Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: browser and XP firewall hijack

  1. #1
    Junior Member
    Join Date
    Mar 2004
    Posts
    9

    browser and XP firewall hijack

    I have a computer that appears to have been infected with a browser hijacker. My OE home page is now set to hotwebsearch.com and there is a new porn related toolbar. I cannot change the home page or remove the toolbar. There is a spot in the toolbar list for this new toolbar but there is no description. All of my favorites have been erased and replaced with links to porn related web sites.

    I have run updated versions of adaware and spybot as well as various other programs all to no avail. Nothing will find it or delete it.

    What is worse is that about the same time as the browser hijack I started getting all sorts of popups. When I go into the XP firewall settings I notice an ever growing list of open TCP and UDP ports. Close the ports and they open again and even more.

    I have a hardware firewall and use the cheesy XP firewall, NAV, and regularly use adaware.

    Does anybody have any idea on what this is or how to eleminate it????

    Thanks

  2. #2
    Hijack this

    http://www.spywareinfo.com/~merijn/downloads.html

    Download that, its far down on the page. Run it, click scan, then save log (same button as scan) And post the results here. We can tell you which ones are safe to delete.

  3. #3
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Actually, Soda_Popinsky, he seems to have the varient of coolweb search and although Hijackthis will will tell him the registries that have been changed, it won't clean them. But, on the same page/link you will find CWShredder that has been made to clean this malware from your computer.
    There are some websites that install this varient without your knowledge, but usually you actually aggree to download it, as a bundled package within some thing else, or as a popup window on a site that you have visited.
    A hardware firewall, and even a good (the XP firewall I don't consider good) will not prevent you from getting this malware, and AV software does not detect this type of hijacker.
    The link Soda gave you <http://www.spywareinfo.com/~merijn/downloads.html> will take you to Merijn.org, where you can get CWShredder and Hijackthis......both great programs.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  4. #4
    Junior Member
    Join Date
    Mar 2004
    Posts
    9

    Thumbs up

    excellent advice Soda_Popinsky!!

    I still have something in the background opening up the TCP/UDP ports in the XP firewall though.

    I acutally ran the CWShredder and that did not help me any


  5. #5
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    arledgetv, the XP built in firewall does not control any out going data. It just filters incoming. There are multiple free 3rd party firewalls available for download that will filter both incoming and out going data, and monitor your ports. I would suggest either ZoneAlarm or Kerio for this.
    A good guide to firewalls is <http://www.securityfocus.com/infocus/1750>. This artical will explain the hows and whys of a good firewall, and list some of the best out there.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  6. #6
    Hijack this does remove registry entries that will start CW on bootup, If I'm correct. I'm pretty sure you could use Hijack this to remove CW, but It's not a very friendly uninstall. Thats why CWShredder exists, more friendly uninstall of that Hijack....Right?

    Corrections Welcome
    Soda

  7. #7
    Junior Member
    Join Date
    Mar 2004
    Posts
    9
    What could be opening the ports on the firewall? I have no services added, but more and more of these msmsgs xxxxTCP and msmsgs xxxxUDP ports are opening.
    [glowpurple]Provide the Customer with Service that Exceeds their Expectatiions[/glowpurple]

  8. #8
    Moxnix provided you with some firewall names... I suggest you follow through on downloading one. Then you can configure the firewall to allow only what services you wish to have access the internet.

  9. #9
    Junior Member
    Join Date
    Mar 2004
    Posts
    9
    I will probably use the Zonealarm. I have that on some other PC's and I think it works great. Is it possible I still have some type of malicious program opening up the XP firewall that I have not deleted yet?

    Advice has been great. As the administrator of a small ISP that uses cable modems in retirement buildings and apartment vuildings I think I will be spending more time here and learning, learning, learning.
    [glowpurple]Provide the Customer with Service that Exceeds their Expectatiions[/glowpurple]

  10. #10
    Well, how about you post your hijack this log? It will tell us what processes you have running and what is starting up with your computer, then we can see what looks suspicious.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •