browser hacked... again

[Si Cottick]

Browser hacking should be a capital offence - we should be allowed to
hang them on street corners to set an example to other
gutter-dwellers.

Anyway... Internet Explorer (6) running on XP home. Opening the
browser shows google.co.uk in the address bar, but the progress bar
shows eurosamp.com for a half second and then
bxnu.com_blah_id?=eurosamp.com/. I take that to mean that my hacker is
sending me to his site and then redirecting to his affiliate account
at bxnu.com hoping to profit from my searches. He's obviously a dick
tho - no matter what search I run from his affiliate page, it simply
refreshes the page again!

I assume these are Russian scum who are immune to complaints to hosts,
so how do I get my browser back. Like I say, I'd *much* prefer to
track him down and remove all of his fingers with a pair of pliers,
but I'll settle for having control of my browser back again. I'm
running Norton Internet Security 2006 (employers choice not mine)
which is fully updated. Is there any point in complaining to bxnu
about their affiliate or are they likely to laugh and ignore me? And
what do I need to do to return Explorer to its previous state? (I cant
run a system restore - I just get a message saying "cannot restore
to..." - really useful error message, that!)
TIA

 

[Ted Zieglar]

Browser hijacking is indeed a crime - but so is allowing a computer to
be infected by malware, which is what you did. Where I work this can get
you fired, and many other companies are of like mind.

Because you don't know exactly what malware is on your computer - the
browser hijacker may be only the tip of the iceberg - you need to
contact your network administrator now, before your computer infects the
network. The network administrator has the tools to disinfect your
computer. Show contrition and you may be spared.

System Restore will not restore an infected restore point. You'll need
to remove all your restore points and start fresh - after your computer
is disinfected, which may not even be possible. Backup your (employer's)
data files now, in case you need to do a clean install.

 

[Si Cottick]

Browser hijacking is indeed a crime - but so is allowing a computer to
be infected by malware, which is what you did. Where I work this can get
you fired, and many other companies are of like mind.

Because you don't know exactly what malware is on your computer - the
browser hijacker may be only the tip of the iceberg - you need to
contact your network administrator now, before your computer infects the
network. The network administrator has the tools to disinfect your
computer. Show contrition and you may be spared.

System Restore will not restore an infected restore point. You'll need
to remove all your restore points and start fresh - after your computer
is disinfected, which may not even be possible. Backup your (employer's)
data files now, in case you need to do a clean install.

You're making incorrect assumptions, Ted. I dont HAVE a network
administrator, and my company wont fire me for having the misfortune
to be infected. Also, as far as I'm aware, nowhere in the whole damn
world is it "illegal" to be a similarly unfortunate victim of a
malicious attack.

My laptop never gets to work, it lives here with me where I check my
email and write the occasional document. As for "being spared if I
show contrition", would you mind telling me what I did wrong? Turned
the f&%king thing on? My company chose the software setup of the
machine - seems like the tool they chose wasnt up to the job. But you
think thats MY fault?

I think whats far more likely to get you fired where you work is an
outrageously flawed logic progress. Or possibly for being a top-poster
which DEFINTELY should be illegal )

 

[Ted Zieglar]

Best of luck to you.

 

[Si Cottick]

Best of luck to you.

Heh. No answer for the questions then? Or "whoops, I completely fooked
up my post and went off on a tangent"? Actually, I had been looking
for a GENUINE answer to my question, from someone able to answer
without spouting complete bollocks. So if anyone APART from Ted has
any ideas, I'd love to hear from you

 

[Michael A. Covington]

Browser hijacking is indeed a crime - but so is allowing a computer to
be infected by malware, which is what you did. Where I work this can get
you fired, and many other companies are of like mind.

[/QUOTE]

Ah. All crimes are the fault of the victim. Criminals are merely superior
hackers who deserve the respect and awe of everyone. Is that your position?
If so, I'm glad we're taking about cybercrime rather than, say, rape.

 

[Tx2]

Browser hijacking is indeed a crime - but so is allowing a computer to
be infected by malware, which is what you did.

ROFLMAO...!!

 

[MP]

Doh, this has just happened to me as well.

Can't find anything else about bxnu.com so this must be new as it only
happened in the last couple of days. I have a firewall and antivirus
software but this has still happened.

Spybot S&D, AdBuster, HijackThis all come up with nothing.

P.S> Ted is clearly a complete tosser

Let me know if you find a fix, can't even see anything wrong in my
registry

 

[MP]

MP wrote:

Apologies if this double posts, losing my connection while the
trendmico kernels are running.

Panda scan is out of date, doesn't recognise any browser so wouldn't
bother with it.

Whatever this is it's only re-directing www.google since everything
else works fine.

Nothing in the hosts file, no adons visible.

Will let you know the outcome of the trend micro scan if it ever
finishes.

MP

 

[shomer]

SOLUTION !!!!

I have been infected by this pile of crap for three days. Sophos could
not get to the bottom of it but......

You can clear the problem by going to Network Connection, right
clicking on your active internet connection, go to the "Networking"
tab, highlight TCP/IP (it will probably be highlighted). Click on
"Properties".

You will find that ytour DNS has been set to 85.255.113.203 and
85.255.112.201. If you need to use aq fixed DNS then you have to speak
to your ISP. You have NOTHING to lose by setting this to "Obtain DNS
server address automatically". Then things should work.

You MAY become reinfected. Run HijackThis and search for 85.255.113.203
or 85.255.112.201. Delete these lines and that may be a permanenet
cure.

I deleted these lines but it did not cure it. I found the altered DNS
later (thanks to Robert Schifreen) and switched back.

Good luck.

Steve

 

[shomer]

CORRECTION

SOLUTION !!!!

I have been infected by this pile of crap for three days. Sophos could
not get to the bottom of it but......

You can clear the problem by going to Network Connection, right
clicking on your active internet connection, go to the "Networking"
tab, highlight TCP/IP (it will probably be highlighted). Click on
"Properties".

You will find that ytour DNS has been set to 85.255.113.203 and
85.255.112.201. If you need to use aq fixed DNS then you have to speak
to your ISP. You have NOTHING to lose by setting this to "Obtain DNS
server address automatically". Then things should work.

You MAY become reinfected. Run HijackThis and search for 85.255.113.203
or 85.255.112.201. Delete these lines and that may be a permanenet
cure.

I deleted these lines but it did not cure it. I found the altered DNS
later (thanks to Robert Schifreen) and switched back.

Good luck.

Steve

Sorry should have said

"You can clear the problem by going to Network Connection, right
clicking on your active internet connection" AND CLICK ON "PROPERTIES".

Steve

 

[Ters]

THANK YOU!!!!

After 3 days, your info helped us to fix our problem!!!

Stef

 

[MP]

Spot on, many thanks