Explorer is being selectively hijacked on my computer. Certain
anti-virus sites such as Symantec.com are blocked completely; other
antivirus sites I can visit but I cannot download any files from them.
In both cases I get a "You are not authorized to view this page"
message.

The really weird part is that Google is also being hijacked, but
selectively. If I type the phrase "antivirus downloads" I get the same
message, yet other searches work fine.

I have scanned with Nortons (updating the definitions file by
downloading it to another computer), VirGuard and Trend, as well as
with Adaware and Spybot. I found a few trojans and deleted them but
the behaviour hasn't changed. I have also put in a new Hosts file and
checked it was referenced in the right place in the registry. I am
running Windows XP and Explorer 6.028.

Any assistance would be gratefully appreciated

thanks

Alex

(E-Mail Removed) (Alex) wrote in
news:(E-Mail Removed):

> Explorer is being selectively hijacked on my computer. Certain
> anti-virus sites such as Symantec.com are blocked completely; other
> antivirus sites I can visit but I cannot download any files from them.
> In both cases I get a "You are not authorized to view this page"
> message.
>
> The really weird part is that Google is also being hijacked, but
> selectively. If I type the phrase "antivirus downloads" I get the same
> message, yet other searches work fine.
>
> I have scanned with Nortons (updating the definitions file by
> downloading it to another computer), VirGuard and Trend, as well as
> with Adaware and Spybot. I found a few trojans and deleted them but
> the behaviour hasn't changed. I have also put in a new Hosts file and
> checked it was referenced in the right place in the registry. I am
> running Windows XP and Explorer 6.028.
>
> Any assistance would be gratefully appreciated
>

I suggest you use Process Explorer to look at running process on your
machine. You can look inside a running process to see what processes are
using a process. Malware can use a legit running process piggy backing of
the process and hiding itself. You double-click on a running process
being listed by PE and it will should information along with *Show All
Dll* (menu at the top).

http://www.windowsecurity.com/articl...jan_Horses_and
_Rootkit_Tools_in_a_Windows_Environment.html

Duane

Duane Arnold <(E-Mail Removed)> wrote in message news:<Xns954625D99261Fnotmenotmecom@216.148.227.77>...
> (E-Mail Removed) (Alex) wrote in
> news:(E-Mail Removed):
>
> > Explorer is being selectively hijacked on my computer. Certain
> > anti-virus sites such as Symantec.com are blocked completely; other
> > antivirus sites I can visit but I cannot download any files from them.
> > In both cases I get a "You are not authorized to view this page"
> > message.
> >
> > The really weird part is that Google is also being hijacked, but
> > selectively. If I type the phrase "antivirus downloads" I get the same
> > message, yet other searches work fine.
> >
> > I have scanned with Nortons (updating the definitions file by
> > downloading it to another computer), VirGuard and Trend, as well as
> > with Adaware and Spybot. I found a few trojans and deleted them but
> > the behaviour hasn't changed. I have also put in a new Hosts file and
> > checked it was referenced in the right place in the registry. I am
> > running Windows XP and Explorer 6.028.
> >
> > Any assistance would be gratefully appreciated
> >
>
> I suggest you use Process Explorer to look at running process on your
> machine. You can look inside a running process to see what processes are
> using a process. Malware can use a legit running process piggy backing of
> the process and hiding itself. You double-click on a running process
> being listed by PE and it will should information along with *Show All
> Dll* (menu at the top).
>
> http://www.windowsecurity.com/articl...jan_Horses_and
> _Rootkit_Tools_in_a_Windows_Environment.html
>
> Duane

Thanks for this. I've installed it and read the article, but I'm still
not sure what I am looking for. Incidentally this thing seems to be
evolving. Its now opening up a folder instead of taking me to
newsgroups when I try to go there from Outlook....

thanks

Alex

(E-Mail Removed) (Alex) wrote in
news:(E-Mail Removed):

> Duane Arnold <(E-Mail Removed)> wrote in message
> news:<Xns954625D99261Fnotmenotmecom@216.148.227.77>...
>> (E-Mail Removed) (Alex) wrote in
>> news:(E-Mail Removed):
>>
>> > Explorer is being selectively hijacked on my computer. Certain
>> > anti-virus sites such as Symantec.com are blocked completely; other
>> > antivirus sites I can visit but I cannot download any files from
>> > them. In both cases I get a "You are not authorized to view this
>> > page" message.
>> >
>> > The really weird part is that Google is also being hijacked, but
>> > selectively. If I type the phrase "antivirus downloads" I get the
>> > same message, yet other searches work fine.
>> >
>> > I have scanned with Nortons (updating the definitions file by
>> > downloading it to another computer), VirGuard and Trend, as well as
>> > with Adaware and Spybot. I found a few trojans and deleted them but
>> > the behaviour hasn't changed. I have also put in a new Hosts file
>> > and checked it was referenced in the right place in the registry. I
>> > am running Windows XP and Explorer 6.028.
>> >
>> > Any assistance would be gratefully appreciated
>> >
>>
>> I suggest you use Process Explorer to look at running process on your
>> machine. You can look inside a running process to see what processes
>> are using a process. Malware can use a legit running process piggy
>> backing of the process and hiding itself. You double-click on a
>> running process being listed by PE and it will should information
>> along with *Show All Dll* (menu at the top).
>>
>> http://www.windowsecurity.com/articl...Trojan_Horses_
>> and _Rootkit_Tools_in_a_Windows_Environment.html
>>
>> Duane
>
> Thanks for this. I've installed it and read the article, but I'm still
> not sure what I am looking for. Incidentally this thing seems to be
> evolving. Its now opening up a folder instead of taking me to
> newsgroups when I try to go there from Outlook....
>
> thanks
>
> Alex
>
You're going to have to look a process and see what is running with the
process and determine it purpose. It could be the process itself that's
doing the deed. Things are not just happening on your computer with the
browser. A program is controlling things and makes it happen. The program
could be a DLL piggy backing off another program or some other executable
program type.

Try to see what's running when things are changing with the browser and
take a step by step approach by process of elimination.

Duane

Put CoolWebSearch into Google and see what happens.
I do believe that you have it. It is a parasite that I believe is
recognized with AdAware (free) and/or SpyBot (free).
If you do the search, you will find out how to fix it.

"Alex" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Explorer is being selectively hijacked on my computer. Certain
> anti-virus sites such as Symantec.com are blocked completely; other
> antivirus sites I can visit but I cannot download any files from
them.
> In both cases I get a "You are not authorized to view this page"
> message.
>
> The really weird part is that Google is also being hijacked, but
> selectively. If I type the phrase "antivirus downloads" I get the
same
> message, yet other searches work fine.
>
> I have scanned with Nortons (updating the definitions file by
> downloading it to another computer), VirGuard and Trend, as well as
> with Adaware and Spybot. I found a few trojans and deleted them but
> the behaviour hasn't changed. I have also put in a new Hosts file
and
> checked it was referenced in the right place in the registry. I am
> running Windows XP and Explorer 6.028.
>
> Any assistance would be gratefully appreciated
>
> thanks
>
> Alex