Well I really do not know alot about these hyjack things but my spyware guard and my firewall alerted me of the atempt ( I had only just conected to the net for 15 mins and all scans on my system prior to conection were clean)
then the firewall said it was trying to conect to a site aswell so i terminated that, got off the net straight away, ran my scans again and spybot fixed the browser settings and everything looked ok again.
So then got back online to continue my emails and they all blank!!!!!!!
they are there, with the subject lines but all blank. Over 3000 emails, not impressed!
I tried to save one as a txt file but then XP says notepad.exe is missing hmmmmm
well I found I had 2 notepad.exes and one in the temp folder just created at the time of the hyjack, very strange, so I got rid of that one and redirected the link to the real one. now I can view text files again :)
As to all my emails I had to change to outlook and import them all and re-do all my rules as I can not fix my outlook express. this took me hours!! :(
I Also noticed some proccessors running at start up that did not run before the hijack attempt and had to fix my registry

Needless to say its 2 days later and Im fairly confident to get back online, but not tooooo confident :huh:

I can not believe with the amount of security I have now how on earth that thing did so much damage :angry:

By the way it hapened when visiting a search portal page but Im sorry I cant remember what one as i had a few pages up at the same time so be careful out there!

Sounds like No Fun at All.. Let's just hope
not too many others get's attacked by
this destructive coders silly fun :angry:

I've had this happen, and I'm glad to say there's an easy remedy (I believe)

You should, by now have HiJackThis! installed (from www. download . com - and yes, I have put in spaces so you'll have to type it in to make sure you're going to the right place.

Run a scan and you'll see entries in the R0 and R1 sections which look unfamiliar.

Take a backup of the setting - just in case.

Close ALL mail and Internet windows and delete the entries.

Reboot, and you should now be able to read your stuff...


When you have it sorted, use an XP manager to set your start page etc, then take away permissions so that no hi jacker gets a LOOK IN!

Hope this helps

OHHHHHH Yes, I've had this too!

All the headers are there, but no body. A real laugh.

I put it down to a corrupt file on Outlook.

Couldn't be bothered fixing it, so I just closed it and opened my other inbox. (most of the paid mails were on-site anyway, so losing them was OK. The others were mostly newsletters and other assorted rubbish that I've signed up for)

It doesn't seem to be affecting anything else, so I'll get round to sorting it.....one day.

With that happening to VamPvixen I am now thinking that doing the searches for the sites are not worth all the trouble and I am thinking of not doing any searches at all. If this can happen through a firewall and all the other things then what hope is there. I am actually using another spyware finder and this one is really good....it found 3 things on my computer that none of the others found at all. It only takes about 5 seconds to check the computer and then it brings up what is there and if you are on the net then you can get detailed instructions on how to remove it manually or it gives you a link to download the uninstaller from the owner of the program. It is called bazooka and here is the url to check it out http://www.kephyr.com/spywarescanner/ I hope everyone finds it useful. I did :)

Yes lungfish its really strange hey!

Antinomy in Hijack This there is noting strange in the R0 section and as for the R1 section, there does not seem to be one :blink:

My browser is fine as spyware guard and my firewall stoped it from the hijack attempt before it changed the settings however outllook express is still screwed.

Oh well..I am using Outlook for now but boy what a nightmare it was to import and sort all the emails as somewhere along the line over 3,000 emails duplicated 4 times each! It took me all day and night to sit and delete all the duplicates and end up tiwh over 12,000 in my deleted items folder :o
What a nightmare!!
Well I am finally back on track and up to date with them all so clicking away like mad again :)

Pug that programe is brilliant! Talk about lightening fast! Thanks for the link.

I don't think this has anything to do with the search engines
that a lot of people are promoting, including myself.

Some of these unwanted softwares change your startup page
to a search portal so they can earn money for every click.
One I have gotten more than once is wwwsearch or something
like that.

I used to get 'Best of the Web'. It was full-screen and wouldn't let you get rid of it until it had 'loaded'. :angry:

You can use short cuts to close them. I think it is Alt+ F4 in IE
and CTRL + W in multitab browsers.

Your Welcome VamP

I was hoping a few people would find it useful and I was surprised at how fast and easy it was. But it is still best to use Adaware as well as spybot just to make sure. I was amazed at how it found some that none of the other programs found so it must be pretty good.

Hey Pug,

I thank you also, it has found a few on mine also. Really appreciate the help.

It is a shame the lengths we have to go to these days to protect our systems. Sometimes it makes me wonder why I bother, but then I would not have met people like yourself and the others here.

Thanks again and have a great weekend my friend! :D :D

D.Koenemann

Your Welcome

I got a Trojan downloader get into my machine yesterday and I have no idea how it came in. The only information I have on it is it is Downloader.Wintrim.AZ
it affected netia32.dll AVG can't get rid of it....the only thing it has done it put it in the virus vault. I think I know how I got it....it came from either one of the search portals or from these stupid email things that I was signed up to that I didn't do and I made the mistake I clicking on the remove link and typing my email address....now I get more of them. The only thing I can think of that they have come from is that they are linked to paidxxx but I can't be sure of that. Oh well I don't think it will happen anymore now but it is not totally gone. I am glad bazooka is working out well. At least it is something else to fight it all.

Pug

Hey Pug,

I know what you mean about things getting in and not knowing how it was done. The other day I caught one downloading and I had all my security settings set where there was not supposed to be anything like that happening. I ended up having to do a partial system restore to get the computer to even work again.

I have been going to http://www3.ca.com/threatinfo/virusinfo/scan.aspx about every other day and letting it do a complete scan . It has caught a couple virus's I was not even aware had penetrated my system. It allowed me to delete the infected files. You might give it a try maybe it could get rid of the one you've got.

I just wish we could delete the ba***ds that create this stuff.

D.Koenemann

Originally posted by D.Koenemann@May 23 2004, 06:00 AM


I just wish we could delete the ba***ds that create this stuff.

D.Koenemann

:lol: :lol: :lol: :lol: :lol: :lol:
If we could I am sure I would have RSI from hitting the delete key :rolleyes:



Try
http://www.spywareguide.com/txt_onlinescan.html

I tested this by:
1. running adaware..all came up clean
2. Running spybot search and distroy..all clean
3. Running bazooka..all clean

After doing all 3 I then went to that site and ran the scan and found 2 aditional things that did not show up on the others. <_<

Just goes to show not one programe alone can find everything.