ARRRRG! Computer problem!

[Sniper[MI]]

Does anyone know where to find a program that has installed itself as my default search engine, that also blocks ALL other search engines and search sites?

I have searched for files and folders using the search assistant, I have manually went in looking through explore, and I have run ad aware 2x and I am gettin pissed! I cant find the friggin program and it is making me crazy.

[Sniper[MI]]

Thats just it tho, I have searched using every name I can find to no avail. I have restored defaults run spyware checks, deleted cookies etc...

Now today I cant seem to get any of those "other" search engines to come up. And late last night, when I would do a search on one of them, it would not go to the site (google hotbot etc..) the search brought up.

I can get to MSN search if I type in the addy, www.search.msn.com and it works fine, unless I am trying to go to google from there. Any other site that MSN search finds will load just fine, just not search engine sites. It is like something is blocking them.

I have looked at all my internet security settings and tried everything I know, including looking at the files on my other computer to see whats different between the two. (Both have XP pro)

I am wondering if a file is missing or something.

[Chris]

This is a trick by VeriSign. If you say mis-spell a word such as gunandgamee.com you will be taken to this page owned by Verisign. They are currently being sued by GoDaddy.com.

[PAPA G]

if you have Winders go to tools, then click on internet options and see what your homepage URL says, if thats the culprit change it back to what ever you use.

[Chris]

Papa, I am not sure if he is talking about his current default homepage, or what he goes to search for. What I mentioned earlier is the only thing I can think of.

sounds like spyware. download a program like ad-aware or something and do a full system scan. you'll probably be shocked at all the crap it finds.

http://www.cnn.com/2003/TECH/interne...eut/index.html

guess I was wrong...Well there's a first for everything!

[Sniper[MI]]

Trojan Horse Hijacks IE

Attack sends browsers aiming for search engines to hackers' site instead.

Paul Roberts, IDG News Service
Thursday, October 02, 2003
Computer hackers have found another way to exploit an unpatched hole in Microsoft's Internet Explorer Web browser, using a specially designed attack Web site to install a Trojan horse program on vulnerable Windows machines.


The Trojan program changes the DNS configuration on the Windows machine so that requests for popular Web search engines like Google and Alta Vista bring the Web surfer to a Web site maintained by the hackers, according to warnings from leading security companies.



Still Vulnerable
The attacks are just the latest in a string of online scams that rely on an easy-to-exploit flaw in IE known as the ObjectData vulnerability. Earlier attacks that relied on the vulnerability include a worm that spreads using American Online's Instant Messenger network.

Microsoft released a patch for the ObjectData vulnerability, MS03-032, in August. However, even machines that applied that patch are vulnerable to the latest attack because of holes in that security patch, according to a bulletin posted by Network Associates.

The Trojan horse program is called Qhosts-1 and is rated a "low" threat, Network Associates said. Trojan horse programs do not attempt to find and infect other systems. However, they do give attackers access to a compromised computer, often allowing a remote hacker to control the machine as if he or she were sitting in front of it.

Microsoft issued a statement Thursday saying that it was investigating reports of exploits for a variation on a vulnerability originally patched in Microsoft Security Bulletin MS03-032 and would release a fix for that hole shortly. A company spokesman could not say when the patch update will be released.

The Redmond, Washington, company recommended that customers worried about attacks install the latest Windows updates and change their IE Internet security zone settings to notify the user when suspicious programs are being run.



Threat Averted?
Qhosts-1 was installed on vulnerable Windows machines using attack code planted in a pop-up ad connected to a Web page set up by the hackers on a free Web hosting site, www.fortunecity.com, NAI said. The DNS servers used in the attack resided on systems owned by Houston, Texas-based hosting firm Everyone's Internet, according to Richard Smith, an independent computer security consultant in Boston.

Those servers, as well as the fortunecity.com site used to install the Trojan, have been taken offline since the attack caught the attention of security experts. That will stop the DNS hijackings, but will also make it impossible for users on infected computers to browse the Web until their DNS configuration is restored, he said. However, as long as the Microsoft hole remains unpatched, similar attacks could be launched.

To be attacked, Windows machines had to be running Internet Explorer versions 5.01, 5.5 or 6.0, which contain the ObjectData vulnerability, and visit the Web site that launched the pop-up. The pop-up ad exploited the ObjectData vulnerability then downloaded the Qhosts-1 Trojan from a Web site in Seattle, Smith said.

Counterpane Internet Security , of Cupertino, California, said in a statement that it was tracking three possible infections by the Qhosts-1 Trojan on networks that it monitors.



Sophisticated Attack
There are still questions about how users were lured to the fortunecity.com site that installed the Trojan horse, but unsolicited commercial e-mail with links to the site was a likely suspect and economic gain was a likely motive, Smith said.

Hackers used the DNS changes to drive Web surfers to a site that launched a variety of pop-up advertisements, resulting in increased Web traffic and advertising revenue for the individuals behind the scheme, he said.

The latest attack is an example of the increasingly sophisticated strategies used by malicious hackers, who adopt the strategies of legitimate online businesses, cobbling together available Web technologies in a "Tinker Toy" fashion to create sophisticated attacks, Smith said.

By relying on a network of sites hosted on free and fee-based Internet hosting sites, hackers also make it more difficult for authorities to follow their tracks. Identity theft frequently plays a role in the latest scams as well. Hackers use stolen credit card information to set up hosting accounts which are then used as part of Internet based attacks, he said.

[Klaus]

A Trojan Horse prgram HAS to be installed by the user. Sniper, exactly what were you installing just before the problems started?

FYI: A Trojan Horse is a program that pretends to do one thing, while secretly doing something else.

[Sniper[MI]]

I havenet a clue. I went to a few new sites in the last week and one, was supposed to be for an article on some political stuff and was loaded with pop ups that made it through the pop up blocker.

Am I correct in understanding that some pop ups can be configured so when you click to close them they install?

I still havent found any info on how to check if this is what's affecting my puter, or how to remove it if this is the case.

[Klaus]

No, a Trojan Horse program tries to trick you by pretending to be useful. It may have claimed to be some kind of utility, like a picture viewer, spell checker, screensaver, or electronic card.

[Sniper[MI]]

Ya, I have done all kinds of stuff, nothing has worked, I have run two different spyware progams, I have run the Trojan Removal tool for that trojan and nothing has worked....

The Saga continues.....

[jaybo]

Sniper,

Ad Aware is a good program, but it doesn't catch everything.

Install and run Spybot S&D and SpywareBlaster. They can be found at http://download.com.com/?tag=cnetfd.sb

Also, it would be a good idea to turn off "install on demand".

Good luck!