browser automatically redirecting to box.redirectme.net

  • Thread starter Thread starter zero
  • Start date Start date
Z

zero

When I launch IE 6 broswer automatically is redirected to box.redirectme.net
seems like a trojan or whatever is changing not only my default home page
also
setting a cookie... I´ve trying deletion of cookie, adaware... but it is
persistant...
Any idea of what to do?
 
zero said:
When I launch IE 6 broswer automatically is redirected to
box.redirectme.net seems like a trojan or whatever is changing not
only my default home page also
setting a cookie... I4ve trying deletion of cookie, adaware... but it
is persistant...
Any idea of what to do?
Click to expand...

Sounds like a new hijacker.

Get HijackThis from this site and follow its directions:
http://www.tomcoyote.org/hjt/
 
Get and run these programs (if you test after each one you can stop when
the problem is gone):
Ad-Aware:
http://www.lavasoftusa.com
Once installed make sure to update via online before scanning!
and
Spybot - Search & Destroy -
http://security.kolla.de/
http://security.kolla.de/index.php?lang=en&page=download
http://spybot.eon.net.au/
http://www.tomcoyote.org/SPYBOT/
Once installed make sure to update via online before scanning!
and
BHO Demon: http://www.spywareinfo.com/downloads/bhod/

Until the problem is solved.

Further advice available here:

If the problem site is your home page:
http://www.mvps.org/inetexplorer/answers.htm#home_page

If the problem is a pop-up window, your computer may have been hijacked.
For information about pop-up windows, how to get rid of them, and prevent
them in the future have a look at the link below:
http://www.mvps.org/inetexplorer/Darnit.htm#pop_up"zero" <[email protected]>
wrote in message
 
zero,
when I boot normally browser is there"
Click to expand...
Clearly indicates the hijacker is running from Startup
Use HijackThis to determine the culprit - see below
"in services there are a Machine Debug Manager"
Click to expand...
That is a legit MS service although usually not needed!
http://www.mvps.org/winhelp2002/mdm.htm
--
Go to: http://www.tomcoyote.org/hjt/
Download "Hijack This!" [freeware] or download direct (below):
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Click: "Save Log" (generates: "hijackthis.log")

Next, go to the below location:
http://www.spywareinfo.com/forums/

Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new message.
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 8-20-03]
Please post replies to this Newsgroup, email address is invalid
--
What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp
--

zero said:
Thanks but nothing of that worked....

http://box.redirectme.net/

Is still there I performed a clean boot, and that was the only time it
disapeared,
when I boot normally browser is there

deleting cache,
adding box.redirectme.net in host file as blocked
ad aware
spybot

Didn´t work... Am I the only one in the world that is being affected by
this?
I saw 1 only result in Google about this....

I saw this note:

Locking

Some computer manufacturers and suppliers of internet access set IE to their
home page and lock this setting via the registry. Hijackers use exactly the
same trick. The locking is done using registry settings as per the
following:



Home Page Setting Changes Unexpectedly, or You Cannot Change Your Home Page
Setting (Q320159)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q320159


Specific registry settings affected are:



[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control
Panel] - DWORD "HomePage"=dword:00000001 (grays out the whole section)



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explo
rer] - DWORD "NoSetHomePage"=dword:00000001



[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions] - DWORD "NoSetHomePage"=dword:00000001


Those keys doesn´t exists in my registry... is that bad?

If I run msconfig, in services there are a Machine Debug Manager as
unknown.... I dont know what is it (maybe something of norton antivirus???)

Help please!!!!



Frank Saunders said:
Get and run these programs (if you test after each one you can stop when
the problem is gone):
Ad-Aware:
http://www.lavasoftusa.com
Once installed make sure to update via online before scanning!
and
Spybot - Search & Destroy -
http://security.kolla.de/
http://security.kolla.de/index.php?lang=en&page=download
http://spybot.eon.net.au/
http://www.tomcoyote.org/SPYBOT/
Once installed make sure to update via online before scanning!
and
BHO Demon: http://www.spywareinfo.com/downloads/bhod/

Until the problem is solved.

Further advice available here:

If the problem site is your home page:
http://www.mvps.org/inetexplorer/answers.htm#home_page

If the problem is a pop-up window, your computer may have been hijacked.
For information about pop-up windows, how to get rid of them, and prevent
them in the future have a look at the link below:
http://www.mvps.org/inetexplorer/Darnit.htm#pop_up"zero"
Click to expand...
wrote in message
Click to expand...
Click to expand...
 
I did.
Hijackthis log I´ve posted to experts they say theres nothing bad there...
The only thing worked was msconfig and perform a clean boot...
When restarted normal, it comes back....

I´ve tired:
BHO found innofensive items I´ve alway used.
Lavasoft Ad Aware removed some spyware but the problem continues,
Spybot found same things...

Can´t belive no one knows box.redirectme.net treath and how to fix it....




Frank Saunders said:
zero said:
Thanks but nothing of that worked....

http://box.redirectme.net/

Is still there I performed a clean boot, and that was the only time it
disapeared,
when I boot normally browser is there

deleting cache,
adding box.redirectme.net in host file as blocked
ad aware
spybot

Didn´t work... Am I the only one in the world that is being affected
by this?
I saw 1 only result in Google about this....
Click to expand...

Go to http://www.tomcoyote.org/hjt/ , and download Hijack This.

Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save
Log" button.
Press that, and save the log somewhere.

NOTE: Most of what Hijack This lists will be harmless, or even required, so
do NOT fix anything
yet.

Next, go to http://www.spywareinfo.com/forums/

Sign in, go to the Browser Hijacking/Spyware Removal section, press "new
topic", explain your
problem, and copy and
paste the contents of the Hijack This log into your new message. You'll get
expert assistance in
dealing with your problem, and I can assure you that you'll be rid of it in
no time at all.
I saw this note:

Locking

Some computer manufacturers and suppliers of internet access set IE
to their home page and lock this setting via the registry. Hijackers
use exactly the same trick. The locking is done using registry
settings as per the following:



Home Page Setting Changes Unexpectedly, or You Cannot Change Your
Home Page Setting (Q320159)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q320159


Specific registry settings affected are:



[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel] - DWORD "HomePage"=dword:00000001 (grays out
the whole section)
Click to expand...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explo
rer] - DWORD "NoSetHomePage"=dword:00000001



[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions] - DWORD "NoSetHomePage"=dword:00000001


Those keys doesn´t exists in my registry... is that bad?

If I run msconfig, in services there are a Machine Debug Manager as
unknown.... I dont know what is it (maybe something of norton
antivirus???)

Help please!!!!



Frank Saunders said:
Get and run these programs (if you test after each one you can stop
when the problem is gone):
Ad-Aware:
http://www.lavasoftusa.com
Once installed make sure to update via online before scanning!
and
Spybot - Search & Destroy -
http://security.kolla.de/
http://security.kolla.de/index.php?lang=en&page=download
http://spybot.eon.net.au/
http://www.tomcoyote.org/SPYBOT/
Once installed make sure to update via online before scanning!
and
BHO Demon: http://www.spywareinfo.com/downloads/bhod/

Until the problem is solved.

Further advice available here:

If the problem site is your home page:
http://www.mvps.org/inetexplorer/answers.htm#home_page

If the problem is a pop-up window, your computer may have been
hijacked. For information about pop-up windows, how to get rid of
them, and prevent them in the future have a look at the link below:
http://www.mvps.org/inetexplorer/Darnit.htm#pop_up"zero"
When I launch IE 6 broswer automatically is redirected to
box.redirectme.net seems like a trojan or whatever is changing not
only my default home page also
setting a cookie... I´ve trying deletion of cookie, adaware... but
it is persistant...
Any idea of what to do?
Click to expand...
Click to expand...
Click to expand...
 
Back
Top