Possible Browser Hijack attempt via http://4-counter.com (Re: Add Word: iexplore.exe - Application e

[Alex Vinokur]

Hi

I checked Googles archives for "Add Word: iexplore.exe"
and only found this:
http://www.google.com/groups?hl=en&lr=lang_en&ie=UTF-
8&c2coff=1&safe=off&threadm=uqaFtiIuDHA.4060%40TK2MSFTNGP11.phx.gbl&r
num=2&prev=/groups%3Fas_epq%3DAdd%2520Word%253A%2520iexplore.exe%2520
%26safe%3Doff%26ie%3DUTF-
8%26as_scoring%3Dd%26lr%3Dlang_en%26num%3D100%26hl%3Den

Thanks.
This google-link can be done shorter:
http://www.google.com/[email protected]

Your shorter link is: http://makeashorterlink.com/?F2FE35768

HTH

It seems that I know what causes the problem, but I don't know how to solve it.

---------------------------
Windows 2000 Professional
Version 5.0 (Build 2195, Service Pack 4)
---------------------------

I did the following experiment.

Step 1. Before connecting to Internet.

SubStep 1.1
Start | Settings | Control Panel | Internet Options | General | Home
I put to "Address" some link : http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

SubStep 1.2
I run Ad-aware 6.0 Personal, Build 6.181
a) Scan now | Next (with "Perform smart system-scan)|
b) (After scanning) Next
c) Column "Vendor" contains "Possible Browser Hijack attempt"
Select all "Possible Browser Hijack attempt"
Next
d) Message Box "Ad-aware 6":
"26 objects will be removed. Continue?"
OK

Step 2. I have connected to Internet.

Step 3. Working in Internet.
After some ordinary actions (work with Output Express, Internet Explorer Browser) :

SubStep 3.1. Checking "Home Page Address".
Start | Settings | Control Panel | Internet Options | General | Home
"Address" is http://4-counter.com/?b=crue !!!

SubStep 3.2
I run Ad-aware 6.0 Personal, Build 6.181
a) Scan now | Next (with "Perform smart system-scan)|
b) (After scanning) Next
c) Column "Vendor" AGAIN contains "Possible Browser Hijack attempt" !!!


Some details can be seen at:
or
The links above are available via:
* NNTP reader (in this message)
* "Address" in Internet Explorer Browser (put the link in "Address")
(Not via Google Groups).


So, what should I do to solve that problem?

 

[Boomer]

Thanks.
This google-link can be done shorter:
http://www.google.com/groups?threadm=063f01c3b885$b22583b0$a4
01280a%40phx.gbl

^ ^ ^ ^ ^

Did you try what was mentioned there?
HijackThis
http://tomcoyote.com/hjt/
Install and run, then post the log to "HijackThis Logs"
at http://www.lavasoftsupport.com/index.php.

It seems that I know what causes the problem, but I don't know
how to solve it.

---------------------------
Windows 2000 Professional
Version 5.0 (Build 2195, Service Pack 4)
---------------------------

I did the following experiment.

Step 1. Before connecting to Internet.

SubStep 1.1
Start | Settings | Control Panel | Internet Options |
General | Home I put to "Address" some link :
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=ms
nhome

SubStep 1.2
I run Ad-aware 6.0 Personal, Build 6.181
a) Scan now | Next (with "Perform smart system-scan)|
b) (After scanning) Next
c) Column "Vendor" contains "Possible Browser Hijack
attempt"
Select all "Possible Browser Hijack attempt"
Next
d) Message Box "Ad-aware 6":
"26 objects will be removed. Continue?"
OK

Step 2. I have connected to Internet.

Step 3. Working in Internet.
After some ordinary actions (work with Output Express,
Internet Explorer Browser) :

SubStep 3.1. Checking "Home Page Address".
Start | Settings | Control Panel | Internet Options |
General | Home "Address" is http://4-counter.com/?b=crue
!!!

SubStep 3.2
I run Ad-aware 6.0 Personal, Build 6.181
a) Scan now | Next (with "Perform smart system-scan)|
b) (After scanning) Next
c) Column "Vendor" AGAIN contains "Possible Browser Hijack
attempt" !!!


Some details can be seen at:
or
The links above are available via:
* NNTP reader (in this message)
* "Address" in Internet Explorer Browser (put the link in
"Address") (Not via Google Groups).


So, what should I do to solve that problem?

Install, immediately update and run, at least, the first four.

Ad-aware Aims at Adware/Spyware.
http://www.lavasoftusa.com/

SpybotS&D Aims for the dialers, trojans,
hijackers and security/privacy issues.
http://www.safer-networking.org/

Spyware Blaster
http://www.wilderssecurity.net/spywareblaster.html
http://www.javacoolsoftware.com/spywareblaster.html

CoolWebShredder
http://www.spywareinfo.com/~merijn/files/cwshredder.zip
http://www.spywareinfo.com/~merijn/cwschronicles.html

HijackThis
http://tomcoyote.com/hjt/
Install and run, then post the log to "HijackThis Logs"
at http://www.lavasoftsupport.com/index.php.

A-spy For trojans hiding in startup entries.
http://vipmeister.com/dl/aspy/aspy.html

Info on above and more.
http://aumha.org/a/parasite.htm
http://www.netrn.net/spywareblog/
http://www.generation.net/~hleboeuf/spyware.htm

Parasites: Cookies, Dialers, Keyloggers, Trackers
http://www.generation.net/~hleboeuf/bhoindex.htm

~ Spyware Information ~
http://www.mvps.org/inetexplorer/Darnit.htm
http://www.cexx.org/adware.htm
http://www.mvps.org/winhelp2002/unwanted.htm

~Unsolicited commercial software list and info~
http://www.doxdesk.com/parasite/

~Other software~
http://www.wilders.org/

Newsgroups: alt.privacy.spyware
alt.comp.anti-virus

Also serach Google and Googles archive for more information.

Top 10 Tips to Keep Your Computer Virus-Free
http://www.symantec.com/homecomputing/library/topten.html

 

[why]

You can go to

http://www.geocities.com/tofabd/howto1.html

 

[H Leboeuf]

4-counter.com is from this nasty parasite.

You will need this removal tool.
More: Complete list by variant with up-to-date information.
http://www.merijn.org/cwschronicles.html
More: Removal tool: http://www.merijn.org/files/cwshredder.zip

Read this: "So how did I get infected in the first place?"
http://forums.net-integration.net/index.php?showtopic=3051