Defender detects nothing...

[dropsix75]

....but when I search from my home page (yahoo) and open a site from a search,
the adress bar in the browser will read some strange address (ex:
rxpharmacyonline.org) however the site will be the correct site (ex:
microsoft.com).

Can anyone point me in the right direction for getting rid of this?

 

[Bill Sanderson]

I agree that something is not right.

That's an interesting symptom.

It's the kind of thing where we almost need a screen shot to be clear about
what is happening--but I think you've done a good job of describing the
problem.

I do wonder whether what you are seeing is a graphic that is overlaying the
text in the actual address bar, or whether somehow this information is
replacing what should be in the address bar, but without having any
effect--since you are going to what appear to be legitimate sites. If I
were really paranoid, I could wonder whether you were at a site which was a
complete sham site (somewhat like those created for phishing scams)--where
all the content comes from the legit site except some key part which will
then try to sell you something or collect some bit of PII from you--but I'm
not that paranoid yet.

If you go to Start, Accessories, System tools--do you have a link/icon for
Internet Explorer (No Add-ons)?

If you use that link, does this symptom go away? If so, you can use the
facilities within IE for working with add-ons to get rid of whatever is
doing this.

That seems like it would be too easy though--so try it and let me know
whether it does any good. Beyond that, I think we are looking at scans with
other products that handle both virus and spyware.

 

[dropsix75]

Thanks for the reply.

Running IE with no add ons seemed to work ok. Is there a way I can get rid
of this problem while running the IE I used before?

I should add that sometimes I would get directed to a different website
rather than the correct website with something fishy in the address bar.

 

[Bill Sanderson]

Great--So--we need to triage amongst the add-ons to see which one is causing
this nasty effect.

In IE:

Tools, Internet Options, Programs tab
click "Manage add-ons"

Go through the list here, looking at Name and Publisher for stuff you at
least vaguely recognize...

Not showing a publisher is not necessarily "bad."

(for example, Microsoft has a legit add on whose name is "Research" and
which shows no publisher.)

At the lower left there are buttons for enable/disable. If you come to one
you think might be a candidate for the bad actor, try disabling it. This is
a reversable action--you just come back here and enable it again--so if you
guess wrong and disable the Google toolbar you use every 5 minutes, it is
easy to fix.

I'm looking at IE6 on Vista, so I'm not sure if you have all the same
choices. At the top of the "Manage add-ons" window is a choice of what is
shown--you could choose "add-ons currently loaded in IE"--which is probably
a shorter list and should include the bad guy.

If the bad guy turns out to be an ActiveX control, you can delete it (once
you are sure you have the right critter) via the delete button.

The traditional way to do this kind of work is to download an app which
enumerates all the places Spyware can attach to your system, and creates a
text log file. You then post this log in a moderated third-party forum
where the folks reading the messages are trained to deal with these logs.
But lets see if we can get this cleared up on a more informal basis--this
one may not be so entrenched