FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


IE exploited and hacked! help





loyal
peace be upon you all.

guys, my mum was on the computer when she calls me down and asks me what's wrong with the computer.

I can't use microsoft internet explorer. everytime i try to go to any page one of these two things happen:
1)
Quote:

Object not found!
The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.

If you think this is a server error, please contact the webmaster.

Error 404
www.bls.gov
10/13/06 00:08:12
Apache/2.2.3 (Win32) DAV/2 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_autoindex_color PHP/5.1.6


2) i get redirected to a website called InterCafeMu

Also i think this is signifcant: whenever i try to go on to a different page, the address bar says i am on it, but i'm on the cafe site. my history folder tells me i visited other sites, but in those other site folders are the cafe links. If i right click on their properties it tells me i've been on the address in the address bar...

Also my msn isn't working, which i'm pretty sure is related, since it's been working all day.

Anyone have any ideas what's going on?

may God bless you all.
ocalhoun
Just for troubleshooting, use a different browser. (Or better yet, a different OS, Like a live CD).
If the problems persist with the new browser or OS, hacking is probably not the culprit. If they do not, you have probably been hacked.
Try using an antivirus and a spyware/malware remover. (Personaly, I use AVG free edition and spyware search and destroy; both absolutely free.)
Also, check your ISP, and make sure they aren't the cause (such as retrubution for missed payments.)
loyal
ocalhoun wrote:
Just for troubleshooting, use a different browser. (Or better yet, a different OS, Like a live CD).


i updated internet explorer to the new beta version.
i use mozilla firefox, but the family uses ie.

Quote:

If the problems persist with the new browser or OS, hacking is probably not the culprit. If they do not, you have probably been hacked.
Try using an antivirus and a spyware/malware remover. (Personaly, I use AVG free edition and spyware search and destroy; both absolutely free.)
Also, check your ISP, and make sure they aren't the cause (such as retrubution for missed payments.)


well i keep trying to open ad-aware, but it just closes if i open it. i'm going to reinstall that in a few minutes and see if it works.

i doubt it's my isp. mozilla firefox works fine. msn messenger and ie don't.

besides, the reason i think it's some sort of adware or virus is because the ie always goes to this idiotic cafe site.
ocalhoun
loyal wrote:

well i keep trying to open ad-aware, but it just closes if i open it. i'm going to reinstall that in a few minutes and see if it works.

This sounds like a nasty virus I saw recently. (except for the cafe site thing)
The virus I dealt with disabled all antivirus and anti-spyware programs as well as disabling internet, printing, USB, and several other things.

You can try to use bootable anti-virus programs (such as can be found on the Ultimate Boot CD), or you could restore the computer using a backup. (Not system restore, a real backup).

As a side note, ad-aware has a reputation for coming with spyware built in.
loyal
ocalhoun wrote:
loyal wrote:

well i keep trying to open ad-aware, but it just closes if i open it. i'm going to reinstall that in a few minutes and see if it works.

This sounds like a nasty virus I saw recently. (except for the cafe site thing)
The virus I dealt with disabled all antivirus and anti-spyware programs as well as disabling internet, printing, USB, and several other things.

You can try to use bootable anti-virus programs (such as can be found on the Ultimate Boot CD), or you could restore the computer using a backup. (Not system restore, a real backup).

As a side note, ad-aware has a reputation for coming with spyware built in.


peace be upon you.

i've noticed that several programs now don't work. for example when i try to uninstall ad-ware from the add and remove programs the installation exists automically after i open it.

i don't have a back up.

do you know the name of this virus?

i've had ad-ware for over a year. if it had any spyware, i would have noticed lol.

hmmm the big problem is finding out what's wrong with my computer. obviously some sort of virus or worm or exploit or something.

any ideas why some programs keep automatically closing?

may God bless you.
Kelvin
it sounds like you have been inferted by malware. there r many disguised programs that will undo your antivirus protection and install virus and spyware into your computer once you run it and even change your homepage permanently. have u done a virus scan on your computer? if that is not possible, try running an online scan eg. pandasoft online virus scanner.

save a copy of the virus/spyware found and delete them manually by locating the path it is stored in. You should also flush your cookies by going to 'tools' - 'internet options' - 'delete cookies'.

if you detect d virus and other files that can't be deleted by your antivirus program, then you will require file killer tools like killbox! to kill and remove the file upon reboot. this will require a few tries since these viruses can respawn themselves in different file names if not all of them are removed. it's a tedious process.

future suggestion is to partition your harddisk of u do not have more than 1 and do image backups of your C: drive.
loyal
peace be upon you kelvin.

sounds like good advice. but first before i try that could you please explain what an 'image' back up of my hardrive is?

may God bless you.
Haiderim
Ok for you guys i got a news stay away from ie 7 beta coz it contains spywares i kow it sounds stupid to you but it does contain em i found out myself so stay way till it goes final
Bones
Haiderim wrote:
Ok for you guys i got a news stay away from ie 7 beta coz it contains spywares i kow it sounds stupid to you but it does contain em i found out myself so stay way till it goes final


IE 7 does NOT contain any spyware itself..making outrageous claims like that, you really had better be able to link to something to back it up.

On top of the suggestions above (malware/virus scans and online scans)
You might want to try running your spyware/virus programs in safe mode (they tend to be able to remove more in safe mode because some of the malware files will not be in use in safe mode)

Also you might want to check your HOSTS file (located in ..\Windows\system32\drivers\etc

Open the HOSTS file in notepad and have a look at the text inside. There should only be one line that doesn't start with a # symbol. It should look something like this:
Quote:
127.0.0.1 localhost


If you see any lines of text other than the one above that do not start with a # symbol, then delete the extra lines.

Modifying the HOSTS file is a common redirection exploit.
To make things easier, you could even rename the file to hosts.old or something and then restart the pc.

You might also want to consider trying to turn your family on to another browser like Opera that tends to be a little more secure.
Kelvin
'image' backup programs like norton ghost actually does a complete duplicate of the desired drive backup (usually C: since it's the place that stores the OS). This image can be restored to the fully functional state that is was in during backup and thus save the hassle of reformatting and tedious virus removals.

Be aware that any software or files stored in C: after the backup date is removed after restoring the image file. So remember to save important files into the partitioned drive eg. D:

One more thing, when removing malware, it's advisable to turn off windows 'system restore' settings found by right clicking your 'my computer - properties' as the virus/spyware can be backup by this application.
orcaz
but seriously, though IE DOES NOT haf spyware, it is not advisable to use beta stuff for normal usage, unless you are juz trying it out or playing around with it, bcoz thatz what beta versions usually contain many bugs and the purpose of beta is to let ppl haf a feel of the upcoming release and to report the bugs in it. mebbe you can get a hijackthis log and post it here? it can be found here at http://www.spywareinfo.com/~merijn/programs.php#hijackthis

it will analyse your computer process and startups and stuff, but cannot detect which are malicious, so pls dun delete anything using that yet, unless you are very sure it is the spyware. you can post the log here so that ppl can help you out.
Jaan
Peace be upon you
Probly your config is off mate... try setting everything to "default", and auto detect everything... can you still access internet with firefox?
Also, use Spybot S&D (safer-networking.org) for spyware/adware removal.
If you have a router, reset it (little button @ the back or somit).
God bless

(are you from a Middle Eastern country?)
loyal
Thanks guys and gals. I've fixed it.

Jaan, in answer to your question, yes but i live in the UK.

may God bless you all.
jwellsy
This is so ironic.
Microsoft has released a toolkit for IT admins
to block the auto download and installation of IE7.
http://www.microsoft.com/downloads/details.aspx?FamilyId=4516A6F7-5D44-482B-9DBD-869B4A90159C&displaylang=en
jwellsy
Here's a lead as to what's going on.

Quote:

Secunia has confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other versions may also be affected.

Solution:
Disable active scripting support.

The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site.


http://secunia.com/advisories/22477/
Bones
jwellsy wrote:
This is so ironic.
Microsoft has released a toolkit for IT admins
to block the auto download and installation of IE7.
http://www.microsoft.com/downloads/details.aspx?FamilyId=4516A6F7-5D44-482B-9DBD-869B4A90159C&displaylang=en



That's not ironic at all. Microsoft often releases tools so that admins can control what updates come through and which ones do not.
So this is actually common practice. It's meant to give admins a chance to test patches/updates before they decide to deploy them across their networks.

This way, it's up to the admins what updates they deploy and not the users
loyal
guys help. it happened again, my internet explorer isn't working while mozilla is. ie keeps redirecting.
i'm definitly sure my msn has been affected too, as it's stopped working again

my hosts file is normal and has not been changed.

may God bless you.
Kelvin
Did you detect any spyware/malware when you ran the virus scan? Did you try panda online scanner as suggested? If you din't manage to remove all the files, the problem will keep recurring.

Can you save the scan report list and post it here for an analysis?
loyal
it's gone again. hmmm this is very strange. if it comes again, i'll post a report.

thanks.

may God bless you all.
Related topics
do you know is it possoible to hide view source menu?
HELP!!! HURRY Site no working in IE!!! will pay $ to fix
MocroMusic.tk, Come and give feedback about it
web site hacked, need help deleting files
HTML help - Firefox and IE?
Can't log in! Help!
HELP! Iframe opens in new window - SOLVED
Why does Pixels double in IE 6?
problem with IE and "include"
Help with Css to insert image
IE problems.. PLEASE HELP!!
Tables to Divs with rowspans
page 7
Need javascript image effect
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.