Hijacker

Ask the few things google does not know

Moderator: Dictators in Training

Hijacker

Postby Diekan » Sat Apr 17, 2004 8:55 am

Ok - this is annoying.... I can't seem to fix my little problem here.

Some how I've got a hijacker program installed on this machine. It autosets my browser to 'about:blank' and there's nothing that I've tried that seems to get rid of it.

I've run Adware, which finds it and deletes it... but that doesn't work.

I've gone into the regedit utility and manually deleted it, but that doesn't work. Apparently, it's hidden somewhere else.

My virus scanner (norton) isn't picking it up either.

Anyone have an idea?

It's in the HKEY_LOCAL_MACHINE:Software.Microsoft.InternetExplorer.Main

Called "HOMEOLDsp."

I've searched my Windows directory sys and sys32 for anything that remotely resembles it, but to no avail. There's nothing in the add remove programs about it either... nor are their any out-of-place folders I can see.

People who write this malicious shit need to be publicly executed... literally.
User avatar
Diekan
NT Deity
NT Deity
 
Posts: 5736
Joined: Fri Mar 12, 2004 10:14 am

Postby Scoota McGee » Sat Apr 17, 2004 9:14 am

Spy-ware crappola often hides here:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Everything here runs whenever you start the machine. Make sure you recognize or can figure out what programs run on start. Delete the rest.
"Liberals believe government should take people's earnings to give to poor people. Conservatives disagree. They think government should confiscate people's earnings and give them to farmers and insolvent banks. The compelling issue to both conservatives and liberals is not whether it is legitimate for government to confiscate one's property to give to another, the debate is over the disposition of the pillage."

-Dr. Walter Williams
User avatar
Scoota McGee
NT Traveller
NT Traveller
 
Posts: 2612
Joined: Tue Mar 09, 2004 2:19 pm
Location: Dubai, U.A.E.

Postby Martrae » Sat Apr 17, 2004 9:20 am

http://www.safer-networking.org/
spybot is better than ad-aware....hearing rumors that ad-aware is using spyware itself now.

also get AVG, Norton has really gone into the toilet.
Inside each person lives two wolves. One is loyal, kind, respectful, humble and open to the mystery of life. The other is greedy, jealous, hateful, afraid and blind to the wonders of life. They are in battle for your spirit. The one who wins is the one you feed.
User avatar
Martrae
Admin Abuse Squad
Admin Abuse Squad
 
Posts: 11962
Joined: Mon Mar 15, 2004 9:46 am
Location: Georgia

Postby Scoota McGee » Sat Apr 17, 2004 9:20 am

Found something. Sounds like you have Raxums.

SARC has a complete write up on it:
http://sarc.com/avcenter/venc/data/adware.raxums.html
"Liberals believe government should take people's earnings to give to poor people. Conservatives disagree. They think government should confiscate people's earnings and give them to farmers and insolvent banks. The compelling issue to both conservatives and liberals is not whether it is legitimate for government to confiscate one's property to give to another, the debate is over the disposition of the pillage."

-Dr. Walter Williams
User avatar
Scoota McGee
NT Traveller
NT Traveller
 
Posts: 2612
Joined: Tue Mar 09, 2004 2:19 pm
Location: Dubai, U.A.E.

Postby Diekan » Sat Apr 17, 2004 10:43 am

I followed the instructions to a T, didn't work... even re-updated my Norton 2003 Pro and ran a full scan... this time it found it, but was not successul in removing it.

I hope they catch this fucker and split him from gullet to groin while still alive... and then let a few starving rats feed on his entrails as he watchs...

I seriously think they should institute the death penalty for people like this. You kill a few of them and they'll get the idea.
User avatar
Diekan
NT Deity
NT Deity
 
Posts: 5736
Joined: Fri Mar 12, 2004 10:14 am

Postby Harrison » Sat Apr 17, 2004 10:44 am

I fully agree. Same with people who corrupt MP3's on p2p programs. And then share them en-masse.
How do you like this spoiler, motherfucker? -Lyion
User avatar
Harrison
NT Legend
NT Legend
 
Posts: 20323
Joined: Thu Mar 11, 2004 12:13 am
Location: New Bedford, MA

Postby Diekan » Sat Apr 17, 2004 10:49 am

http://www.spywareinfo.com/~merijn/files/CWShredder.exe


This program removes the malicious application and provides you with details about how it works, what it is, so on.

One of my old guildmates provided me with the link -

Thanks Gunjin.

p.s. apparently this particular torjan is become more and more popular with abult / warez site pop ups. They don't know which just that it's spreding rapidly.
User avatar
Diekan
NT Deity
NT Deity
 
Posts: 5736
Joined: Fri Mar 12, 2004 10:14 am


Return to Tech Support

Who is online

Users browsing this forum: No registered users and 11 guests