Can you I.C. this one, please?
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Can you I.C. this one, please?

  1. #1
    Junior Member
    Join Date
    Aug 2005
    Posts
    7

    Can you I.D. this one, please?

    Hi there
    First posting, apologies for whatever I'm bound to do as a newbie....

    A friend of mine sez...he was offline for about 3 months, got back on a month ago and started weeding out accumulated e-mails. He had the preview window open on his mail application and thinks that might be the way the problem got into his computer.

    He has some kind of a redirector, or hijacker, or whatyoumaycallit. Characteristics are that Norton can't scan the computer, and Adaware actually activates the thing. What it does is take him to a casino site. Apparently the problem is so pervasive he cannot use the computer. He is talking about fixing the problem "when I can take a day at it."

    SURELY it can't be that opaque!

    I looked at the Symantec site briefly, but this is not apparently one of the most recent afflictions, or else that is not the right place to be looking. I'm supposing if it can be identified, there is a fix for it.

    Anyone know what this is, and what to do about it?

    TIA
    Dennis

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    Hi Dennis

    I'd look through the Virus and Spyware forums on this site and you will quickly be able to compile a list of programs that your friend can try to clean the problem.

    Run the tools in safe mode.

    Do software updates on the computer.

    Change all the passwords used on the computer.
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  3. #3
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    More info please.

    Operating System ?
    Mail Package ?

    Does your friend know which was the offending mail?

    A little time reading around here will point you in the right direction.
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  4. #4
    Junior Member
    Join Date
    Aug 2005
    Posts
    7
    Wow, that was fast.....y'all got nothing better to do???

    I'll do that scoping around the site here, and also put my buddy onto this thread, which I suppose he can access at work, at least, since I don't know the particulars, and see if he can follow up.

    Thanks!

    Dennis

  5. #5
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    You didn't provide system details, but from the descriptions I suspect a relatively recent OS and hardware.

    I recommend that your friend go to a working system, download and burn to CD the following:

    Spybot
    http://www.safer-networking.org/en/mirrors/

    HijackThis
    http://www.tomcoyote.org/hjt/

    then, boot the affected system to Safe Mode with networking, install Spybot and HijackThis.
    Update and run Spybot and remove all the bad stuff. It will probably require a reboot to complete, so let the program continue to work after the reboot. This could take as long as an hour.

    Run HijackThis and check for stuff left over. You can post the results on this site and get some good feedback of where to go next.

  6. #6
    Junior Member
    Join Date
    Aug 2005
    Posts
    7
    He says he has run both Spybot and Adaware. Of course, if he was offline for 3 months, the definitions would be out of date. As I said, he says Adaware actually triggers the thing. But I've been reading about HijackThis, and will download it for him. Thanks for the offer of help.

    Dennis

  7. #7
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    It is important that he run those scans from SafeMode, as that will block the odd services imposed by trojans and spyware.

  8. #8
    Junior Member
    Join Date
    Aug 2005
    Posts
    7
    Hmm. Can he update the definitions from Safe Mode, and then run them, and maybe fix the thing that way?

  9. #9
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    Yep. Restart in SafeMode with Networking, that should be one of the options. You can then isntall and update something like SpyBot and run the scan without interference from nasty stuff.

  10. #10
    Junior Member
    Join Date
    Aug 2005
    Posts
    7
    OK! I will give him this lot, including HijackThis on a disk, tonight, and will report back.

    Thanks awfully!
    Dennis

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides