The Hun's yellow pages - trojan

[Harry Limey]

I am having a major problem with this pop up - it tries to connect to the
above site, every time I open IE6. It then uses 100% system resources until
I close it down, which I have to do via Task manager.
I have XP Pro, bang up to date, Zone alarm pro ditto - AVG grisoft Ditto.
Spybot - adsaware none of which can do anything about it. I tried system
restore back to its earliest incarnation - no use.
I even emailed the owner of the site (a page with links to adult sites)
He told me (in a prewritten email) that he was having numerous similar
requests, but that it was nothing to do with him. he had a few suggestions
none of which worked.
As far as I know, this trojan? is having no effect on anything else on my
system.
This is an extract from The Huns email........

"I get more reports like this one and I honestly don't know what's causing
'em. I don't want to force my website on to people. I don't see the reason
why I should do that. People should be able to see my site, but they
shouldn't be forced to. I don't put tools on the web to force my site on
people. I don't mislead search engines to get more traffic. I run an honest
show and still get over 1.8 million visitors every day. I see absolutely no
advantage in trapping people like yourself, that obviously aren't interested
in what my site has to offer."

I would really appreciate any useful suggestions.

Harry.

 

[ceedee]

search google for a program
called hijackthis

this will let you remove the hijacking
in your browser

 

[Mike P]

-----Original Message-----
I am having a major problem with this pop up - it tries to connect to the
above site, every time I open IE6. It then uses 100% system resources until
I close it down, which I have to do via Task manager.
I have XP Pro, bang up to date, Zone alarm pro ditto - AVG grisoft Ditto.
Spybot - adsaware none of which can do anything about it. I tried system
restore back to its earliest incarnation - no use.
I even emailed the owner of the site (a page with links to adult sites)
He told me (in a prewritten email) that he was having numerous similar
requests, but that it was nothing to do with him. he had a few suggestions
none of which worked.
As far as I know, this trojan? is having no effect on anything else on my
system.
This is an extract from The Huns email........

"I get more reports like this one and I honestly don't know what's causing
'em. I don't want to force my website on to people. I don't see the reason
why I should do that. People should be able to see my site, but they
shouldn't be forced to. I don't put tools on the web to force my site on
people. I don't mislead search engines to get more traffic. I run an honest
show and still get over 1.8 million visitors every day. I see absolutely no
advantage in trapping people like yourself, that obviously aren't interested
in what my site has to offer."

I would really appreciate any useful suggestions.

Harry.




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.532 / Virus Database: 326 - Release Date: 27/10/2003


.Try "hijackthis from www.spywareinfo.com

 

[Harry Limey]

Thanks Mike & Ceedee
It seems you both have the same suggestionproblem is I can only access IE for about 60 seconds before it locks up
completely (Task manager is showing 2 copies of IE open although only one is
showing!! the second one is using 100% resources!! so I have to disconnect).
I will go to the library and access the site from there.
Again thanks for your help.
Harry

 

[ceedee]

your welcome
let us know what hijackthis finds

Thanks Mike & Ceedee
It seems you both have the same suggestion
problem is I can only access IE for about 60 seconds before it locks up
completely (Task manager is showing 2 copies of IE open although only one is
showing!! the second one is using 100% resources!! so I have to disconnect).
I will go to the library and access the site from there.
Again thanks for your help.
Harry

 

[Guest]

There is another thing you can do: you can kill it on COM level

Let me give you quick example: once a certain user "got: a HotBar unwillingly installed on her system. In case of NT 4 you could pull "dcomcnfg" from a command line and HotBar COM. Once you find it you can "choke it" by applying a complete restriction to this component

You can do similar things on COM/DCOM level on newer systems. Finding out the ClassID for this component also helps in finding all references to it in Registry - a lot you can do this way as well

Gregg.