August 26th, 2005, 04:25 PM
Can you I.D. this one, please?
First posting, apologies for whatever I'm bound to do as a newbie....
A friend of mine sez...he was offline for about 3 months, got back on a month ago and started weeding out accumulated e-mails. He had the preview window open on his mail application and thinks that might be the way the problem got into his computer.
He has some kind of a redirector, or hijacker, or whatyoumaycallit. Characteristics are that Norton can't scan the computer, and Adaware actually activates the thing. What it does is take him to a casino site. Apparently the problem is so pervasive he cannot use the computer. He is talking about fixing the problem "when I can take a day at it."
SURELY it can't be that opaque!
I looked at the Symantec site briefly, but this is not apparently one of the most recent afflictions, or else that is not the right place to be looking. I'm supposing if it can be identified, there is a fix for it.
Anyone know what this is, and what to do about it?
August 26th, 2005, 04:35 PM
I'd look through the Virus and Spyware forums on this site and you will quickly be able to compile a list of programs that your friend can try to clean the problem.
Run the tools in safe mode.
Do software updates on the computer.
Change all the passwords used on the computer.
\"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
August 26th, 2005, 04:36 PM
More info please.
Operating System ?
Mail Package ?
Does your friend know which was the offending mail?
A little time reading around here will point you in the right direction.
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
August 26th, 2005, 04:41 PM
Wow, that was fast.....y'all got nothing better to do???
I'll do that scoping around the site here, and also put my buddy onto this thread, which I suppose he can access at work, at least, since I don't know the particulars, and see if he can follow up.
August 26th, 2005, 04:43 PM
You didn't provide system details, but from the descriptions I suspect a relatively recent OS and hardware.
I recommend that your friend go to a working system, download and burn to CD the following:
then, boot the affected system to Safe Mode with networking, install Spybot and HijackThis.
Update and run Spybot and remove all the bad stuff. It will probably require a reboot to complete, so let the program continue to work after the reboot. This could take as long as an hour.
Run HijackThis and check for stuff left over. You can post the results on this site and get some good feedback of where to go next.
August 26th, 2005, 04:51 PM
He says he has run both Spybot and Adaware. Of course, if he was offline for 3 months, the definitions would be out of date. As I said, he says Adaware actually triggers the thing. But I've been reading about HijackThis, and will download it for him. Thanks for the offer of help.
August 26th, 2005, 05:06 PM
It is important that he run those scans from SafeMode, as that will block the odd services imposed by trojans and spyware.
August 26th, 2005, 05:09 PM
Hmm. Can he update the definitions from Safe Mode, and then run them, and maybe fix the thing that way?
August 26th, 2005, 05:45 PM
Yep. Restart in SafeMode with Networking, that should be one of the options. You can then isntall and update something like SpyBot and run the scan without interference from nasty stuff.
August 26th, 2005, 06:21 PM
OK! I will give him this lot, including HijackThis on a disk, tonight, and will report back.