Browser was hijacked now intermittantly opens a window

[Jim]

I went to a site that really messed-up IE. It added lots of porn
links, modified the toolbar and search properties. I cleaned most of
it up with adaware but now it intermittantly opens a window to an
invalid site. Usually on browser exit but sometimes in the middle of
surfing. How did they put this hook in and now do I get it out? I
tried searching the registry for the site it tries to open but it's
not there. Ideas?

 

[Jim]

Get Ad-Aware and update to the latest reference file.
Select all items detected and remove.
You may have to reboot and rerun to completely remove the nasties.
Lavasoft/Ad-aware home: http://www.lavasoftusa.com

Get SpyBot Search & Destroy and update to the latest reference
file.
SpyBot home: http://security.kolla.de/
SpyBot How-To: http://www.tomcoyote.org/SPYBOT/

SpywareBlaster to prevent these nasties installing.
http://www.javacoolsoftware.com/spywareblaster.html

You should update and run these at least once a week.

I already did all this but I still get one random window popup that
tries to point to "lazychestnuts" and I can't figure out where it's
coming from.

 

[Jim]

Looks like a new hijacker and you need to use HijackThis.
Download HijackThis from the site and follow directions.
http://www.tomcoyote.org/hjt/

Thanks, that helped me find it. It was a 71778506.exe in my system32
dir. I did a binary edit of it and found the URL of the phantom site.
Thanks for the help!

 

[YoKenny]

Thanks, that helped me find it. It was a 71778506.exe in my system32
dir. I did a binary edit of it and found the URL of the phantom site.
Thanks for the help!

Thanks for the feedback. Did you use the Web site for help understanding
the listings or post it to the Web site? Posting to the Web site helps
keep SpyBot S&D up to date as they use this info to generate new detection
files.

Net-Integration » Spybot S&D Support Forums » Report Suspected Threats
http://www.net-integration.net/cgi-...=a4f3e6038f3b4627677dbf0dea265e2e;act=SF;f=36