled, but it will never download or even prompt you for any of the known ActiveX controls. All other Active-X controls or plug-ins will work fine. The SpywareBlaster database contains information on these known spyware Active-X controls and can be updated with the click of a button. The application windows displays a list of all controls that it is able to detect (this is not a list of what was found on your computer). The program cannot detect if you have any of the known objects already installed, but if you do, they will be disabled. The program also allows you to take a snapshot of your computer (certain settings) in its clean state and later revert many changes made by spyware and browser hijackers.

http://www.webattack.com/download/dlspywareblaster.shtml 

SpywareGuard

SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected. If this is the case, it initially blocks access to the file and then allows the user to select an action. SpywareGuard provides a fast scanning engine, signature-based scanning, heuristic/generic scanning, a control panel, and an online-update utility for downloading of definition updates. It does not replace your anti-virus protection, but instead detects programs that may cause privacy concerns. The list of detected programs includes AdBreak, AdultLinks/LinkZZ, Brilliant Digital, CommonName, Cytron, FreeScratchAndWin, FriendGreetings, HighTraffic, HotBar, IEDisco, iGetNet, Lop.com, MoneyTree Dialer and others.

http://www.webattack.com/download/dlspywareguard.shtml 


SpySites

SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software. You can select the sites from the list, or optionally add all of them, or only the "worst offenders". The program then adds the URLs to the IE Restricted Zone settings. Once configured, there is no need to run the program again, unless you want to add additional sites.

http://www.webattack.com/download/dlspysites.shtml 

Sunray
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 49

Expert Comment

by:sunray_2003
ID: 9592833
Install a good firewall like zonealarm

have your virus updates and check for virus

install trojan remover and check for trojans

Sunray
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9595048
Thanks

Sunray
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 9599928
Good job.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 9599974
But that is more about the after effects, like running A/V to see what happened while the barn door open, and finding Blaster. I like to also shut doors once in awhile. For example, I was just reading this in another window:

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-041.asp

To exploit this vulnerability, an attacker could host a malicious Web Site designed to exploit this vulnerability. If an attacker then persuaded a user to visit that site an ActiveX control could be installed and executed on the user’s system. Alternatively, an attacker could create a specially formed HTML e-mail and send it to the user. If the user viewed the HTML e-mail an unauthorized ActiveX control could be installed and executed on the user’s system. In both scenarios the vulnerability in Authenticode could allow an unauthorized ActiveX control to be installed and executed on the user’s system, with the same permissions as the user, without prompting the user for approval.
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
TCP Chat/GPS application security thru firewall 4 51
80072efd error while checking for updates. 20 89
SMB Signing issues 5 91
sample of wannacry 3 114
OnPage: Incident management and secure messaging on your smartphone
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question