Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE8 on Win XP SP3 has been hijacked


  • Please log in to reply
3 replies to this topic

#1 RodRocket

RodRocket

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 11 March 2012 - 03:17 AM

Hi all
My IE8 has been hijacked by some sort of advertiser.
Malwarebytes knows it's there as it frequently tells me it's trapped an internal call to an external IP Address, but it finds nothing if I do a full scan.
ComboFix finds nothing.
Trend Micro House Call finds nothing.

Typical symptoms - I do a google search for, say "Tomato Soup Recipe". Google shows me some results, so I select one - I see the correct web address momentarily, then it changes to www.dotorbital.com for half a second then I end up at some other advertising page. Most commonly this is 'www.gumtree.com.au', but not always. If I immediately search again, and follow Google's link I get to the correct page.

How do I resolve this? Is this symptomatic of a root kit?

It's very frustrating, and as the 'IT Professional' in our family my wife expects an immediate and comprehensive resolution... NOT This time!

Any clues to get me started would be greatly appreciated.

Rod Rocket

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:04 AM

Posted 11 March 2012 - 09:38 AM

Since you already ran ComboFix, the log should be thoroughly reviewed by experts who have been trained to decipher them.

Please follow the instructions in the Preparation Guide For Requesting Help starting at Step 6. When you have done that, start a new topic and post the required logs to include your ComboFix log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. After doing this, please reply back in this thread with a link to the new topic so we can closed this one.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

Note: If you're not sure where to find the log, ComboFix should have saved it to the root directory, usually C:\ComboFix.txt. To retrieve the log, launch Windows Explorer, navigate to the root directory and double-click on it to open in Notepad.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 RodRocket

RodRocket
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 12 March 2012 - 10:06 AM

Thanks Quietman7.
I have since run Trend's Rootkitbuster, which told me there were 3 kernel patches applied "which I could fix"...
Yup... fixed my PC completely. OS is now NBG. Chkdsk/R is no good, and thanks to Microsoft and IBM I never got an installation disk for my Windows Media Centre 2003, so this is the perfect opportunity to back up the disk again, install a new Windows 7, and restore just the data I want.

Please go ahead and close the Post.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:04 AM

Posted 12 March 2012 - 10:32 AM

Sorry to hear about having to do that but sometimes it is the best solution.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users