Browser hi-jacked?

  • Thread starter Thread starter Christine O
  • Start date Start date
C

Christine O

Hi all,

I am running IE 6 on Win 98 with AV software (up to date) and for the
past couple of weeks, something annoying has been happening. First of
all, most times when I went to Google Groups or Yahoo Mail, I would
get a "$10 porn page". I haven't seen the porn page in a while.
Yesterday and today, when I tried to go to Yahoo Mail or Google
Groups, I would get connected to

http://econnect.libereco.net/end.ph...00290.exe&fgc=red&bgc=ffffff&status=unsuccess

and prompted to download and install something. Naturally, I didn't,
although an executible named li-speed00290[1].exe gets downloaded to
IE's cache.

I have searched Google Groups and Google to find out what the problem
is. I have only found answers to those who have installed the program.
I haven't knowingly installed anything in months except for Ad-Aware.
I updated Ad-Aware and ran it tonight, but it didn't come up with
anything suspicious except the usual cookies.

I would like to know how I can get rid of these re-directs to Liberco
and the smut page, any advice would be much appreciated :-)

Thanks,
Christine
 
Hi Christine,

Your experience sounds similar to mine. For years I had used the internet
without the precaution of anti-virus software. Still, it was irritating in
the extreme when I recently found my browser constantly re-directed to
"adulthyperlink" (porn of course).
I first downloaded Spybot, which rooted out a load of hidden parasites.
But the problem remained, sometimes being dormant for a couple of days. I
then uninstalled Spybot and signed up for a years McAfee Virus Scan Online.
This found about 10 or 11 virus infected files. Still, the problem remained.
Next, I re-installed Spybot and updated on the net even though it was
only a few days since original download. The new Spybot found further hidden
parasites, and now, a few days down the road, it seems to have worked.

Dave W.

P.S. Spybot is freeware.
 
In Message-ID:<[email protected]> posted on
I would like to know how I can get rid of these re-directs to Liberco
and the smut page, any advice would be much appreciated :-)
Click to expand...

Try this application:
http://www.tomcoyote.org/hjt/
It will tell you what is loading whenever you start your machine,
and list any BHOs (browser hindrance objects) as well as list the
addresses in your hosts file. The BHO and any related host redirects are
where I suspect you will find the culprit. There is a provision to save
a copy of the results of your scan so that you can post it for expert
assistance in various news groups.
 
In Message-ID:<[email protected]> posted on
I would like to know how I can get rid of these re-directs to Liberco
and the smut page, any advice would be much appreciated :-)
Click to expand...

Try this application:
http://www.tomcoyote.org/hjt/
It will tell you what is loading whenever you start your machine,
and list any BHOs (browser hindrance objects) as well as list the
addresses in your hosts file. The BHO and any related host redirects are
where I suspect you will find the culprit. There is a provision to save
a copy of the results of your scan so that you can post it for expert
assistance in various news groups.

Bart

note*
this is a repost because I had incorrectly set the expiry date.
 
Bart Bailey said:
In Message-ID:<[email protected]> posted on


Try this application:
http://www.tomcoyote.org/hjt/
It will tell you what is loading whenever you start your machine,
and list any BHOs (browser hindrance objects) as well as list the
addresses in your hosts file. The BHO and any related host redirects are
where I suspect you will find the culprit. There is a provision to save
a copy of the results of your scan so that you can post it for expert
assistance in various news groups.
Click to expand...

BHO's = Browser Helper Objects
 
Christine O said:
Hi all,

I am running IE 6 on Win 98 with AV software (up to date) and for the
past couple of weeks, something annoying has been happening. First of
all, most times when I went to Google Groups or Yahoo Mail, I would
get a "$10 porn page". I haven't seen the porn page in a while.
Yesterday and today, when I tried to go to Yahoo Mail or Google
Groups, I would get connected to

http://econnect.libereco.net/end.ph...00290.exe&fgc=red&bgc=ffffff&status=unsuccess
Click to expand...
Since you're using IE, you might want to consider (once you've rid yourself
of the browser hijacker) installing SpywareBlaster and IE SpyAd. Both are
freeware and together will stop active X controls and cookies from known
sleeze offenders from being installed without your knowledge. You can do a
google and find the download addresses.
 
You could have a virus loading at startup, but more likely you have a plugin
installed that activates when you start IE. Run RegEdit and look at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins

Look for any unusual plugins. You can protect yourself against scripts that
install these plugins running without your knowledge by changing "Active
Scripting" in Security Options from Enable to Prompt. The risks of running
scripts locally are relatively small at well known sites, but anything like
geocities I would not allow scripts to run. 9 times out 10 you don't really
need to run the scripts anyway to get the basic Web page, but some sites such
as Microsoft do sometimes require them.
******************** REPLY SEPARATER ********************
 
Thanks fellows!

It seems I had Prolivation. I downloaded both Hijack This and Spybot,
and with some help from this webpage:

http://www.pchell.com/support/prolivation.shtml

It seems to be gone now. It didn't change my home page, but after
reading the PCHell site, I discovered that it did change IE's search
button (I never use it, so never noticed). The intriguing thing is
that is isn't using Prolivation.com but
http://www001.upp.so-net.ne:3128@DF809JOW4WJ(...)

This also explains why I wasn't consistently getting redirected -
every time that I didn't enter http:// before the URL would be the
times that I was redirected.

I use F-Prot and, honestly, I'm a very careful user and haven't been
affected by a virus or trojan since Happy99 (way back in January of
1999) and I rarely download toolbars etc. I don't know where I picked
up Prolivation, although perhaps I picked it up through a nefarious
popup. optikl, thanks for your suggestions, I'll take a look at those
progs right away.

Very happily,
Christine
 
Hijack this is a great program, but DON'T automatically remove
everything it finds -- some of them are valid entries and removing
them can cause big problems.

If you're not a computer jock, consult others before actually using it
to remove anything.
 
Back
Top