Not quite a browser hijack, but close

By nebheprura ·
Have Windows XP SP2 with IE6(not sure about IE7 right now) and I have a problem that a friend is too embarassed to ask about so I am here in his stead. Says that he has fully updated anti-virus, firewall, spyware scanners, etc. installed on his system. When he looks at adult thumbnail sites he usually clicks on the link for the pic and it would go right to it. The problem now is that when he clicks on thumbnails to correspond to a few certain sites that never had a problem before, now the link goes to url's like and other url's that basically take him to either another thumbnail site that may be legit, but it just leads to more and more links. When he tries to close the window, the next open window then switches to the spyware-micro search again or another adult search url. The crazy thing is that sometimes a thumbnail site will not come up at all, but instead it will go to Google search page with search results usually centering around what time of adult material he was looking for(i.e. mature, fetish, etc.). CRAZY! This made no sense to me at all until I saw it happen with my own eyes yesterday! The even crazier thing is it does not do it for all links. 75-80% of them go where they are supposed to, but those certain links like like and go to the search thing or the google thing. Also, if you take the url address of the pic or video you were supposed to go to and plug it into Google to search for it, nothing comes up. Like I said in the beginning, it's not quite a browser hijack since the homepage is fine and it only does it when the clip or pic is linked to a few common sites he visits. Any clue as to what can be done. Ran Registry Mechanic and fixed all problems, yet still issue. Tried to completely block all functions of the url with Kerio firewall, but still does what it wants. Does he have to loose everything and re-install IE or entire OS? Don't understand how anti-virus and spyware scans can do nothing to fix it. Even downloaded BHO Demon and still happened. Did not even show up in BHO Demon. Tried using tea-time protection from Spybot, completely locked it down with total protection, DOES NOT MATTER! HELP! Please Help!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

This one's a bit sticky

by mjd420nova In reply to Not quite a browser hijac ...

I've seen this worm before, and I am afraid that the OS will have to be reinstalled. My previous encounter was so bad, the drive had to be formatted and the OS installed clean. I've evn seen this to the extent that the CNOS had to be cleared as the worm had flashed the BIOS and installed itself in the BIOS. No virus checker or root kit checker could find it let alone get rid of it. The first clue was that after a clean install of the OS, it would still do the same thing.

Collapse -


by nebheprura In reply to This one's a bit sticky

That is just wonderful. That's probably the last thing I wanted to have to do. I was hoping that if I installed IE7, that would take care of it. Wish I knew what to look for in registry to kill that thing!

Collapse -

This may help some too

by Tig2 In reply to Not quite a browser hijac ...

I will bet that mjd's suggestion is probably your fix but you might want to take a look at this very informative article on the use of a tool called "Hijack This". It may save you from a complete re-build.

If it doesn't work or the nasty re-surfaces, I would proceed to re-build.

Good luck!

Collapse -

Agree 100%

by Kjell_Andorsen In reply to This may help some too

Hijackthis is one of the most useful tools I've found for this sort of thing. If nothing else you can use it to generate a log file of the scan it runs and then go to a dedicated spyware forum such as those hosted by Lavasoft (Makers of AdAware), their spyware experts will review the log and if they don't have a solution it will give them more ifnormation to work with in order to develop a solution. I had a similar issue with a piece of spyware a couple years ago and they managed to develop a removal tool.

Collapse -

If you suspect a CMOS infection

by Kiltie In reply to Not quite a browser hijac ...

The simplest way is to short out the battery for a few mins, or use the jumper switch that some Mobos use.

However,I think the real trick here is to identify any virus by name first and attack it with known remedies. I have links if you can identify the little devil.

Several online scans you can try, list later, but it depends on how badly the HD is infected, may be simpler to use a LiveCD or slave it to another PC and clean it that way.

My preferred method is something like UBCD

There are many, many useful tools there.

It may be a bit late now, but a proactive program like SpywareBlaster could have helped.

What it does is STOP the dam things from getting into your machine in the first place
instead of clearing up infections afterwards

But don't rely one one alone, use a mix. I use several, Spybot and Adaware are my favs, but not the only ones I use.

I assume your friend has a decent modern AV?

Here are the free ones, been a while since I checked them out, I don't know if the links are current.

Related Discussions

Related Forums