Browser is being selectively hijacked

[Alex]

Explorer is being selectively hijacked on my computer. Certain
anti-virus sites such as Symantec.com are blocked completely; other
antivirus sites I can visit but I cannot download any files from them.
In both cases I get a "You are not authorized to view this page"
message.

The really weird part is that Google is also being hijacked, but
selectively. If I type the phrase "antivirus downloads" I get the same
message, yet other searches work fine.

I have scanned with Nortons (updating the definitions file by
downloading it to another computer), VirGuard and Trend, as well as
with Adaware and Spybot. I found a few trojans and deleted them but
the behaviour hasn't changed. I have also put in a new Hosts file and
checked it was referenced in the right place in the registry. I am
running Windows XP and Explorer 6.028.

Any assistance would be gratefully appreciated

thanks

Alex

 

[Duane Arnold]

(e-mail address removed) (Alex) wrote in

Explorer is being selectively hijacked on my computer. Certain
anti-virus sites such as Symantec.com are blocked completely; other
antivirus sites I can visit but I cannot download any files from them.
In both cases I get a "You are not authorized to view this page"
message.

The really weird part is that Google is also being hijacked, but
selectively. If I type the phrase "antivirus downloads" I get the same
message, yet other searches work fine.

I have scanned with Nortons (updating the definitions file by
downloading it to another computer), VirGuard and Trend, as well as
with Adaware and Spybot. I found a few trojans and deleted them but
the behaviour hasn't changed. I have also put in a new Hosts file and
checked it was referenced in the right place in the registry. I am
running Windows XP and Explorer 6.028.

Any assistance would be gratefully appreciated

I suggest you use Process Explorer to look at running process on your
machine. You can look inside a running process to see what processes are
using a process. Malware can use a legit running process piggy backing of
the process and hiding itself. You double-click on a running process
being listed by PE and it will should information along with *Show All
Dll* (menu at the top).

http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and
_Rootkit_Tools_in_a_Windows_Environment.html

Duane

 

[Alex]

(e-mail address removed) (Alex) wrote in


I suggest you use Process Explorer to look at running process on your
machine. You can look inside a running process to see what processes are
using a process. Malware can use a legit running process piggy backing of
the process and hiding itself. You double-click on a running process
being listed by PE and it will should information along with *Show All
Dll* (menu at the top).

http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and
_Rootkit_Tools_in_a_Windows_Environment.html

Duane

Thanks for this. I've installed it and read the article, but I'm still
not sure what I am looking for. Incidentally this thing seems to be
evolving. Its now opening up a folder instead of taking me to
newsgroups when I try to go there from Outlook....

thanks

Alex

 

[Duane Arnold]

(e-mail address removed) (Alex) wrote in

Thanks for this. I've installed it and read the article, but I'm still
not sure what I am looking for. Incidentally this thing seems to be
evolving. Its now opening up a folder instead of taking me to
newsgroups when I try to go there from Outlook....

thanks

Alex

You're going to have to look a process and see what is running with the
process and determine it purpose. It could be the process itself that's
doing the deed. Things are not just happening on your computer with the
browser. A program is controlling things and makes it happen. The program
could be a DLL piggy backing off another program or some other executable
program type.

Try to see what's running when things are changing with the browser and
take a step by step approach by process of elimination.

Duane

 

[Buffalo]

Put CoolWebSearch into Google and see what happens.
I do believe that you have it. It is a parasite that I believe is
recognized with AdAware (free) and/or SpyBot (free).
If you do the search, you will find out how to fix it.