Hi all,
I have a windows xp sp2 machine,
one day, I try to go to a hot deal website to buy a computer product,
when I click on the link, which go to
http://click.linksynergy.com ,
but the webpage doesn't work (page cannot display),
however, I used my laptop and other computers, the webpage works.
So I did further troubleshooting, I went to command prompt, I type > ping
click.linksynergy.com
something is really weird, it returns 127.0.0.1 , I checked my "host" &
"lmhost.sam" files, they don't have any
click.linksynergy.com mapping, I'm confused about this, what else could be
the problem?
Britney,
Examine "hosts" carefully, using Notepad. Scroll to the end of the file, by
hitting Ctrl-End, then back up to the top, page by page, before deciding that it
is empty. Look out for blank lines at the beginning and end of the file, after
localhost, placed there by an exploit.
Next, check for a registry hijack. Use Regedit, and look at the contents of[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataB
asePath].
That would normally contain "%SystemRoot%\System32\drivers\etc", but is being
hijacked by various malware to use a hosts file placed elsewhere.
Now check for, and learn to defend against, additional problems - adware,
crapware, spyware.
Start by downloading each of the following additional free tools:
AdAware <
http://www.lavasoftusa.com/>
HijackThis <
http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix <
http://www.cexx.org/lspfix.htm>
WinsockXPFix <
http://www.spychecker.com/program/winsockxpfix.html>
Spybot S&D <
http://www.safer-networking.org/index.php?page=download>
Stinger <
http://us.mcafee.com/virusInfo/default.asp?id=stinger>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. AdAware and Spybot S&D have install routines - run them.
The other downloaded programs can be copied into, and run from, any convenient
folder.
First, run Stinger. Have it remove any problems found.
Next, run AdAware. First update it, configure for full scan
(<
http://forums.spywareinfo.com/index.php?showtopic=11150>), then scan. When
scanning finishes, remove all Critical Objects found.
Next, run Spybot S&D. First update it, then run a scan ("Check for problems").
Trust Spybot, and delete everything ("Fix Problems") that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<
http://forums.spywareinfo.com/index.php?showtopic=227>
<
http://forums.spywareinfo.com/index.php?showtopic=11150>
Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <
http://forum.aumha.org/index.php>
Net-Integration: <
http://forums.net-integration.net/>
Spyware Info: <
http://forums.spywareinfo.com/>
Spyware Warrior: <
http://spywarewarrior.com/index.php>
Tom Coyote: <
http://forums.tomcoyote.org/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
And Britney, please don't contribute to the spread and success of email address
mining viruses. Posting your email address openly will get you more unwanted
email, than wanted email. Learn to munge your email address properly, to keep
yourself a bit safer when posting to open forums. Protect yourself and the rest
of the internet - read this article.
http://www.mailmsg.com/SPAM_munging.htm
