Unwanted page loads

  • Thread starter Thread starter Dave Mosby
  • Start date Start date
D

Dave Mosby

Win2k
IE 6.0.26
Every 5th "page load" my browser opens a new window that
tries to open www.surferbar.com or ip address
63.246.130.300

It appears that there is an executable somewhere that is
monitoring my use of IE and triggers the unwanted stuff.
I downloaded and installed ActivePorts to see if could
track down the process. However it is th IE process that
is issueing a "syn. . ." with the ip address above.

Any comments from experts?!
 
Dave said:
Win2k
IE 6.0.26
Every 5th "page load" my browser opens a new window that
tries to open www.surferbar.com or ip address
63.246.130.300

It appears that there is an executable somewhere that is
monitoring my use of IE and triggers the unwanted stuff.
I downloaded and installed ActivePorts to see if could
track down the process. However it is th IE process that
is issueing a "syn. . ." with the ip address above.

Any comments from experts?!
Click to expand...

From Mike Burgess:
In most cases you got infected via email [ugh!]
[from my HOSTS file]
127.0.0.1 surferbar.com #win32.dll
127.0.0.1 www.surferbar.com #Download.Aduent.Trojan

Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-03-03]
 
I'd recommend you get ad-aware by lavasoft. They have a
free version with free updates to kill those spy programs.
 
I've been relucant to use the "spyware removal" software
because their actions are as invisible as the spyware
itself - who to trust?

Anyone know how to find offending code "manually"? i.e
where to look in the registry? how can someone "front end"
(old mainframe software term) http calls in IE?

dave
 
Dave said:
I've been relucant to use the "spyware removal" software
because their actions are as invisible as the spyware
itself - who to trust?
Click to expand...

SpyBot Search and Destroy.
Ad-Aware.
Anyone know how to find offending code "manually"? i.e
where to look in the registry? how can someone "front end"
(old mainframe software term) http calls in IE?
Click to expand...

You must be a glutton for punishment:
http://217.115.153.73/parasite/
http://www.pchell.com/support/surferbar.shtml
http://forums.spywareinfo.com/index.php?showtopic=10456
 
Mike,
what is the effect of the HOSTS file entries you supplied -
I'm old and not to bright these days.
Dave
-----Original Message-----
Dave said:
Win2k
IE 6.0.26
Every 5th "page load" my browser opens a new window that
tries to open www.surferbar.com or ip address
63.246.130.300

It appears that there is an executable somewhere that is
monitoring my use of IE and triggers the unwanted stuff.
I downloaded and installed ActivePorts to see if could
track down the process. However it is th IE process that
is issueing a "syn. . ." with the ip address above.

Any comments from experts?!
Click to expand...

From Mike Burgess:
In most cases you got infected via email [ugh!]
[from my HOSTS file]
127.0.0.1 surferbar.com #win32.dll
127.0.0.1 www.surferbar.com #Download.Aduent.Trojan

Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-03- 03]

.
Click to expand...
 
Dave,
what is the effect of the HOSTS file entries you supplied"
Click to expand...
Those entries would prevent access to those sites\servers, either inbound or
outbound.

In this case the "SurferBar" trojan is usually spread via email ....
[more info]
http://securityresponse.symantec.com/avcenter/venc/data/download.aduent.trojan.html

FYI: I try to keep the HOSTS file updated to include the latest parasites,
hijackers, etc
that way hopefully it will help prevent users from being infected ......
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-03-03]
Please post replies to this Newsgroup, email address is invalid
--

Dave Mosby said:
Mike,
what is the effect of the HOSTS file entries you supplied -
I'm old and not to bright these days.
Dave
-----Original Message-----
Dave said:
Win2k
IE 6.0.26
Every 5th "page load" my browser opens a new window that
tries to open www.surferbar.com or ip address
63.246.130.300

It appears that there is an executable somewhere that is
monitoring my use of IE and triggers the unwanted stuff.
I downloaded and installed ActivePorts to see if could
track down the process. However it is th IE process that
is issueing a "syn. . ." with the ip address above.

Any comments from experts?!
Click to expand...

From Mike Burgess:
In most cases you got infected via email [ugh!]
[from my HOSTS file]
127.0.0.1 surferbar.com #win32.dll
127.0.0.1 www.surferbar.com #Download.Aduent.Trojan

Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm
_______________________________________
Mike Burgess http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 9-03- 03]

.
Click to expand...
Click to expand...
 
Dave said:
more follow up elsewhere.
Click to expand...

Where?

Why do you think I post here? The ad broswer parasites are worse than
cockroaches. At least the cockroaches eat garbage and do not produce very
much.

Look at LOP.COM, CoolwebSearch and Surferbar hijackers. Gator and GAIN
are mild by comparison.
 
Back
Top