Solved

restricting porn sites from becoming homepage!!!!!

Posted on 2004-09-14
18
605 Views
Last Modified: 2008-02-01
Hi everyone

my problem is with porn sites..
some porn sites when accessed automaticly download spyware on the computer and reset the IE homepage into one of its own sites. and nomatter howmany time i change back the homepage it keeps resteting back to the porn sites and or "about-blank" site that when opened opens a porn links.
how can i stop this or remove it and how do i prevent it from happening on a clean OS.

Thanks

Shomali
0
Comment
Question by:shomali
  • 5
  • 2
  • 2
  • +8
18 Comments
 
LVL 15

Expert Comment

by:scampgb
ID: 12054968
Hi shomali,

I suggest that you look at AdAware (http://www.lavasoftusa.com)
This will scan and help remove SpyWare.  The paid versions include a utility that pro-actively stops Spyware infections.

I hope that this helps - let me know if you need any further help.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12054993
Some of the experts here have helped in compiling all the important spyware tools and they are listed in this thread
http://www.experts-exchange.com/Web/Browser_Issues/Q_20975384.html

My recommendation would be to start with spybot ,ad-ware ,CWshredder and get the log from Hijackthis and save the log and paste it here http://hijackthis.de/index.php?langselect=english to analyze it  

After installing them, First Update them and then run

Since you have about:blank , try about buster
http://www.majorgeeks.com/download4289.html

SR
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12055032
Ah, you want to "lock down" Windoze. Which is like trying to plug swiss cheese.

First, don't use IE. Its insecure and easily hijacked. ActiveX basically gives anyone free reign on your machine. Go get Mozilla, Netscape, Opera...anything but IE. CERT, and US Dept. of Homeland Security, and any security professional worth the title will tell you not to use IE.

Next, turn off insecure technologies like JavaScript.

If you have a site you just *have* to go to and they are too stupid to support a browser other than IE, then you can crank up IE, but only if you *really* trust them. But still do not use IE for normal websurfing.

Finally, don't use insecure mailreaders like Outlook...in fact, avoid HTML-enabled mailreaders in general. Outlook uses IE as its HTML renderer, so basically this means all of IE's vulnerabilities are available to crackers from your E-Mail account. You don't have to go to their web page, all you have to do is make the mistake of previewing their E-Mail. Use Thunderbird, Netscape, PINE...anything but Outlook.

But if you insist on using M$ for your web-browsing and E-mail, you can count on getting nailed again.
0
 

Expert Comment

by:purviancej
ID: 12055717
stop going to porn sites? they seem to be the problem
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12055794
You don't necessarily have to go to the porn site to get hijacked like this. Porn operators will use spammers to send out E-Mails designed to hijack vulnerable browsers, like IE, when read by vulnerable mail readers, like Outlook.
0
 

Author Comment

by:shomali
ID: 12056815
I dont go to porn sites , my customers do, i have an internet cafe club .........
anyway...
i tried the about buster and spybot and they both found many spyware but i still have plenty and they didn't fix my homepage, i've tried it on 5 different machines...
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12056834
Try HIjackthis and get it analyzed in the website , I had given in the first suggestion. If that doesnot help , post the log here for us to analyze

0
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 200 total points
ID: 12057189
Ah...so you operate an Internet Cafe and have public-access machines.

1) Get rid of Windoze entirely. Its next-to-impossible to secure it. A local Internet Cafe has been operating using Linux as their desktop OS for their machines, and has been doing it for YEARS, quite successfully. No Windoze means they are invulnerable to 95% of the malware out there.

2) If you refuse to get rid of Windoze, then get rid of IE and Outlook. Install Mozilla, Opera, Thunderbird, et. al. Look into tools to lock down Windoze, such as DeepFreeze, or Novell ZENworks.

3) Get a firewall/proxy server. Use it to block sites you don't want your customers going to. The Proxy Server can be something Open Source, like Squid - your only cost is the hardware. You can also add a for-pay tool like SmartFilter atop Squid to enforce your site limitations. A firewall can have an ACL or ruleset to restrict outgoing traffic.

Finally, be sure to block outgoing Port 25 connections from your public-access network. Spammers and scammers *love* Internet Cafes that allow them to spam anonymously.
0
 

Expert Comment

by:gavinw007
ID: 12058656
How about webroot spy sweeper? that protects hompage! Go here for more info http://www.webroot.com

HTH
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 14

Expert Comment

by:spiderfix
ID: 12061108
>>i tried the about buster and spybot <<

You want to run CWShredder...
http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

...and Ad-Aware (especially if your Windows XP)
http://www.lavasoftusa.com/support/download


If your Windows XP or Windows ME you want to first disable the "System Restore" feature.

Also, all spyware killing should be done in Safe Mode. If not in Safe Mode there may be
spyware (or trojan) tasks running, and that will prevent the killing of them.
0
 

Author Comment

by:shomali
ID: 12062680
i tried removing from safe mode and all went well and removed all spyware from startup  but when i went back to normal and reset the homepage it always works for the first time but the next time i open IE it comes back in...anyway
i installed Mozilla Firefox on 3 machines and i will see how it works ,havent seen results yet!!!! but if i decide to install linux on all my machines will it solve this problem permenant or do i need to also install spyware removals like spybot or adaware also, and what is the best version of linux to install and anyother tips about istalling linux would be greatly apreciated

thanks
Shomali
0
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 200 total points
ID: 12064427
"if i decide to install linux on all my machines will it solve this problem permenant or do i need to also install spyware removals like spybot or adaware also, and what is the best version of linux to install and anyother tips about istalling linux would be greatly apreciated"

The issue here is of fundamental OS architecture. In the Windoze environment (especially in 9X), every program runs with full access to the entire machine. M$ has been slowly changing this, but as a practical matter its still difficult to get all the software you might want to use to run in the Windoze environment without it having full and complete access to the OS, meaning it can write to the Registry at will (which is what has happened to you), replace critical OS files, etc. etc.

In contrast, in the Linux environment (*NIX environment, almost ANY environment aside from Windoze), user programs run as unprivledged users. Properly secured, user programs cannot modify the OS environment, but can still function and do everything a user might need. This makes it fundamentally more difficult for malware to hijack the machine, and orders of magnitude easier to clean up any messes that do get made.
 
For this reason, you just won't find much in the way of spyware removal tools for the Linux/*NIX environment, because the malware writers are faced with an OS that *won't* happily do whatever they tell it to do. Instead, you use programs like TripWire to alert you if someone (a user) futzes with something. Then you take that person around back, calmly break their knees, and explain to them the error of their ways. :-)

Moving to Mozilla is a good short-term fix. Be sure to turn on pop-up blocking, make cookies non-persistent, etc.

A migration to Linux will solve these issues, long-term. Which one depends a lot on what support you can get. I have an affinity for SUSE, personally, but if I were you, I'd go to the Linux TA on here (http://www.experts-exchange.com/Operating_Systems/Linux/) and explain your situation and solicit recommendations.
0
 
LVL 1

Expert Comment

by:BAFP
ID: 12074446
use teatimer which comes with spybot. whenever it notices somechange to the registry it notifies you and you can override the homepage from being changed.

If you tick the 'remember this...'  box before you click on deny change then it will stop all further attempts by the program from changing it from your existing hompepage to that particular homepage.

hope this helps, if you need in depth info post here and i'll reply.

regards

BAFP
0
 

Expert Comment

by:blouckswwu
ID: 12078919
We take a completely different approach and we use Norton Ghost to reimage each machine back to its original state after each day.  This process takes about 5 minutes to do all machines using a second partition on the same computer.  You can also use a bootable CD-ROM/DVD or diskette.  There are a number of different options you can do with Ghost and if they do get spyware or hijacks then its goes away the next day.  Just another option, but spyware and adware tools seem to work great also.  Since your in the situation of managing computer that the public uses (as we are) then having these utilities may cause a user to disable or become confused by having them popup with messages.

Good luck!
0
 

Expert Comment

by:blouckswwu
ID: 12078943
0
 
LVL 1

Accepted Solution

by:
mattyvx earned 100 total points
ID: 12085662
it is possible from windows to stop the homepage being changed!

make sure you are logged on as local administrator
click start, run and type mmc.exe
select file, add/remove snapin
click add, select group policy, click add then finish.  now close and click ok.

you'll now see the local computer policy for your machine
expand - local computer policy/user config/windows settings/Internet Exp Maint/URLs
double click the 'important urls' on the right side - you can set your default home and search pages here...

now expand - local policy/user config/admin templates/win components/internet explorer
on the right side, youll see the option to disable changing home page, enable this and no-one will now be able to change the homepage from the default you set earlier!

simple as...
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12085734
Yeah, "simple" until some ActiveX control (which gets the run of the machine and can change pretty much anything) changes that Registry key.

A simpler and *more-reliable* solution is to not use IE - remove it from the systems. Use Mozilla, Netscape 7, Opera....almost anything else.
0
 
LVL 12

Expert Comment

by:alandc
ID: 12437921
I would add to this thread that the version of spy ware removal supplied by webroot has been more effective at removing really persistant infections. Like the two you have used it also had "resident" features to prevent future infections. When Spybot fails for me I get Spy Sweeper!

"Spy Sweeper"
http://www.webroot.com/


0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
Windows 7 does not have the best desktop search built in. This is something Windows 7 users have struggled with. You type something in, and your search results don’t always match what you are looking for, or it doesn’t actually work at all. There ar…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now