page jacking or unwanted redirects

J

JL Shaw

I have been experiencing numerious page redirects to some
Amazon ad. I have done the following multiple times and
am out of ideas. Any help would be appreciated.

1 - Scan entire computer with Norton (w/updated virus defs)
2 - Run adaware (also w/updated downloads)
3 - Deleted all Temporary Internet files (Tools->Internet
Options->Delete Files including offline)
4 - Checked \WINNT\systems32\drivers\etc\hosts (only has
one time to go to local host. I run behind a firewall/hub)
5 - rebooted PC and firewall/router (thus clearing out
router table on firewall/router.

Also once I open some normal website and it is redirected
(jacked) to this IP based URL. It will consistantly go
there (in that one IE instance. If I open another IE it
doesn't redirect, but maybe it's random).

JL
 
J

Jon Kennedy

Usually they're placed there by spyware/malware that's gotten installed on
your system. Use Ad-Aware and/or Spybot Search & Destroy to remove it.

Ad-Aware: http://www.lavasoftusa.com/ (but I see you've already tried this
one)
Spybot: http://security.kolla.de/
(Good site on how to install and use Spybot -
http://www.net-integration.net/reviews/spybot1.html)

More information here:
http://www.spywareinfo.com/
http://www.mvps.org/inetexplorer/Darnit.htm
http://www.doxdesk.com/parasite/ - runs a little script when loading page to
check for common parasites

If no joy, in IE go to Tools...Internet Options...Advanced tab, Browsing
section, uncheck "Enable third-party browser extensions", click Apply, click
Okay, reboot. If that solves your problem, then more troubleshooting is
needed to find out exactly which program, or Browser Helper Object (BHO) is
causing this problem. You don't want to leave it at that, as some BHOs are
useful or necessary - like Adobe Acrobat for reading .pdf files or an
essential component of Norton AV. Get BHODemon -
http://www.definitivesolutions.com/bhodemon.htm - read all about BHOs.
Disable all items, and then gradually replace one or two at a time to narrow
down the culprit.

If all the above fails, then the problem could be something new that the
spyware cleaners above don't have in their databases yet. In that case....
HijackThis direct download:
http://209.133.47.200/~merijn/files/HijackThis.exe
Tutorial on how to use HijackThis:
http://www.spywareinfo.com/~merijn/htlogtutorial.html
Then post it's output log to the forum here for analysis and feedback by the
parasite experts:
http://www.spywareinfo.com/forums/
Or the other HijackThis Logs forums listed here:
http://www.spywareinfo.com/~merijn/forums.html

Or try this program to get some of the most nasty malware:
CWShredder direct download:
http://209.133.47.200/~merijn/files/CWShredder.exe

An alternate resource for all of this and more:
http://www.aumha.org/secure.htm
 
M

Mike Burgess

JL,
Go to: http://mvps.org/winhelp2002/unwanted.htm
Download "Hijack This!" [freeware]

Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Click: "Save Log" (generates: "hijackthis.log")

Next, go to the below location:
http://www.spywareinfo.com/forums/

Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new message.

Post back with the URL where you posted if you want help with your log.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
 
D

David E.

ehh... this is a proprietary post... he wants you to go to his company's
website... don't do anything proprietary...


Mike Burgess said:
JL,
Go to: http://mvps.org/winhelp2002/unwanted.htm
Download "Hijack This!" [freeware]

Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Click: "Save Log" (generates: "hijackthis.log")

Next, go to the below location:
http://www.spywareinfo.com/forums/

Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new message.

Post back with the URL where you posted if you want help with your log.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

JL Shaw said:
I have been experiencing numerious page redirects to some
Amazon ad. I have done the following multiple times and
am out of ideas. Any help would be appreciated.

1 - Scan entire computer with Norton (w/updated virus defs)
2 - Run adaware (also w/updated downloads)
3 - Deleted all Temporary Internet files (Tools->Internet
Options->Delete Files including offline)
4 - Checked \WINNT\systems32\drivers\etc\hosts (only has
one time to go to local host. I run behind a firewall/hub)
5 - rebooted PC and firewall/router (thus clearing out
router table on firewall/router.

Also once I open some normal website and it is redirected
(jacked) to this IP based URL. It will consistantly go
there (in that one IE instance. If I open another IE it
doesn't redirect, but maybe it's random).

JL
Click to expand...
Click to expand...
 
M

Mike Burgess

David,
"he wants you to go to his company's website"
Click to expand...
What company website? .....
Did you bother to look before making such a ridiculous comment ........
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

David E. said:
ehh... this is a proprietary post... he wants you to go to his company's
website... don't do anything proprietary...


Mike Burgess said:
JL,
Go to: http://mvps.org/winhelp2002/unwanted.htm
Download "Hijack This!" [freeware]

Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Click: "Save Log" (generates: "hijackthis.log")

Next, go to the below location:
http://www.spywareinfo.com/forums/

Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new message.

Post back with the URL where you posted if you want help with your log.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

JL Shaw said:
I have been experiencing numerious page redirects to some
Amazon ad. I have done the following multiple times and
am out of ideas. Any help would be appreciated.

1 - Scan entire computer with Norton (w/updated virus defs)
2 - Run adaware (also w/updated downloads)
3 - Deleted all Temporary Internet files (Tools->Internet
Options->Delete Files including offline)
4 - Checked \WINNT\systems32\drivers\etc\hosts (only has
one time to go to local host. I run behind a firewall/hub)
5 - rebooted PC and firewall/router (thus clearing out
router table on firewall/router.

Also once I open some normal website and it is redirected
(jacked) to this IP based URL. It will consistantly go
there (in that one IE instance. If I open another IE it
doesn't redirect, but maybe it's random).

JL
Click to expand...
Click to expand...
Click to expand...
 
D

David E.

your http://mvps.org/ etc.
I notice ALL your replies include a plug for this product...
I do notice some good answers... it's just kind of annoying that all your
answers end with this plug... And i have a question too, and i really don't
feel like downloading your product as i know it'll have to filter through
you...


Mike Burgess said:
David,
"he wants you to go to his company's website"
Click to expand...
What company website? .....
Did you bother to look before making such a ridiculous comment ........
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

David E. said:
ehh... this is a proprietary post... he wants you to go to his company's
website... don't do anything proprietary...


Mike Burgess said:
JL,
Go to: http://mvps.org/winhelp2002/unwanted.htm
Download "Hijack This!" [freeware]

Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Click: "Save Log" (generates: "hijackthis.log")

Next, go to the below location:
http://www.spywareinfo.com/forums/

Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new message.

Post back with the URL where you posted if you want help with your log.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

I have been experiencing numerious page redirects to some
Amazon ad. I have done the following multiple times and
am out of ideas. Any help would be appreciated.

1 - Scan entire computer with Norton (w/updated virus defs)
2 - Run adaware (also w/updated downloads)
3 - Deleted all Temporary Internet files (Tools->Internet
Options->Delete Files including offline)
4 - Checked \WINNT\systems32\drivers\etc\hosts (only has
one time to go to local host. I run behind a firewall/hub)
5 - rebooted PC and firewall/router (thus clearing out
router table on firewall/router.

Also once I open some normal website and it is redirected
(jacked) to this IP based URL. It will consistantly go
there (in that one IE instance. If I open another IE it
doesn't redirect, but maybe it's random).

JL
Click to expand...
Click to expand...
Click to expand...
 
F

Frank Saunders, MS-MVP

David E. said:
your http://mvps.org/ etc.
I notice ALL your replies include a plug for this product...
I do notice some good answers... it's just kind of annoying that all
your answers end with this plug... And i have a question too, and i
really don't feel like downloading your product as i know it'll have
to filter through you...
Click to expand...

mvps.org is a Web server that offers free Web space to MVPs. Mike has made
use of that to create some very helpful pages so that he doesn't have to
burden the newsgroup with many large posts containing the same information.
You are being ridiculous.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/
 
M

Mike Burgess

your http://mvps.org/ etc."
That's a web site domain ....... duh!
I notice ALL your replies include a plug for this product"
Click to expand...
And what product would that be ..... I don't offer anything for sale.
Everything recommended on my site is freeware .......
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

David E. said:
your http://mvps.org/ etc.
I notice ALL your replies include a plug for this product...
I do notice some good answers... it's just kind of annoying that all your
answers end with this plug... And i have a question too, and i really don't
feel like downloading your product as i know it'll have to filter through
you...


Mike Burgess said:
David,
"he wants you to go to his company's website"
Click to expand...
What company website? .....
Did you bother to look before making such a ridiculous comment ........
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

David E. said:
ehh... this is a proprietary post... he wants you to go to his company's
website... don't do anything proprietary...


JL,
Go to: http://mvps.org/winhelp2002/unwanted.htm
Download "Hijack This!" [freeware]

Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a
Click to expand...
"Save
Log"
button.
Click: "Save Log" (generates: "hijackthis.log")

Next, go to the below location:
http://www.spywareinfo.com/forums/

Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new message.

Post back with the URL where you posted if you want help with your log.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a
Click to expand...
HOSTS
file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

I have been experiencing numerious page redirects to some
Amazon ad. I have done the following multiple times and
am out of ideas. Any help would be appreciated.

1 - Scan entire computer with Norton (w/updated virus defs)
2 - Run adaware (also w/updated downloads)
3 - Deleted all Temporary Internet files (Tools->Internet
Options->Delete Files including offline)
4 - Checked \WINNT\systems32\drivers\etc\hosts (only has
one time to go to local host. I run behind a firewall/hub)
5 - rebooted PC and firewall/router (thus clearing out
router table on firewall/router.

Also once I open some normal website and it is redirected
(jacked) to this IP based URL. It will consistantly go
there (in that one IE instance. If I open another IE it
doesn't redirect, but maybe it's random).

JL
Click to expand...
Click to expand...
Click to expand...
 
D

David E.

That's a web site domain ....... duh!
of course.... ??duh??

TO MIKE AND HIS FRIEND....
But you're obviously advertising a business THRU THAT WEB DOMAIN...
Anyways, i distrust anti-spyware, and have a general distrust of your
referring to your products and THEN offering advice based on the results of
their downloading and scanning with your product... Which is EXACTLY how
people social-engineer the spyware in the first place (i.e. Starcraft hacks,
Diablo hacks, etc.).
You seem to represent that company/freeware... and seeing that there are 2
people, i highly doubt that you are promoting this product for free. I know
you are getting something in return... There is no such thing as a free
lunch...
so basically i don't like the fact that you "parasited" this site... your
approach is not very "kosher"... and i have yet to see advice (after all you
2 are all over this newsgroup) in which you are speaking on behalf of your
own knowledge, and not on behalf of your product....
Your advice seems very "Canned" to me.... Do you at least sort of understand
where i'm coming from? Nowadays, you really can't trust anyone, and your
approach YELLS spyware spyware spyware disguised as anti-spyware... *shrug

TO THE OTHER VIEWERS OF THIS NEWSGROUP OR TO MIKE AND FRIEND IF WILLING TO
OFFER GOOD ADVICE:
Don't get involved. Don't say "he helped me..." I don't care. (Plus that's
another social engineering strategy). This is between me and him.. And it's
not even personal... Just my opinion re: the material in this newsgroup...
Anyways, here's my PROBLEM... if you can offer advice convincing enough
WITHOUT referring to that product, then i will make a public apology... and
actually in advance, i do apologize if i came out sounding... gruff? I
really hope you can understand my stance...

Whenever i go to google, or altavista, a local page (which is evidence of
either a registry overwrite, or a re-direct) shows up...
I notice , too, that the address bar contains this prefix.. Well, here's the
URL showing... http://www.www.google.com.com/
Here's a screenshot of the display i get.. (ACTUALLY), i will attach the pic
on the next message i send.. that way anyone not interested can skip the
download...
Aside from our disagreements re: your business ethics, i'm hoping either you
or any of the other subscribers can offer any advice... Also, i noticed that
the google toolbar, when installed didn't work... it just sends me to a
"page not found" error...

Much appreciated...




Mike Burgess said:
your http://mvps.org/ etc."
I notice ALL your replies include a plug for this product"
Click to expand...
And what product would that be ..... I don't offer anything for sale.
Everything recommended on my site is freeware .......
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

David E. said:
your http://mvps.org/ etc.
I notice ALL your replies include a plug for this product...
I do notice some good answers... it's just kind of annoying that all your
answers end with this plug... And i have a question too, and i really don't
feel like downloading your product as i know it'll have to filter through
you...


Mike Burgess said:
David,
"he wants you to go to his company's website"
What company website? .....
Did you bother to look before making such a ridiculous comment .........
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

ehh... this is a proprietary post... he wants you to go to his company's
website... don't do anything proprietary...


JL,
Go to: http://mvps.org/winhelp2002/unwanted.htm
Download "Hijack This!" [freeware]

Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save
Log"
button.
Click: "Save Log" (generates: "hijackthis.log")

Next, go to the below location:
http://www.spywareinfo.com/forums/

Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new message.

Post back with the URL where you posted if you want help with your log.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS
file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

I have been experiencing numerious page redirects to some
Amazon ad. I have done the following multiple times and
am out of ideas. Any help would be appreciated.

1 - Scan entire computer with Norton (w/updated virus defs)
2 - Run adaware (also w/updated downloads)
3 - Deleted all Temporary Internet files (Tools->Internet
Options->Delete Files including offline)
4 - Checked \WINNT\systems32\drivers\etc\hosts (only has
one time to go to local host. I run behind a firewall/hub)
5 - rebooted PC and firewall/router (thus clearing out
router table on firewall/router.

Also once I open some normal website and it is redirected
(jacked) to this IP based URL. It will consistantly go
there (in that one IE instance. If I open another IE it
doesn't redirect, but maybe it's random).

JL
Click to expand...
Click to expand...
Click to expand...
 
J

JL

Thanks everyone for your suggestions. As a status update,
I have simple checked off the "automatically detect
settings" and everything seems to be behaving.

Many thanks!

JL

P.S. FYI. Auto detect is in "Internet Options->Connections
(Tab)->LAN Settings"
 
J

JL

Spoke too soon. Like the proverbial noise that the car is
making.

Anyway. No joy. Went to BHODemon and found what I think
is the culprit. A BHO called hhU.dll (aka HungryHands),
However following the manual instructions from
http://www.pestpatrol.com/PestInfo/h/hungryhands.asp,
RegSvr32 /u c:\winnt\hhu.dll is
returning "DllUnregisterServer in c:\winnt\hhu.dll failed.
Return code was: 0x80070006".

I've already closed all instances of IE. Do I have to
reboot to unload some vestage of it then try the
unregister?

I.e. HELP!

JL
-----Original Message-----
Usually they're placed there by spyware/malware that's gotten installed on
your system. Use Ad-Aware and/or Spybot Search & Destroy to remove it.

Ad-Aware: http://www.lavasoftusa.com/ (but I see you've already tried this
one)
Spybot: http://security.kolla.de/
(Good site on how to install and use Spybot -
http://www.net-integration.net/reviews/spybot1.html)

More information here:
http://www.spywareinfo.com/
http://www.mvps.org/inetexplorer/Darnit.htm
http://www.doxdesk.com/parasite/ - runs a little script when loading page to
check for common parasites

If no joy, in IE go to Tools...Internet
Click to expand...
Options...Advanced tab, Browsing
 
J

JL

Last post. I hope.

A reboot mysteriously removed not only the BHO load, but
all instances of this thing from the regedit file. I
never did find any references to hhU.dll anywhere other
then that there was a file names hh.dll and hhU.dll in
\WINNT. There are also some references to hhsetup.dll in
multiple places including some NT service packs.

Anyway, the problem did seem to go away (knock on wood).

Thanks everyone.

JL
 
M

Mike Burgess

But you're obviously advertising a business"
What business? That's my personal website and I do NOT advertise or sell
anything!
"and have a general distrust of your referring to your products"
Click to expand...
I'll repeat for the last time .... I do NOT offer or sell any products!

Obviously you are unable to grasp that fact .....
"and your approach YELLS spyware spyware spyware"
Click to expand...
Oh I'm sure to you it does ......... troll!
[EOT]
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

David E. said:
That's a web site domain ....... duh!
Click to expand...

of course.... ??duh??

TO MIKE AND HIS FRIEND....
But you're obviously advertising a business THRU THAT WEB DOMAIN...
Anyways, i distrust anti-spyware, and have a general distrust of your
referring to your products and THEN offering advice based on the results of
their downloading and scanning with your product... Which is EXACTLY how
people social-engineer the spyware in the first place (i.e. Starcraft hacks,
Diablo hacks, etc.).
You seem to represent that company/freeware... and seeing that there are 2
people, i highly doubt that you are promoting this product for free. I know
you are getting something in return... There is no such thing as a free
lunch...
so basically i don't like the fact that you "parasited" this site... your
approach is not very "kosher"... and i have yet to see advice (after all you
2 are all over this newsgroup) in which you are speaking on behalf of your
own knowledge, and not on behalf of your product....
Your advice seems very "Canned" to me.... Do you at least sort of understand
where i'm coming from? Nowadays, you really can't trust anyone, and your
approach YELLS spyware spyware spyware disguised as anti-spyware... *shrug

TO THE OTHER VIEWERS OF THIS NEWSGROUP OR TO MIKE AND FRIEND IF WILLING TO
OFFER GOOD ADVICE:
Don't get involved. Don't say "he helped me..." I don't care. (Plus that's
another social engineering strategy). This is between me and him.. And it's
not even personal... Just my opinion re: the material in this newsgroup...
Anyways, here's my PROBLEM... if you can offer advice convincing enough
WITHOUT referring to that product, then i will make a public apology... and
actually in advance, i do apologize if i came out sounding... gruff? I
really hope you can understand my stance...

Whenever i go to google, or altavista, a local page (which is evidence of
either a registry overwrite, or a re-direct) shows up...
I notice , too, that the address bar contains this prefix.. Well, here's the
URL showing... http://www.www.google.com.com/
Here's a screenshot of the display i get.. (ACTUALLY), i will attach the pic
on the next message i send.. that way anyone not interested can skip the
download...
Aside from our disagreements re: your business ethics, i'm hoping either you
or any of the other subscribers can offer any advice... Also, i noticed that
the google toolbar, when installed didn't work... it just sends me to a
"page not found" error...

Much appreciated...




Mike Burgess said:
your http://mvps.org/ etc."
I notice ALL your replies include a plug for this product"
Click to expand...
And what product would that be ..... I don't offer anything for sale.
Everything recommended on my site is freeware .......
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

David E. said:
your http://mvps.org/ etc.
I notice ALL your replies include a plug for this product...
I do notice some good answers... it's just kind of annoying that all your
answers end with this plug... And i have a question too, and i really don't
feel like downloading your product as i know it'll have to filter through
you...


David,
"he wants you to go to his company's website"
What company website? .....
Did you bother to look before making such a ridiculous comment ........
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a
Click to expand...
HOSTS
file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

ehh... this is a proprietary post... he wants you to go to his company's
website... don't do anything proprietary...


JL,
Go to: http://mvps.org/winhelp2002/unwanted.htm
Download "Hijack This!" [freeware]

Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save
Log"
button.
Click: "Save Log" (generates: "hijackthis.log")

Next, go to the below location:
http://www.spywareinfo.com/forums/

Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new
message.

Post back with the URL where you posted if you want help with your
log.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User]
http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS
file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

I have been experiencing numerious page redirects to some
Amazon ad. I have done the following multiple times and
am out of ideas. Any help would be appreciated.

1 - Scan entire computer with Norton (w/updated virus defs)
2 - Run adaware (also w/updated downloads)
3 - Deleted all Temporary Internet files (Tools->Internet
Options->Delete Files including offline)
4 - Checked \WINNT\systems32\drivers\etc\hosts (only has
one time to go to local host. I run behind a firewall/hub)
5 - rebooted PC and firewall/router (thus clearing out
router table on firewall/router.

Also once I open some normal website and it is redirected
(jacked) to this IP based URL. It will consistantly go
there (in that one IE instance. If I open another IE it
doesn't redirect, but maybe it's random).

JL
Click to expand...
Click to expand...
Click to expand...
 
D

D E

I think this guy is right... I APOLOGIZE... I'm not a troll... more of like
an....... ogre..?
Nah but seriously.. your "signature" looks very business like... so i kind
of assumed all the stuff i assumed... k... sorry.. tell your buddy sorry
too...



Mike Burgess said:
But you're obviously advertising a business"
Click to expand...
What business? That's my personal website and I do NOT advertise or sell
anything!
"and have a general distrust of your referring to your products"
Click to expand...
I'll repeat for the last time .... I do NOT offer or sell any products!

Obviously you are unable to grasp that fact .....
"and your approach YELLS spyware spyware spyware"
Click to expand...
Oh I'm sure to you it does ......... troll!
[EOT]
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

David E. said:
That's a web site domain ....... duh!
Click to expand...

of course.... ??duh??

TO MIKE AND HIS FRIEND....
But you're obviously advertising a business THRU THAT WEB DOMAIN...
Anyways, i distrust anti-spyware, and have a general distrust of your
referring to your products and THEN offering advice based on the results of
their downloading and scanning with your product... Which is EXACTLY how
people social-engineer the spyware in the first place (i.e. Starcraft hacks,
Diablo hacks, etc.).
You seem to represent that company/freeware... and seeing that there are 2
people, i highly doubt that you are promoting this product for free. I know
you are getting something in return... There is no such thing as a free
lunch...
so basically i don't like the fact that you "parasited" this site... your
approach is not very "kosher"... and i have yet to see advice (after all you
2 are all over this newsgroup) in which you are speaking on behalf of your
own knowledge, and not on behalf of your product....
Your advice seems very "Canned" to me.... Do you at least sort of understand
where i'm coming from? Nowadays, you really can't trust anyone, and your
approach YELLS spyware spyware spyware disguised as anti-spyware... *shrug

TO THE OTHER VIEWERS OF THIS NEWSGROUP OR TO MIKE AND FRIEND IF WILLING TO
OFFER GOOD ADVICE:
Don't get involved. Don't say "he helped me..." I don't care. (Plus that's
another social engineering strategy). This is between me and him.. And it's
not even personal... Just my opinion re: the material in this newsgroup...
Anyways, here's my PROBLEM... if you can offer advice convincing enough
WITHOUT referring to that product, then i will make a public apology... and
actually in advance, i do apologize if i came out sounding... gruff? I
really hope you can understand my stance...

Whenever i go to google, or altavista, a local page (which is evidence of
either a registry overwrite, or a re-direct) shows up...
I notice , too, that the address bar contains this prefix.. Well, here's the
URL showing... http://www.www.google.com.com/
Here's a screenshot of the display i get.. (ACTUALLY), i will attach the pic
on the next message i send.. that way anyone not interested can skip the
download...
Aside from our disagreements re: your business ethics, i'm hoping either you
or any of the other subscribers can offer any advice... Also, i noticed that
the google toolbar, when installed didn't work... it just sends me to a
"page not found" error...

Much appreciated...




Mike Burgess said:
your http://mvps.org/ etc."
Click to expand...
I notice ALL your replies include a plug for this product"
And what product would that be ..... I don't offer anything for sale.
Everything recommended on my site is freeware .......
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

your http://mvps.org/ etc.
I notice ALL your replies include a plug for this product...
I do notice some good answers... it's just kind of annoying that all your
answers end with this plug... And i have a question too, and i really
don't
feel like downloading your product as i know it'll have to filter through
you...


David,
"he wants you to go to his company's website"
What company website? .....
Did you bother to look before making such a ridiculous comment ........
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS
file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

ehh... this is a proprietary post... he wants you to go to his
company's
website... don't do anything proprietary...


JL,
Go to: http://mvps.org/winhelp2002/unwanted.htm
Download "Hijack This!" [freeware]

Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a
"Save
Log"
button.
Click: "Save Log" (generates: "hijackthis.log")

Next, go to the below location:
http://www.spywareinfo.com/forums/

Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new
message.

Post back with the URL where you posted if you want help with your
log.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User]
http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a
HOSTS
file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

I have been experiencing numerious page redirects to some
Amazon ad. I have done the following multiple times and
am out of ideas. Any help would be appreciated.

1 - Scan entire computer with Norton (w/updated virus defs)
2 - Run adaware (also w/updated downloads)
3 - Deleted all Temporary Internet files (Tools->Internet
Options->Delete Files including offline)
4 - Checked \WINNT\systems32\drivers\etc\hosts (only has
one time to go to local host. I run behind a firewall/hub)
5 - rebooted PC and firewall/router (thus clearing out
router table on firewall/router.

Also once I open some normal website and it is redirected
(jacked) to this IP based URL. It will consistantly go
there (in that one IE instance. If I open another IE it
doesn't redirect, but maybe it's random).

JL
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

no page loads in ie6 or ie7 - windows XP midea center edition 11
IE 6 - The page cannot be displayed 1
SSL & "The page cannot be displayed" 4
browser redirected -- malware or glitch? 2
Windows 98SE "freezes" for 1 minute every time I close Internet Explorer6. 20
Certain Sites Load Slow or Not At All 12
SP2 and frames not loading 5
Internet Explorer is NOT to blame for the Flash advertisement problem !! 1

Top