Solved

Hijacked browser on company laptop

Posted on 2003-11-06
14
3,600 Views
Last Modified: 2012-05-04
Hi all. The problem I have is that my browser default page is set to some russian porn site either sexyque or www.puh.ru . I have installed hijack blaster which keeps it at bay but I want rid of it.  No matter what I try I can't get rid of it. Tried Spyware, virus protection both of which didn't work. Is there something in the registry that can be deleted? Heard that downloading music files can cause this? Deleted WinMx and MPEGs but still no luck. The reason why this is priority for me is that it's my company laptop, so you can understand my dilema.

Thanks.

Gee.
0
Comment
Question by:graemen
14 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9696813
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9696817
After these try repairing IE

Description of the Internet Explorer Repair Tool
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q194/1/77.asp&NoWebContent=1

How to Reinstall or Repair Internet Explorer and Outlook Express in Windows XP
http://support.microsoft.com/?kbid=318378

Repair Internet Explorer 6
http://www.theeldergeek.com/repair_ie6.htm

http://support.microsoft.com/?kbid=293907

Unable to Open Link
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q281679&sd=tech

Sunray
0
 
LVL 97

Accepted Solution

by:
war1 earned 500 total points
ID: 9696826
Greetings, graemen!

A Porn site has downloaded something into your computer.

1. If you have Windows Messenger Service, disable it.  The Messenger service is typically not needed for home users.

Right-click My Computer and click Manage.
Fold out the Services and Applications option and click Services.
Right-click the Messenger entry, select Properties, and choose Disable under Startup Type.
Click OK.

You should no longer receive messages sent via the messenger service.

2. Use the following scanners to find and remove the website.  Sunray has mentioned these scanners.

SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/

Download the latest updates and run the scanner.

3. Some porn websites redirects links to their websites using your HOSTS file. Do a search for the HOSTS (without extension) file and remove the entry.

4. If still no joy, download HijackThis from Spywareinfo download page

http://www.spywareinfo.com/downloads.php

Run the program and you will find many entries. Most are OK. Post the log. I will find the problem for you.

5. For future preventive maintenance, make sure programs cannot just download on your computer without your permission.  From the Internet Toolbar, go to Tools > Internet Options > Advanced.  Make sure "Enable Install On Demand (Internet Explorer)" and "Enable Install On Demand (Other)" are unchecked.

Best wishes, war1
0
 
LVL 15

Expert Comment

by:VincentPuglia
ID: 9698487
Hi,

  Did you try changing your browser's default home page?  

windows:
settings-->control panel-->internet options-->General-->default home page.

  IE:  tools-->internet options-->general-->default home page

NN6: edit-->preferences-->navigator-->home page

Firebird: Tools-->General-->home page

Vinny

Vinny
0
 
LVL 2

Expert Comment

by:cubolahead
ID: 9700382
Just to ad my experiences:

BHO Demon - deals very effectively with your problem, if it is done with Browser Helper Objects. Many browser hijackers go to this category. And it's freeware.

Cheers,
Cubolahead
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 97

Expert Comment

by:war1
ID: 9705292
Check these items in HijackThis log and let HT remove them.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radiometer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radiometer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.puh.ru/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?riqrq (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?riqrq (obfuscated)

O17 - HKLM\System\CCS\Services\Tcpip\..\{55E917B6-4227-496B-84DB-C4F6BB30F41F}: NameServer = 194.168.4.100 194.168.8.100

The above are search files.  No obivous sign of naked ladies except maybe the last one. If the above does not work, check your HOSTS (without extention) file.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9705630
Is this the one

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.puh.ru/search.html

Try deleting it

Sunray

0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9705635
just go to start --> run --> regedit

it will open registry .


You can delete the entries  there ..should not affect other files if you know what you are deleting


Sunray
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9705639
Sorry for posting in different areas. I should have acted prior to posting the comments

Sunray
0
 

Author Comment

by:graemen
ID: 9753562
Thx to all that helped. This is a top class site.

Regards.

Gee.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IIS: Multiple user recognition behid one IP 2 67
Google Chrome Notifications 2 56
cookies analysis tools 2 71
android app- saved password.. 7 43
Do you come here a lot? Are you lazy like me and don't want to go through the "trouble" of having to click your Dock's Safari icon and then having to click your Experts Exchange Favorites bookmark to get here? Well then this article is for you.
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now