Trying to fix a spyware problem...

Chieftess

Chieftess

Moderator
Retired Moderator
Joined
Feb 10, 2002
Messages
24,160
Location
Baltimore
Yep, my computer newbie family struck again, and this time, they managed to allow spyware to hijack the browser.

The page seems to be:
"webcruiser.cc/ccn?res://xmllib.dll/HTTP_Blocked.htm"

And when they log on, they get a random search page, but if they try to go to another webpage, they get an "access blocked" screen linking to some spyware removal tool, and they get an ad popup too. I'm just trying to figure out what they did. Adware and Spybot (both updated) didn't seem to fix the problem.


I'm starting to wonder what good is Spybot and the firewall when my computer illiterate family keeps telling both to allow changes and accept files. :lol: :rotfl:

Anyway, here's the error - (I'm stabbing in the dark figuring out what the problem is. My dad was the last to use the computer before this happened, and he doesn't even know what he clicked.)

ie_accessblocked.jpg
 
Symantec and TrendMicro websites both have very good free online scanners to help with this. Try them

If that fails for some reason, then I ll think of something else :)
 
I downloaded those, and Microsoft's antispyware beta program. I think the problem's fixed, but now that computer's taskbar and desktop icons are missing. :/

Guess I'll have to wait for my sister to get back so she can give me her Windows ME restore CD.
 
Taskbar and desktop icons missing. I ve heard about that. A friend/colleague of mine got something similar, and it ruined her computer completely, meaning full format and reinstallation.


If you choose to do that, be sure to set up configuration options to be "fool-proof". No offense to your sister meant ;)
 
Is the icon cache corrupted? You can refresh it by changing the desktop colour depth.

I was whacked by spyware recently :blush:

All I did was leave ActiveX enabled in MSIE. No other blunder was required! ZoneAlarm & MSIE both remained silent. Caught THREE trojans and other nasties from one website! This is why I went around tightening up my system but now it doesn't work with Gmail.

I have a choice: secure or gmail? :sad:

Spybot & Adaware both failed to detect my intruders. AVG helped, but I still had to purge the remainder through editing the registry :mad:

I think the exploit is exposed through XMLHttpRequest but I did not investigate further.
 
Like I said in the thread you posted about gmail, why not set it up as a pop3 account?
Then you ll get gmail to work, without needing to use IE. Solves the activeX bit

With the proper security measures, Mozilla Thunderbird is quite secure. Microsoft Outlook and it's weaker cousin Express are not that secure.

So there you go, stay secure, dont let those activeX scripts onto your computer.
 
I like webmail because it works on all computers. There is another reason...

I am using an old P166, 80Mb, 1Gb HDD... there is no space for such non-essential things :(
 
Ok. What did gmail support staff say then?
 
They use the comcast webmail. I don't let them use Outlook. ;) (since more than one people use it) Anyway, I fixed it - had to do a reinstall. I tried some other stuff before reinstalling it, though.
 
Paalikles said:
Ok. What did gmail support staff say then?
Click to expand...
What is their email addy?
 
Email had nothing to do with it. Where are you getting the email idea from? :confused:

And no, I'm not giving you their email. :p
 
Yeah, but then that's threadjacking a moderator's thread. Not the most brilliant thing to do. :nono:
 
Indeed. Now Chieftess, be sure to set up strict settings for Internet Explorer in Internet Zone. You should probably disable most of the activeX and script options under "Internet". If she really needs to use the features IE demands activeX running to be able to use, have her learn to use one of the gecko based browsers - most of the time scripted content there works, and mozilla built browsers have no activeX nastyness.

Experiment also with adding stuff to the hosts file. I dont mean experiment litterally, but you can increase security by setting up the hosts file in a certain way.

And you can disable 3rd party cookies (they are of little use most of the time anyway)

In Spybot, which I assume you now have set up already, along with Ad-aware 1.06, open advanced options, and look through those. System startup processes should be analyzed - remove resource hogs you dont need.

Spywareblaster (3.4 is the latest IIRC) can block specific activeX, if you feel you have to enable activeX in "internet" zone.

Firewall. Since she is using win ME ( :sad: ) either a purchased software firewall, or ZoneAlarm should do. Remember that she must be picky when she chooses to allow traffic - not accept everything.

About Outlook: If you let her learn to use Mailwasher, this is a good filter that doesnt cost too much. I have Thunderbird myself, set up to look for mail from my multiple accounts. I run strict filters, and receive now about 5-6 spam emails per week :)

The most important thing is that you as a knowledgeable computer user take a bit of your time to teach her how to use all these fancy applications ;) Many of the applications (like spyware blaster and spywareguard) require only a few clicks (update, enable protection of new stuff) to work. But general net safety is equally, if not more, important IMO.

And for the love of god, please tell her (and the rest of your family): "download accellerators are the devil" and "Dont open downloaded files before scanning them with an updated virus scanner".

Good luck amiga
 
Chieftess said:
Yeah, but then that's threadjacking a moderator's thread. Not the most brilliant thing to do. :nono:
Click to expand...
Are you trying to distract from moderators who don't read posts in their own thread? - a subject I did not bring up ;)

Anyway, if you read carefully you will see that I did not initiate a threadjack
*points finger at someone else* :mischief:

And now people are talking of disabling ActiveX to avoid exploits: isn't that what I really interjected with? I just cannot win...

In conclusion, disabling Java & ActiveX will secure the browser. JavaScript is safe.
 
Hey, I did no such thing. The key here is that I tried to treat both of your problems at once as best as I could. There were never any attempt at hijacking, FNN reports ;)


FNN is really mostly a reference CT will understand.

PS: :p

Also, to prevent browser hijacking,there are settings in Spybot, ad-aware, MS AntiSpyware Beta1 and SpywareGuard to disallow changing home page and other IE settings. That should cover both of your cases, but mostly CT's of course
 
It does not though. The Hijack that caught me did not change the hompage: It was an MSIE-addon that redirects your browser whenever it loads the home page! This is sufficiently different to thwart protection offered by ZoneAlarm and Spybot :sad:

Frivolous Nanny Nonsense?
 
FNN=Fanatican News Network


One solution, if I get your problem right: Look through your BHO (browser helper objects) and remove anything that you do not recognize). Spywareguard should help you with BHO, as should Spybot. Unless what you are talking about is more potent than those apps can handle of course.
 
first thing i would do ( although im glad that the problem is fixed) id get rid of ME ASAP. its a hacker and spywares dream. No matter what u use it will mess up. just because its ME.
 
You must log in or register to reply here.

Similar threads

G
Trade--a subtle change has fixed a 30-year-old problem
Replies
16
Views
1K
Boris Gudenuf
Boris Gudenuf
P
What is the etiquette when you think a modmaker has quit and you have a change to fix something
Replies
6
Views
683
PossumNZ
P
SeBounart
Do you think a post-modern era could be added to the game?
4 5 6
Replies
101
Views
5K
reddishrecue
reddishrecue
W
Merchant "out of range" from city trying to start a trade route with.
2
Replies
25
Views
10K
Melkus
M
P
[G&K] Difference in difficulty from Emperor to immortal
Replies
1
Views
643
Kriogen
K
Back
Top Bottom