annas
asked on
My Computer has been Hijacked
I made the mistake of letting some popups through on a website I visited and now My computer has been hijacked by something calling itself "Mysearch" and has placed a toolbar on IE 6 that I can't get rid of. My computer has slowed to a crawl. I could not type this on it and had to go to another computer. There are several "new" icons on my desktop. One says "Spyware" removal" and takes me to a website completed unrelated to spyware. There are several programs that have installed themselves in my program files directory.
Please how do I get out of this mess!
Please how do I get out of this mess!
Answer: WindowsUpdate ................... SpyBot
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Install a good firewall like zonealarm
have your virus updates and check for virus
install trojan remover and check for trojans
Sunray
have your virus updates and check for virus
install trojan remover and check for trojans
Sunray
Thanks
Sunray
Sunray
Good job.
But that is more about the after effects, like running A/V to see what happened while the barn door open, and finding Blaster. I like to also shut doors once in awhile. For example, I was just reading this in another window:
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-041.asp
To exploit this vulnerability, an attacker could host a malicious Web Site designed to exploit this vulnerability. If an attacker then persuaded a user to visit that site an ActiveX control could be installed and executed on the user’s system. Alternatively, an attacker could create a specially formed HTML e-mail and send it to the user. If the user viewed the HTML e-mail an unauthorized ActiveX control could be installed and executed on the user’s system. In both scenarios the vulnerability in Authenticode could allow an unauthorized ActiveX control to be installed and executed on the user’s system, with the same permissions as the user, without prompting the user for approval.
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-041.asp
To exploit this vulnerability, an attacker could host a malicious Web Site designed to exploit this vulnerability. If an attacker then persuaded a user to visit that site an ActiveX control could be installed and executed on the user’s system. Alternatively, an attacker could create a specially formed HTML e-mail and send it to the user. If the user viewed the HTML e-mail an unauthorized ActiveX control could be installed and executed on the user’s system. In both scenarios the vulnerability in Authenticode could allow an unauthorized ActiveX control to be installed and executed on the user’s system, with the same permissions as the user, without prompting the user for approval.
One thing for sure, you were hacked by running code from a malicious website that sponsors but privacy invasion and user manipulation, such as Verisign.
The way they did it was to exploit a known vulnerability to Internet explorer. Because --- you had not patched that vulnerability. How many other vulnerabilities have exploited you?
That is why I think for peace of mind, you migh best just go reload the system from scratch, and then continue, installing each and every patch and service pack and rollup to eliminate all the vulnerabilities and exploits available, an not until then let the machine reconnect to the network.