Results 1 to 13 of 13
  1. #1
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    758
    This is so absurd.

    Okay, it goes like this:

    1) I am looking at the stats on one of my xtreme trackers.

    2) I notice a strange url and make the mistake of clicking on it.

    3) Prompt boxes start poping up in german.

    4) 10 pop-up windows come up, I try to close them with alt F4, when I do I get more prompt boxes saying "you can't close this window with alt f4!

    5) I manage to restart with ctrl alt delete

    6) My browser opens and my home page has been changes to some porn scum site.

    7) I try to go to tool/internet options
    When I click internet options this warning comes up:


    So I go start/settings/control panel/internet options

    Now I can change my homepage back

    8) I restart my machine again and it's back to the same porn scum site!

    Like WTH is going on?

    How can I possibly rid my machine of this malicious code?

    I went to http://housecall.antivirus.com and they say there are no viruses on my machine.

    Any ideas? anyone...???

  2. #2
    Full Member
    Join Date
    January 18th, 2005
    Posts
    373
    have you got norton antivirus? seems to pick up most things.. i think

  3. #3
    Newbie
    Join Date
    January 18th, 2005
    Posts
    2,694
    Someone made a post about this to one of the lists I am on - a long time ago so it's going to take my middle-aged brain a while to remember where...

    Anyway the jist was similar. The culprit turned out to be something more on the order of scumware than a virus.

    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>So I go start/settings/control panel/internet options

    Now I can change my homepage back

    8) I restart my machine again and it's back to the same porn scum site!

    <HR></BLOCKQUOTE>

    This definitely sounds like the same thing that happened to him. It turned out to be a script that had created a registry key. He was eventually able to get rid of it ...
    Try running AdAware.

    [ 06-18-2002: Message edited by: eaglefire ]

  4. #4
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    758
    Thanks Eaglefire,
    I ran adaware and it detected 6 files, all of which were just cookies.

    The problem is still there and is really pi$$ing me off.

    I was looking around in my registry but don't know exactly what to delete.

    :mad:

  5. #5
    Newbie
    Join Date
    January 18th, 2005
    Posts
    2,694
    Assuming you're runnign Windows (9x)
    Look around in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run

    Those are the items the Registry loads on Windows Startup. Also look a few folders down in RunServices. Also open Sysedit and see if there is anything odd in your system files.

  6. #6
    Newbie
    Join Date
    January 18th, 2005
    Posts
    2,694
    OK I found the key where IE Start page is :

    HKEY_CURRENT_USER\Software\Internet Explorer\Main

    Look in the right-hand pane and you will see the Start Page key. It will probably have the Porn Scum's url in it - change it back to what you want it to be and see what happens.

    [ 06-18-2002: Message edited by: eaglefire ]

  7. #7
    Full Member
    Join Date
    January 18th, 2005
    Posts
    399
    Might Be something you can use here:

    http://cexx.org/adware.htm

    Halfway down is a section on homepage hijackers.

  8. #8
    Newbie
    Join Date
    January 18th, 2005
    Posts
    2,694
    Look for this paragraph on the page jaybat mentioned; sounds like it would do the trick. It's about 3/4 of the way down the page. Just don't click on the allcybersearch url:

    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR> www. allcybersearch. com - save this registry file and double-click on it to un-hijack your settings. This will remove the stuff that auto-changes your settings on startup and restore your IE defaults (e.g. MSN start page). If you prefer other settings, you can right-click the file and Edit..., and change the homepage settings to your liking before clicking on it.
    <HR></BLOCKQUOTE>

    [ 06-18-2002: Message edited by: eaglefire ]

    [ 06-18-2002: Message edited by: eaglefire ]

  9. #9
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    758
    Thanks again guys!

    I removed their registry keys but it was still happening.

    Then I went to msconfig/startup.

    The next thing I see is the system boot box is checked, after that it said lolita.htm.

    Needless to say I unchecked the box, did a find on all files names lolita and deleted their little invisible pop-up page.

    Tricky rat bastids.


    I guess I'll still go to cexx.org and make sure I got everything.


    Can you believe the way they are getting traffic?

    Hmmmm... let's see...

    1) They do a search for pages with the xtreme tracking code in them
    2) They place links to that page on their homepage
    3) They wait for you to come and look who put your link up and WHAMOOOO, your history.

    Now I see why they say curiosity killed the cat! It almost killed my machine!

  10. #10
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Sounds like the wank running this domain with the driveby download needs some payback. Go to cexx.org and broadcast your problem since their posters contain some great hackers.

  11. #11
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    758
    I hear that Mike!

    I still can't get into internet options from the tools menu!
    For now it's just one of those things, ya know... one of those things that bites ya in the ass every time you go for it until you fix it?

    What comes around goes around

    [img]/infopop/emoticons/icon_biggrin.gif[/img]

  12. #12
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    758
    Eaglefire, I dowmloaded the allcybersearch_hijack_fix file!

    It worked just like magic!

    I wonder... Do you know what program I would use in order to view the source code of a program like that?

  13. #13
    Newbie
    Join Date
    January 18th, 2005
    Posts
    2,694
    It's just a registry file (.reg) you can open it in any code-worthy text editor. It's about 20 lines of text.

  14. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Computer Or Computer Hardware Affilliates?
    By RadarCat in forum AMWSO
    Replies: 2
    Last Post: March 8th, 2005, 10:25 PM
  2. Replies: 1
    Last Post: August 27th, 2004, 06:12 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •