|
makaveli8x8
Stranger

Registered: 02/28/06
Posts: 21,636
Last seen: 7 years, 11 months
|
my browser is being hijacked
#14639069 - 06/19/11 06:19 PM (12 years, 10 months ago) |
|
|
so sometimes when i click on a link it takes me to a search engine and does a search instead. It takes me to this website
http://www.search-results.com
i couldn't find much info on it there website disclaimer says that its NOT spyware or anything bad and i think it said something along the lines that i installed it or something which all seems like a load of bullshit.
anyways the only thing that seems to help is clearing my browser history but that only seems to be a temp fix.
i ran spybox search and destory and that didn't help
i just can't seem to shake this shitty program so thats why im here
--------------------
  We were sent to hell for eternity Ø h® We play on earth to pass the time Over-population the root of all Evil-brings the Elites Closer to the gates.
|
Gibson33



Registered: 06/11/10
Posts: 400
Loc: Seattle
Last seen: 9 years, 6 months
|
Re: my browser is being hijacked [Re: makaveli8x8]
#14639080 - 06/19/11 06:21 PM (12 years, 10 months ago) |
|
|
sounds like a virus.
--------------------
|
Scarab74
Warminatrix


Registered: 07/06/09
Posts: 1,554
Loc: Conchs & Coconuts, USA
Last seen: 10 years, 1 month
|
Re: my browser is being hijacked [Re: makaveli8x8] 2
#14639096 - 06/19/11 06:25 PM (12 years, 10 months ago) |
|
|
Download and run malware bites. It should take care of it.
-------------------- ~Scarab74 We are such stuff as dreams are made of. W. Shakespeare - The Tempest
|
gshock50



Registered: 04/24/11
Posts: 389
Last seen: 7 years, 3 months
|
Re: my browser is being hijacked [Re: Scarab74]
#14639196 - 06/19/11 06:49 PM (12 years, 10 months ago) |
|
|
Try CCleaner and if that doesn't work... People claim this removes it:
Quote:
http://www.surfright.nl/en/hitmanpro
Best of luck.
-------------------- "It is the nature of the wise to resist pleasures, but the foolish to be a slave to them. "
|
Ythan
ᕕ( ᐛ )ᕗ


Registered: 08/08/97
Posts: 18,840
Loc: NY/MA/VT Borderlands
Last seen: 11 hours, 1 minute
|
Re: my browser is being hijacked [Re: Scarab74]
#14639501 - 06/19/11 08:09 PM (12 years, 10 months ago) |
|
|
Quote:
Scarab74 said: Download and run malware bites. It should take care of it.
Yup agreed. http://www.malwarebytes.org/mbam-download.php
|
makaveli8x8
Stranger

Registered: 02/28/06
Posts: 21,636
Last seen: 7 years, 11 months
|
Re: my browser is being hijacked [Re: Ythan]
#14639652 - 06/19/11 08:41 PM (12 years, 10 months ago) |
|
|
just ran a full scan with malware didn't see anything that looked out of place
ill try that hitman someone suggested as ive ran ccleaner before altho there''s so many settings with ccleaner i might not have ran it right
--------------------
  We were sent to hell for eternity Ø h® We play on earth to pass the time Over-population the root of all Evil-brings the Elites Closer to the gates.
|
HeavyToilet
The Heaviest OfThem All


Registered: 08/06/03
Posts: 9,458
Loc: British Columbia
|
Re: my browser is being hijacked [Re: makaveli8x8]
#14640660 - 06/20/11 12:09 AM (12 years, 10 months ago) |
|
|
HijackThis! is quite good at unhijacking browsers. You just have to be knowledgeable about what you're removing when you use it.
|
makaveli8x8
Stranger

Registered: 02/28/06
Posts: 21,636
Last seen: 7 years, 11 months
|
Re: my browser is being hijacked [Re: HeavyToilet]
#14640800 - 06/20/11 12:49 AM (12 years, 10 months ago) |
|
|
the weirdest thing about it is that it doesn't do it all the time. i ran the hitman program and all it found were tracker cookies
it hasn't done anything since then but i have no reason to suspect its gone.
its very weird that these programs won't find it, i have ran hijackthis but like u say it takes some time to read it. Nothing popped out at me but there were a handful of exe's i have to google
guess my next step is to run a full virus scan but the thing is again that website says its not spyware or virus or anything so maybe thats why none of these programs are finding it i dunno
--------------------
  We were sent to hell for eternity Ø h® We play on earth to pass the time Over-population the root of all Evil-brings the Elites Closer to the gates.
|
Bacchus
Lurker




Registered: 10/10/06
Posts: 914
Loc: ::1
|
Re: my browser is being hijacked [Re: makaveli8x8]
#14644677 - 06/20/11 07:04 PM (12 years, 10 months ago) |
|
|
Update and scan with your antivirus and several of the popular spyware cleaners (all in safemode). Then generate a hijackthis log and post it on the malwarebytes hijackthis log forum.
Edit: And check out your hosts file too.
--------------------
Living on a no-Flash diet is way easier than you think. Give it a shot.
Edited by Bacchus (06/20/11 07:05 PM)
|
dzza


Registered: 12/31/10
Posts: 143
Loc: Midwest
Last seen: 5 years, 8 months
|
Re: my browser is being hijacked [Re: Bacchus]
#14645377 - 06/20/11 09:28 PM (12 years, 10 months ago) |
|
|
Try all the programs everyone suggested. That should fix it.
Just FYI, you could also check your add/remove software and see if there's shit on that list that you don't recognize. Also you could check for bogus programs running in task manager.
|
snoot
look alive ∞




Registered: 01/30/05
Posts: 9,644
Loc: 45º parallel
Last seen: 20 hours, 19 minutes
|
Re: my browser is being hijacked [Re: dzza]
#14646626 - 06/21/11 02:04 AM (12 years, 10 months ago) |
|
|
Quote:
dzza said: Try all the programs everyone suggested. That should fix it.
Just FYI, you could also check your add/remove software and see if there's shit on that list that you don't recognize. Also you could check for bogus programs running in task manager.
lol yeah you may need to use more then one AV in order to find that malicious lil fucker that is causing you grief. When I bought my first windows machine in like ten years, I bought it used from some kid who used it for like 4hrs, it came with like 15 toolbars and a whole shit load of virii, of which I've had come back and come back and come back. The only thing I've found to totally destroy it is to nuke the HD. Not saying this is what you need to do, but malicious lil nuggets of shit can cause lots of trouble. Best to find it and isolate the thing before it can cause anymore trouble. In a situation like yours if it is a virii, it could potentially cause all kinds of havoc.
--------------------
∞ I am incapable of conceiving infinity, and yet I do not accept finity. - Simone de Beauvoir -
|
mycomyst
Alchemist

Registered: 12/30/10
Posts: 167
|
Re: my browser is being hijacked [Re: snoot]
#14656810 - 06/22/11 09:48 PM (12 years, 10 months ago) |
|
|
If those suggestions don't get the job done, try TDSS killer. It could be a nasty rootkit.
|
ivander
Paragon of Animal



Registered: 11/01/08
Posts: 1,519
Last seen: 1 year, 2 months
|
Re: my browser is being hijacked [Re: makaveli8x8]
#14664095 - 06/24/11 06:46 AM (12 years, 10 months ago) |
|
|
TRy reinstalling you browser.. or your OS, that should do the trick
--------------------
Those who were seen dancing were thought to be insane by those who could not hear the music. - Nietzsche I've never faked a sarcasm in my life. True story.
|
luvdemshrooms
Two inch dick..but it spins!?


Registered: 11/29/01
Posts: 34,247
Loc: Lost In Space
|
Re: my browser is being hijacked [Re: makaveli8x8]
#14664134 - 06/24/11 07:06 AM (12 years, 10 months ago) |
|
|
This happened to a friend. He was clueless, so I helped. The only thing that worked for me was Hitman Pro.
Had that failed, it would have been format and reinstall time.
-------------------- You cannot legislate the poor into prosperity by legislating the wealthy out of prosperity. What one person receives without working for another person must work for without receiving. The government cannot give to anybody anything that the government does not first take from somebody else. When half of the people get the idea that they do not have to work because the other half is going to take care of them and when the other half gets the idea that it does no good to work because somebody else is going to get what they work for that my dear friend is the beginning of the end of any nation. You cannot multiply wealth by dividing it. ~ Adrian Rogers
|
snoot
look alive ∞




Registered: 01/30/05
Posts: 9,644
Loc: 45º parallel
Last seen: 20 hours, 19 minutes
|
|
Finding out what has infected you is key. Isolate other computers and if you are sure you are infected I wuold cut off its communication i.e internet/wireless etc.. even local networks. Completely isolate it, then determine how you were infected and whats infected you. Then you can begin disinfection. After you're clean its then time to figure out how it happened, and fix that hole and determine new practices to now let it happen again.
--------------------
∞ I am incapable of conceiving infinity, and yet I do not accept finity. - Simone de Beauvoir -
|
arainbow
Hippy


Registered: 02/04/08
Posts: 691
Loc: Palnet Earth
|
Re: my browser is being hijacked [Re: snoot]
#14669845 - 06/25/11 10:37 AM (12 years, 10 months ago) |
|
|
what browser ? internet exploiter has a built in language called active x controls that can be run from cookies M$ claims it can be turned off BUT it has undocumented codes that can override your settings and allow even an email to tack over your computer to do ANYTHING !!!!EVEN THINGS THAT WINDOWS WILL NOT ALLOW THE ADMIN TO DO !!!! the one and only thing you can do about active x controls is
use another browser and set it as the default browser
cleaning out your cookies may help for a little while
-------------------- There is more joy in heaven over one of us perfected, than over ninety-nine naturally evolved angels.
|
5HTSynaptrip
Dopamine Enthusiast



Registered: 09/14/08
Posts: 4,360
Loc: USA
Last seen: 6 years, 1 month
|
Re: my browser is being hijacked [Re: arainbow]
#14670279 - 06/25/11 12:29 PM (12 years, 10 months ago) |
|
|
If you have a 64-bit OS then you may have a problem with a lot of the typical scanners. HijackThis is particularly outdated and most of the time you'll get help from malware sites by showing the log from it. A lot of redirectors that don't show up from any scans like MalwareBytes or even your antivirus software are rootkits. They infect your computer to the point that they fuck up everything from detecting them... I just had the shittiest time ever of getting rid of one on my computers.
Some programs can tell you if do have a rootkit. TDSKiller is a pretty good one, as well as aswMBR.exe. Aside from TDSKiller I wouldn't use any of the really good programs from places like gmer.net, but there are a lot of sites where you can get help from really smart people. For me it's always easier to just format and reinstall since it's something I do at least twice a year anyways, and a lot of fixes can leave shit fucked up on your computer. Foolishly, I realized that some rootkits will remain even after formatting and installing. I even rebuilt the Win 7 master boot record from the recovery command console and then formatted and that didn't do it... no programs said I had TDS or Aleureon or anything but I was infected and simply rebuilding the MBR didn't fix it. So it may have been in an HPA or something on my storage drives.
The only way I ended up getting rid of all the bullshit was to run the secure ATA erase command in Linux (hdparm). It can be a pain in the ass because a lot of BIOS' will protect the HDD/SDD from allowing the DCA/HPA from being overwritten or from having an ATA erase command initialized (the ATA erase is something that SATA storage drives do on their own and it is independent of the BIOS/OS). To get around the BIOS problem you have to have your SATA controller set to AHCI and once in your Linux distro of choice, you can unplug the power to the SATA drive and wait like 30 seconds and plug it back in. I had to do my laptop drives on my desktop that has an ASUS Sabertooth x58, which luckily allows you to set whether or not the BIOS locks the drives like that. I also wouldn't backup or transfer shit you want to backup in any Windows environment if you have something like this. My computers were infected from stupidly connecting to my mother-in-laws network with my firewall set to low, and I assume I got infected then because the date of all sorts of file modifications are correlated to the same exact time as her fucking laptop tried connecting to mine endlessly while on the network. When I put my laptop on my homegroup all of my computers were infected.
So it's best to do the secure erase (I used Parted Magic LiveCD) on a storage drive, then mount the drives you need data from and xfer it, then proceed to wipe them all, and finally reinstall. Good luck, and I hope if you have anything close to what I had that my mistakes can maybe save you some time. I wasted fucking hours.
--------------------
Science is a way of thinking much more than it is a body of knowledge. - My hero, who will be forever remembered, Carl Sagan.
|
snoot
look alive ∞




Registered: 01/30/05
Posts: 9,644
Loc: 45º parallel
Last seen: 20 hours, 19 minutes
|
Re: my browser is being hijacked [Re: 5HTSynaptrip]
#14670312 - 06/25/11 12:45 PM (12 years, 10 months ago) |
|
|
Quote:
5HTSynaptrip said: If you have a 64-bit OS then you may have a problem with a lot of the typical scanners. HijackThis is particularly outdated and most of the time you'll get help from malware sites by showing the log from it. A lot of redirectors that don't show up from any scans like MalwareBytes or even your antivirus software are rootkits. They infect your computer to the point that they fuck up everything from detecting them... I just had the shittiest time ever of getting rid of one on my computers.
Some programs can tell you if do have a rootkit. TDSKiller is a pretty good one, as well as aswMBR.exe. Aside from TDSKiller I wouldn't use any of the really good programs from places like gmer.net, but there are a lot of sites where you can get help from really smart people. For me it's always easier to just format and reinstall since it's something I do at least twice a year anyways, and a lot of fixes can leave shit fucked up on your computer. Foolishly, I realized that some rootkits will remain even after formatting and installing. I even rebuilt the Win 7 master boot record from the recovery command console and then formatted and that didn't do it... no programs said I had TDS or Aleureon or anything but I was infected and simply rebuilding the MBR didn't fix it. So it may have been in an HPA or something on my storage drives.
The only way I ended up getting rid of all the bullshit was to run the secure ATA erase command in Linux (hdparm). It can be a pain in the ass because a lot of BIOS' will protect the HDD/SDD from allowing the DCA/HPA from being overwritten or from having an ATA erase command initialized (the ATA erase is something that SATA storage drives do on their own and it is independent of the BIOS/OS). To get around the BIOS problem you have to have your SATA controller set to AHCI and once in your Linux distro of choice, you can unplug the power to the SATA drive and wait like 30 seconds and plug it back in. I had to do my laptop drives on my desktop that has an ASUS Sabertooth x58, which luckily allows you to set whether or not the BIOS locks the drives like that. I also wouldn't backup or transfer shit you want to backup in any Windows environment if you have something like this. My computers were infected from stupidly connecting to my mother-in-laws network with my firewall set to low, and I assume I got infected then because the date of all sorts of file modifications are correlated to the same exact time as her fucking laptop tried connecting to mine endlessly while on the network. When I put my laptop on my homegroup all of my computers were infected.
So it's best to do the secure erase (I used Parted Magic LiveCD) on a storage drive, then mount the drives you need data from and xfer it, then proceed to wipe them all, and finally reinstall. Good luck, and I hope if you have anything close to what I had that my mistakes can maybe save you some time. I wasted fucking hours.
Yeah if you can figure out if you actually have a rootkit that is a major step forward. Once you have it figured out you can take steps in trying to destroy it. It may not even matter really if you ID it, just knowing its a rootkit can help, and ultimately youll have to nuke your HD. Tis what I had to do. Use DBAN's boot'n'nuke. Wipes everything. Youll have to reconfigure your partitions and what not and reinstall everything. Rootkits are the suck. Its best to keep your computer offline, as it could potentially be sending and receiving highly malicious things.
--------------------
∞ I am incapable of conceiving infinity, and yet I do not accept finity. - Simone de Beauvoir -
|
5HTSynaptrip
Dopamine Enthusiast



Registered: 09/14/08
Posts: 4,360
Loc: USA
Last seen: 6 years, 1 month
|
Re: my browser is being hijacked [Re: snoot]
#14670332 - 06/25/11 12:51 PM (12 years, 10 months ago) |
|
|
I'm pretty sure DBAN doesn't wipe HPAs/DCAs. You can see some programs that do by looking at the wiki for HPA/DCA, but for sure you can use the ATA Erase via hdparm in Linux, or a bootable like BCWipe TotalWipeout (and maybe HDDErase).
Parted Magic is good because you can use the console to rune "hdparm -I /dev/sdx" to see if the drive is locked from the BIOS. It also has a simple GUI to run hdparm instead of command line.
--------------------
Science is a way of thinking much more than it is a body of knowledge. - My hero, who will be forever remembered, Carl Sagan.
|
BlimeyGrimey
Collector of Spores




Registered: 08/24/05
Posts: 3,799
Loc: Puget Sound
|
Re: my browser is being hijacked [Re: 5HTSynaptrip]
#14672988 - 06/26/11 12:29 AM (12 years, 10 months ago) |
|
|
I've used avast! to remove rootkits from the computers of my friends. The avast! boot-time scan did the job every time for me. I believe it uses GMER technology to deal with rootkits.
-------------------- Message me for free microscopy services on Psilocybe, Panaeolus, and Gymnopilus species. Looking for wild Panaeolus cinctulus and Panaeolus olivaceus prints.
|
5HTSynaptrip
Dopamine Enthusiast



Registered: 09/14/08
Posts: 4,360
Loc: USA
Last seen: 6 years, 1 month
|
Re: my browser is being hijacked [Re: BlimeyGrimey]
#14673982 - 06/26/11 08:52 AM (12 years, 10 months ago) |
|
|
Yea, that can work as well as just aswMBR.exe. The problem lies in not identifying the rootkit and reinstalling Windows. When you do that pretty much everything won't recognize what you have, as was the case with me. The only way I ended up finding out I had a virus was using FTKImager to get a complete memory dump, and painstakingly scroll through 8 gigs of shit in a hex-viewer until I did indeed find the javascript and other shit the motherfucker was doing on my laptop. It had a keylogger and would always try sending info from my laptop. During this time I had it offline and only used a bootable Linux CD or my iPhone to go online.
The boot-time scan from my avast! Internet Security didn't catch it, but the avast! Rescue CD did find a fair amount of shit. The avast! CD is fucking pretty sweet if you ask me, it boots into a Windows type environment and is better than their old BART CD's, but only costs $10 instead of $140 a year or something (you don't license the CD either). Installing anything on top of rootkits (conventional AV suites) can really leave you believing you're safe, because the kernel is fucked in Win and the scans simply cannot see them sometimes. Now I just use bootable Linux stuff though, and I feel stupid for not doing it sooner. Just booting into Parted Magic alone and looking through my OS drive, finally seeing all the kernel logs and other shit Win 7 makes fucking hard to see or impossible when running the OS, is really an amazing way to see what's going on.
--------------------
Science is a way of thinking much more than it is a body of knowledge. - My hero, who will be forever remembered, Carl Sagan.
|
makaveli8x8
Stranger

Registered: 02/28/06
Posts: 21,636
Last seen: 7 years, 11 months
|
Re: my browser is being hijacked [Re: 5HTSynaptrip]
#14674387 - 06/26/11 11:07 AM (12 years, 10 months ago) |
|
|
ok i may have found a bit of information i changed my browser homepage from the firebox "default" to www.google.com and i used that all yesterday with no problems, but again the problems were random so thats not saying a whole lot.
Then i switched back to "default" or aka "about:home" and the first search i did sent me to that website. Then even more interesting when i clicked a link in the search it didn't show the website but instead showed me the "code"
for example if i type in shroomery and click on the first result it takes me to this link
http://www.shroomery.org/smarty/templates/css/doctypes.css
and what im shown is this
Quote:
ul.icons{margin:0;padding:0 0 0 10px;} .icons li{list-style-type:none;background:left top no-repeat;text-decoration:none;z-index:100000;margin:0;padding:0 0 0 20px;} li.section{background-image:url('/siteimages/folder.gif');} li.link{background-image:url('/siteimages/link.gif');} li.file{background-image:url('/siteimages/file.gif');} li.document,li.html,li.shortcut,li.sitelink,li.script{background-image:url('/siteimages/doc.gif');}
i dunno what any of this means, it sounds like something could have infested my browser or it maybe be a rootkit. It will prolly take me a few days to do a avast bootscan as its a pain in the ass for me to set aside the time to do all this crap but i just wanted to give a little update and ill post back when i get around to that bootscan
--------------------
  We were sent to hell for eternity Ø h® We play on earth to pass the time Over-population the root of all Evil-brings the Elites Closer to the gates.
|
makaveli8x8
Stranger

Registered: 02/28/06
Posts: 21,636
Last seen: 7 years, 11 months
|
Re: my browser is being hijacked [Re: makaveli8x8]
#14732614 - 07/07/11 06:27 PM (12 years, 10 months ago) |
|
|
ok finally got around to that boot scan
had a file ending in vload.class and vmain.class
they were java: Agent-AP Trj and other malware-gen
I also found a decompression bomb, but the antivirus wouldn't do anything with it, its a 45mb zip file located in my browser cache or something
anyways that boot scan got rid of my "search-results" hijacking problem, the only problem now however is that i assumed when i did a search with firefox's default page that it used "google", i mean thats would it would use whenever "search-results" didn't hijack it so yah it should be using that, well it turns out i still have another hijacker apparently because it uses BING!!!! microsoft has some balls let me tell yah
--------------------
  We were sent to hell for eternity Ø h® We play on earth to pass the time Over-population the root of all Evil-brings the Elites Closer to the gates.
|
5HTSynaptrip
Dopamine Enthusiast



Registered: 09/14/08
Posts: 4,360
Loc: USA
Last seen: 6 years, 1 month
|
Re: my browser is being hijacked [Re: makaveli8x8]
#14735946 - 07/08/11 11:54 AM (12 years, 10 months ago) |
|
|
Decompression bomb just mean it was in a packer too large to open for a scan. This can be a zip with a really high compression ratio or an executable. If the file is from a legitimate site, like say a digital download of Office for example, then you can obviously disregard it.
--------------------
Science is a way of thinking much more than it is a body of knowledge. - My hero, who will be forever remembered, Carl Sagan.
|
imachavel
I loved and lost but I loved-ftw



Registered: 06/06/07
Posts: 31,564
Loc: You get banned for saying that
Last seen: 12 hours, 23 minutes
|
Re: my browser is being hijacked [Re: gshock50]
#14737466 - 07/08/11 05:47 PM (12 years, 10 months ago) |
|
|
Quote:
gshock50 said: Try CCleaner and if that doesn't work... People claim this removes it:
Quote:
http://www.surfright.nl/en/hitmanpro
Best of luck.
it's malware bytes, then security essentials, in safe mode, then c cleaner. c cleaner only clears your registry, if the virus is still there, the registry value will reset as soon as you go online. before I argued with suess that a proxy server check box means you have a virus. he said other programs do that as well, such as earth link etc. well right he may be, but in this situation you should remove it
it should be in internet explorer tools, internet options, connections, lan settings, then make sure the box is unchecked. I don't know run arp but if you don't know a lot about that it'll be impossible to tell if an i.p. address doesn't seem like it belongs, and honestly if you are hooked up directly to a modem, then probably the internet will give you all types of arp connnections. I only read the first 3 replies, did people already cover the options I mentioned?
--------------------
I did not say to edit my signature soulidarity! Now forever I will never remember what I said about understanding the secrets of the universe by paying attention to subtleties!
I'm never giving you the password again. Jerk
|
imachavel
I loved and lost but I loved-ftw



Registered: 06/06/07
Posts: 31,564
Loc: You get banned for saying that
Last seen: 12 hours, 23 minutes
|
Re: my browser is being hijacked [Re: makaveli8x8]
#14737492 - 07/08/11 05:52 PM (12 years, 10 months ago) |
|
|
Quote:
makaveli8x8 said: the weirdest thing about it is that it doesn't do it all the time. i ran the hitman program and all it found were tracker cookies
it hasn't done anything since then but i have no reason to suspect its gone.
its very weird that these programs won't find it, i have ran hijackthis but like u say it takes some time to read it. Nothing popped out at me but there were a handful of exe's i have to google
guess my next step is to run a full virus scan but the thing is again that website says its not spyware or virus or anything so maybe thats why none of these programs are finding it i dunno
that isn't going to work unless your internet security settings are set to the max, in which case the browser will probably block just about every other web site you visit, including the shroomery.
the problem with those tools that detect cookies and such things that web sites give you, is that just about all web sites give them to you. to use the internet you have to download files from a web site to allow your computer to use this. some sites won't even let you visit them if you don't allow the site to download all the content necessary to visit it. I mean if it works for people great, but really, you should understand when you use the internet, your i.p. address is pretty much public to any site you access, otherwise you won't have access to it. you are, literally, physically, connecting through dozens of networks just to get to one web site. most of them are fire walled and secured and encrypted up the ass. the problem is the ones that don't have just a bit of this, will download the usual cookies, and then some. make sense? You would have to take a two week class to learn all the site rules and which ones are potentially harmful etc. Not visiting porn sites isn't good enough. There are several sites that will prompt you to download windows updates, etc. things that look normal, but completely trick the crap out of you. Only with experience do you know which of these are authentic and not.
--------------------
I did not say to edit my signature soulidarity! Now forever I will never remember what I said about understanding the secrets of the universe by paying attention to subtleties!
I'm never giving you the password again. Jerk
|
imachavel
I loved and lost but I loved-ftw



Registered: 06/06/07
Posts: 31,564
Loc: You get banned for saying that
Last seen: 12 hours, 23 minutes
|
Re: my browser is being hijacked [Re: 5HTSynaptrip]
#14737502 - 07/08/11 05:54 PM (12 years, 10 months ago) |
|
|
Quote:
5HTSynaptrip said: Yea, that can work as well as just aswMBR.exe. The problem lies in not identifying the rootkit and reinstalling Windows. When you do that pretty much everything won't recognize what you have, as was the case with me. The only way I ended up finding out I had a virus was using FTKImager to get a complete memory dump, and painstakingly scroll through 8 gigs of shit in a hex-viewer until I did indeed find the javascript and other shit the motherfucker was doing on my laptop. It had a keylogger and would always try sending info from my laptop. During this time I had it offline and only used a bootable Linux CD or my iPhone to go online.
The boot-time scan from my avast! Internet Security didn't catch it, but the avast! Rescue CD did find a fair amount of shit. The avast! CD is fucking pretty sweet if you ask me, it boots into a Windows type environment and is better than their old BART CD's, but only costs $10 instead of $140 a year or something (you don't license the CD either). Installing anything on top of rootkits (conventional AV suites) can really leave you believing you're safe, because the kernel is fucked in Win and the scans simply cannot see them sometimes. Now I just use bootable Linux stuff though, and I feel stupid for not doing it sooner. Just booting into Parted Magic alone and looking through my OS drive, finally seeing all the kernel logs and other shit Win 7 makes fucking hard to see or impossible when running the OS, is really an amazing way to see what's going on.
well it beats shoving in your windows disk and doing a system repair doesn't it? or even more painful, full backup and reformat. the nice thing is, you know how to do all this, it's a pain, sure, but even more painful when a person has no idea what the fuck you are talking about
--------------------
I did not say to edit my signature soulidarity! Now forever I will never remember what I said about understanding the secrets of the universe by paying attention to subtleties!
I'm never giving you the password again. Jerk
|
5HTSynaptrip
Dopamine Enthusiast



Registered: 09/14/08
Posts: 4,360
Loc: USA
Last seen: 6 years, 1 month
|
Re: my browser is being hijacked [Re: imachavel]
#14738301 - 07/08/11 09:13 PM (12 years, 10 months ago) |
|
|
You guys should mess around with some of the Linux LiveCD stuff out there. Hell, just being able to browse through every single file/folder you want is incredible. The avast! Rescue CD kinda sucks balls since it can't do a lot in 64-bit OS's. It'll show you what is fucked with the registry, but it doesn't tell you which is what and what definitely needs deleted. Most of the time the Rescue Disc is only used if you're so fucked you can't boot into your system at all.
--------------------
Science is a way of thinking much more than it is a body of knowledge. - My hero, who will be forever remembered, Carl Sagan.
|
|