Adware or something is taking over my borwser--pls help.

Adware or something is taking over my borwser--pls help.: Posted by James Bond on February 2nd, 2004; First, if this is not an appropritate group for posing this question,
please refer me to the correct one.

Now, on the the issue. I use google as my search engine and have it set as
my home page. Though I am very careful about letting unknown software get
on my computer, I seem to have something going on that is taking over my
browser. First, my home page keeps getting changed to SearchCentral.cc
(actually, in the set home page field it is listed by IP, 81.211.105.43).

Even worse than that, when I am using Google, some portion of the links in
a google search results page are actually redirected to this same Search
Central with my original Google search parameters filled in on
SearchCentral search box. When this happens, the only way I can actually
get to the url shown in the Google search results is to cut and paste the
real url.

Can someone please help me figure out how to find the pervasive code that
is taking over my browser and eradicate it.

Thank you.

James; Posted by Maurice ON4BAM on February 2nd, 2004; On Mon, 02 Feb 2004 16:12:27 GMT, James Bond
<jbond@universalexports.com> wrote:

Google is your friend :-)

http://groups.google.com/groups?num=...=Google+Search; Posted by Quaoar on February 2nd, 2004; Maurice ON4BAM wrote:

And SpyBot is your tool. security.kola.de

Q; Posted by Duane Arnold on February 2nd, 2004; James Bond <jbond@universalexports.com> wrote in
news:Xns94837212ECB95jbonduniversalexport@140.99.9 9.130:

Use the Host it can help.

http://mvps.org/winhelp2002/hosts.htm
http://accs-net.com/hosts/HostsToggle/

One example is to edit the Host.fle and make the following entry.

127.0.0.1 www.microsoft.com

And then go to your browser and enter www.microsoft.com and you'll see that
the browser will not go to the site.

That's one way you can stop the redirects. Maybe the site you're being sent
to is already in the Host.fle or you can edit the file yourself and create
the entry.

There are various Host files out there on Google you can use or combine
into one Host file.

Duane; Posted by Duane Arnold on February 2nd, 2004; Leythos <void@nowhere.com> wrote in news:MPG.1a88577060461a5e98a12f@news-
server.columbus.rr.com:

I'll agree that one must find the real problem as to the compromise. But
I also think that using the Host as a prevention tool is a viable
solution for the overall protection of the machine. To me, this Host is
more than just about doing some add blocking.

Duane; Posted by curious on February 3rd, 2004; Duane Arnold <notme@notme.com> wrote in message news:<Xns948379F1D28F6darnold92insightbbco@216.148 .227.77>...

<snip>

Should I do that as a preventive measure?; Posted by Duane Arnold on February 3rd, 2004; heyimjustcurious@yahoo.com (curious) wrote in
news:ca3e516b.0402022232.75ae5e01@posting.google.c om:

It's not a stop all solution but it does help. There are some
applications written for WEB usage that have the IP of a WEBsite hard
coded in the application. But most applications are going to use a DNS
for the site hard coded in the application. By using a DNS in the code,
the IP for the DNS must be resolved by the computer. Usually, the DNS is
at the ISP, on a Domain in a closed MS network, or the computer itself
can resolve the DNS to IP if there is a Host file. If the HOST file does
have a DNS in it and it's set to the Loopback IP, then the access to the
site will be blocked as the requests is returned back to the machine. It
doesn't matter if you have some WEB application or some batch
application/program running that's doing a lookup by DNS to reslove the
IP to access a WEbsite it will be blocked from accessing the site.

Also, configuring a browser such as IE's security settings properly and
not leaving them in their default out of the box state helps as well,
along with using one's common sense and not having the happy fingers that
click unknowingly.

Duane; Posted by Duane Arnold on February 3rd, 2004; CyberDroog <CyberDroog@anon.com> wrote in
news:q9rv10p9v0o446p8bsiklt0pmsjqhho5fn@4ax.com:

Thanks, I may take a look at POPUpCop, since I am using POPUP Stopper
(free). The only third party tool I'll use is BlackIce's Application
Control that has step in a couple of times behind the browser on the
protection. I do like to go to the O/S when it comes to security
configuration, like IE. I have gone to IE and configured it such that it
just won't start downloading ActiveX controls and executing Java Scripts
on its own.

Use I understand that the data of the Host file will change from time to
time due to websites coming and going. I also hear that you can obtain
update Host files as well.

To me, it's just part of the mix of trying to keep the crap at bay.

Duane; Posted by Xplosion on February 4th, 2004; Dear James,

I had the same problem, but spybot does not seem to recognize thi
one.

The application responsible for this behavior is called

Open Site

You can remove it by Add/Remove Programs.

You may want to check wether all registry entries get deleted.

For your refderence follow this

http://sarc.com/avcenter/venc/data/adware.opensite.html

Xplosion
-----------------------------------------------------------------------
Posted via http://www.webservertalk.co
-----------------------------------------------------------------------
View this thread: http://www.webservertalk.com/message107244.htm; Posted by Unregistered on February 4th, 2004; what this thing does is edit your registry file somehow and update th
default search.. I keep deleting the page and somehow it keeps updatin
back in my registry.

Unregistered
-----------------------------------------------------------------------
Posted via http://www.webservertalk.co
-----------------------------------------------------------------------
View this thread: http://www.webservertalk.com/message107244.htm; Posted by johns on February 6th, 2004; First thing, go off line. That hijacker will phone home and
reload over and over and over. Next, do a search for every file
that is dated at and after the time of infection ... you are looking
for the dropper. It will be there, and hard as hell to find. I've
found it in a 2nd recycle bin directory that is bogus ... also in
a "name" directory in System32 .. there's probably others.
Run AdWare6.0 that has been recently updated ( go to another
computer and dl it ) and delete all that crap. Run Spybot, and
delete all that crap. Reboot. If the stuff comes back .. AND IT
WILL ... search again for the dropper directory, and go delete
the entire directory. Delete Temporary Internet Files .. and
delete the Temp directory ( under local settings ). Go look
at Services and see if you see a weirdo running. See what
directory contains it, and go look there. If there are "new"
dated files in that directory .. that is probably the dropper.
Delete it if you feel safe doing so .. or if Adware or Spybot
has been in that directory. Note: if you are running XP, you
must shut off System Restore .. My Computer > properties
my C-drive. If a hijacker gets me .. I boot to floppy with
recovery disks, and reimage. Screw all that effort. Reimage
takes 30 - 40 minutes, and I spend that time ice skating :-)

johns; Posted by Robin T Cox on February 6th, 2004; James Bond <jbond@universalexports.com> wrote in
news:Xns94837212ECB95jbonduniversalexport@140.99.9 9.130:

See:
http://www.spywareinfo.com/articles/hijacked/

Similar Posts

How to remove adware and adware nictech from my puter (Help and Support) by John
IE taking up too much CPU (Microsoft Windows) by Michael
Re: taking xanax 1mg 5-6 x's a day! NOO! (Help and Support) by Vikramjeet Subramanian
taking ovnership (Microsoft Windows) by chris2
windows xp pro taking over (Microsoft Windows) by Sparda