| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 60031 | 2005-07-20 10:14:00 | redirecting to porn site | bartsdadhomer (80) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 373863 | 2005-07-20 12:24:00 | Downloaded Programme File in WNNT folder (ActiveX objects, Java, etc)? Add/Remove Programs? (not too obvious is it) Not got a foreign protocol in Network Properties or something disguised as a driver? Run system file checker? Been there done those except sfc, will try that Will also try whois approach (good idea) Cheers |
bartsdadhomer (80) | ||
| 373864 | 2005-07-20 12:33:00 | if you wanted to get rough on it you could select all entries listed in Hijackthis and delete the entire lot (need to run the winsock fix afterwards to get net access though) | Metla (12) | ||
| 373865 | 2005-07-20 19:53:00 | since it'd only take 10 mins max to test will you kindly install firefox and check to see if the same problem occurs. At least the result will give you/us more information. I'm almost habitually leaveing firefox on customers systems nowadays cause it's superior to IE and safer to use. Yes yes i understand you want to find out what the hell is goin on.........errr....someone suggested searching the registry etc for the url/ip addy numbers trya prog called 'registrar lite' it'll bring up ALL the listings of whatever you are searching for in the reg and let you delete them all at once its much faster than the usual reg search/delete/hit f3 for next etc........... | drcspy (146) | ||
| 373866 | 2005-07-20 20:56:00 | The customer is bringing the machine in again today and I'd already decided to install firefox and advise them to use it in future. But I'm still going to track this problem down even if it takes all day, for future reference if nothing else. What I should do is take their damn site down, but I'm too old for jail now, I like my creature comforts. |
bartsdadhomer (80) | ||
| 373867 | 2005-07-20 21:10:00 | What I should do is take their damn site down................lol now theres a cure for sure ! | drcspy (146) | ||
| 373868 | 2005-07-20 22:24:00 | :badpc: Checked your "hosts" file? | personthingy (1670) | ||
| 373869 | 2005-07-20 22:31:00 | :badpc: Checked your "hosts" file? As in my first post that has already been done (1st thing I did) |
bartsdadhomer (80) | ||
| 373870 | 2005-07-21 04:11:00 | Ugh! This is horrible - given the whole arsenal of anti-malware tools, this thing is still undetected and unkilled. If it wasn't so dumb as to redirect a web page and alert you to it's presence, you never would have known it was there. How many of these are sitting undetected in other PCs? You should assume something is capturing the user's name and DOB. God knows what other form data this thing has captured. Maybe you should warn the user of the possibility of this, and to check accordingly. It would be interesting to know what you found... |
vinref (6194) | ||
| 373871 | 2005-07-21 05:47:00 | I personally haven't come across any of the new breed of malware utilizing rootkits, but wonder if your one falls within that category. Sysinternals have a rootkit revealer (www.sysinternals.com), which may be worth a run as you seem to have done just about all others. I too would be interested in your findings on nailing this brute. |
pheonix (36) | ||
| 373872 | 2005-07-22 22:06:00 | I too would be interested in your findings on nailing this brute. Me too. So what happened ? |
mark c (247) | ||
| 1 2 3 4 5 | |||||