Blocking URL's, FireFox, and/or removing hot-linked sites?

[sourboy]

Somehow, someway, the site http://landing.domainsponsor.com/ has buried itself into my internet settings. Everytime I load yahoo.com, google.com, or any similar site, I get re-routed to this http://landing.domainsponsor.com/ location. I thought maybe it was attached to my current browsers (Netscape & IE), so I made the switch to FireFox, as I planned to do anyway, only to find it have the same problem the first time I used it. The good news, is FireFox blocked the pop-ups that go with it. The bad news is that not only can I not rid my browsing of this hot-link, but my email is at yahoo, so I can't even check that.

I have also tried removing cookies, running a windows "clean-up" to include all internet files, and run AdAware 6 - but still have this problem.

Anyone have any idea how this got attached to my browsers, how I can rid it from my system - short of reformatting, or anything else that may help?

I thought about finding a way to block the site, but then wouldn't I just get a 404 Error?

Appreciate it.

 

[MarineCorps]

I thought about finding a way to block the site, but then wouldn't I just get a 404 Error?

Yeah. Blocking it would not prevent the rerouting it would simply dissalow you to to see the site.

I'm guessing part of your problem is that your using adaware 6 instead of SE(current def file: SE1R26 25.01.2005). Microsoft antispyware is rather good for blocking(four hours of surfing adult sites, , and not one tracking cookie) spyware guard would also help since it watches for any changes to your Browser. Spyblaster and spybot are good also. CWshredder is also useful

http://www.download.com/Ad-Aware-SE-Personal-Definition-File/3000-8022_4-10354974.html?tag=lst-0-21

http://www.download.com/Microsoft-Anti-Spyware/3000-8022_4-10353596.html?tag=lst-0-24 for some reason mine expires in about 100 days or so.

http://www.download.com/CWShredder/3000-8022_4-10349879.html?tag=lst-0-9

http://www.download.com/SpywareBlaster/3000-8022_4-10305680.html?tag=lst-0-2

http://www.javacoolsoftware.com/sgdownload.html


http://forums.net-integration.net/index.php?showtopic=25574 certian versions of spybot 1.3 are buggy and always have an error during scan.

http://forums.net-integration.net/index.php?showtopic=25904


And if nothing else works: http://www.download.com/HijackThis/3000-8022_4-10307556.html?tag=lst-0-23


And while this may seem extreme I have not a single spyware on my computer for a long time now.

 

[sourboy]

Ad-Aware-SE

Found 1 new file.

Microsoft-Anti-Spyware

It's for WinXP only, I am running Win98-SE.

CWShredder

Found 1 file.

SpywareBlaster & SpywareGuard

Installed, but are only good for blocking incoming, not removing current.

Spybot 1.4 beta

Found 7 files.

HijackThis

Found 3 files.

~~~~~~

12 files, most of which I knew about & which were basically fragments of files I couldn't seem to remove. These programs did some house-cleaning, but...

the problem still exists.

Got anything more hardcore?

btw, thanks for the help.

 

[DaEezT]

You can take a look into the hosts file (simple txt file).
It's located at c:\windows\hosts.

 

[MarineCorps]

Found 1 new file.


It's for WinXP only, I am running Win98-SE.


Found 1 file.


Installed, but are only good for blocking incoming, not removing current.


Found 7 files.


Found 3 files.

~~~~~~

12 files, most of which I knew about & which were basically fragments of files I couldn't seem to remove. These programs did some house-cleaning, but...

the problem still exists.

Got anything more hardcore?

btw, thanks for the help.

Well your screwed then. As the problem sounds like spyware but since none of the prgorams removed it.....

 

[Turner]

You can take a look into the hosts file (simple txt file).
It's located at c:\windows\hosts.

Yeah, make sure that the hosts file doesn't redirect yahoo.com or google.com to the hijacked page.

Of course, back up the file before doing anything to it, just in case.

Have you tried google.ca or somesuch? yahoo.co.uk? Same search engine, but going through a different country portal. Or something like that....

 

[Paalikles]

https://netfiles.uiuc.edu/ehowes/www/resource6.htm

What: Filter
How: adds a few options to the tools menu in IE.
Is it tricky to use? Not really, but it might be a little on the strong side, as it filters a LOT of activeX.

That is one way to protect your settings

Second:

In spywareblaster & adaware SE/Spybot - enable protection of your internet settings and if possible copy protect your hosts file.

open the hosts file - use notepad (windows folder for win98SE iirc)
then search for all relevant domains - remove all unwanted listings.
if you opted for the filter I gave a link to, then the hosts file is already modified with a lot of new domains with bad material.

and always be on the alert for hijackers

 

[sourboy]

The hosts file has only a "local" address, nothing else.

google.ca works, but yahoo.co.uk does not - so this will allow me to bypass some encounters, though I still can't access my yahoo email.

Also, I have noticed the page comes up on another computer within our residence. Our computers are set up as "home networking" through a router given to us by our cable company. Could this be something that maybe isn't on my computer, but I'm getting it because it we are all behind the same general IP address? I would think no, since we aren't behind ports (192.xxx.x.xx:1), but actually have slightly different IP's (192.xxx.x.10 & 192.xxx.x.11).

 

[denyd]

One more radical item is to use regedit to search for the words landing or sponsor and possibly find if it's in your registry. Another thing I did a couple of months ago is to download from mircosoft the most current version of IE and load it. It cleaned up some problems I was having (by overwriting some contaminated control files).

Best of luck

 

[sourboy]

regedit helped me remove a few more file fragments, but I don't know enough about the registry to mess too much with it. Is there a place I should look for this sort of thing, where maybe I can tell which file it was by the date it was added or something - or is it basically just going to be another mneumonic string?

 

[Turner]

Have you tried HiJackThis? I don't know where to find it, but I'm sure google.ca could help.

Also, I just recently learned that you can go to www.yahoomail.com and get to your mail.

 

[sourboy]

Have you tried HiJackThis? I don't know where to find it, but I'm sure google.ca could help.

Also, I just recently learned that you can go to www.yahoomail.com and get to your mail.

MarineCorps suggested HiJackThis and it found 3 files, but didn't solve the problem.

yahoomail.com works - thanks!

 

[Paalikles]

http://housecall.trendmicro.com/

probably a better virusscanner than a spyware scanner, but it is worth the effort IMO

use: browser with activeX support (afaik, the gecko browsers like Mozilla do not come with this by default - has to be added as a plugin)

 

[sourboy]

This issue is also plaguing 2 other computers at this residence. All three are connected to the same wireless router (though each has their own IP address), which is connected to the same cable company - but everything else is different. All systems run on different operating systems, use different browsers, and connect to different online servers. The systems themselves are not connected in any way that would allow them to connect to each other, beyond dialing their IP addresses directly - same as if I was trying to connect to you.

My cable company transferred me to several technicians before saying their free full-service guarantee couldn't help me - try calling Microsoft. Nice.

Anyone have any other ideas?

 

[DaEezT]

[...] All systems run on different operating systems, [...]

You mean different types of Windows or is there actually an affected Linux/BSD/MacOS computer?
If so it's either your router or some nifthy ARP spoofing virus/trojan, neither seems really likely.

But if they are all MS systems it could very well be a "normal" virus that spread.
At this stage your only real option is probably to take your hdd to a friend's computer, someone who has an up-to-date commercial virus scanner, and let him scan your disk.

 

[sourboy]

Virus scans found an exploit, but no virus.

I noticed since then that every time a page loads in my browser, it appears to send information to this website. It's as if they're tracking my moves. Anyone know how I can prevent this?

 

[Turner]

You could try blocking it in your hosts files.

 

[Comraddict]

what a pain in the back!

 

[sourboy]

You could try blocking it in your hosts files.

How do I block it there?

 

[Turner]

Well, in Internet Explorer, you go to Tools -> Internet Options -> Security -> Restricted Sites. Add the sites to it, it should block them in IE now.

But as I recall, there's also a hosts file that you can use. I think it's the same thing, but affects more then just IE. Not sure, but think so. You can edit this file, and remove all references to the website. Not sure how to do that, but if you google windows hosts file, you should get some answers on it.