A webpage Hijack/Spyware problem.

I didn't know problems like that were still occuring lol

But seriously... wipe and reload, it's the only way to be sure that you've gotten it all. Others will say that you can clean and repair but there will always be traces and minor (or unknown) damage left behind.

 

Please don't wipe and reload. There are a few other things to try before going to those measures.

Have you tried firefox? www.mozilla.com ?

 

1: Get the hell off of AOL
2: Download and run a free program called "Registry Repair"
3: Do a Virus/Trojan scan on boot, before Windows loads. For the Virus use "Avast!", for Trojan use "A Squared Free"
4: Download and install Firefox.
5: Stay the hell away from AOL



Cheers.

 

I don't think the MULE is looking for an after-thought or workaround. At this point everything other than a wipe and reload is just that. In the time it takes to find and fix the errors, as most people suggest, you could have had a clean install by now. Think about it (repairing registry entries), if it were easy and/or an effective solution the possibility of it getting broken or exploited would have been designed out in the first place

 

Sorry, I disagree. The problem with a wipe and reinstall is what you are left with when finished. Yes, a working browser, but nothing else works. I'm not sure how many times you have been left with fixing the issues once everything is reloaded. (If I were to say two hundred, that would be an understatement - I've worked in the trenches before) If someone cannot try one different application which is not spyware/malware prevalent, then loading drivers for various items, and getting documents going where they go, associations, the little apps and such... oh, it will take a lot longer than you would think. So... an extra five minutes is worth trying. Don't you think? Or do you suggest a wipe and reinstall for the simplest of issues?

 

No, not for every issue such as driver conflicts, software/hardware incompatibilities, hotfix issues, etc, a system restore will usually take care of that. But, for security exploits and compromises, there is absolutely no way of knowing what else came in with it. What that in mind a W&R is the only solution. Also, when I say wipe and reload my intentions are to reload everything thereby returning the workstation to how it was before it was compromised.

Besides, the first thing everyone says after the W&R is “Wow! I can’t believe how much faster my PC is.”

 

It sounds like a simple redirect script. Simple in it's execution but possibly not in it's detection. If you look at webpage source code it will often determine which browser is in use. The basic concept would be "if IE7 then redirect...

You could also have a BHO (Browser Helper Object) hiding somewhere. Have you installed any web apps lately?

Also, did you do your scans while in Safe Mode? Which Service Pack are you using? SP3 is pretty recent and there are some bugs with that. All hotfixs up to date?

This might help Website Redirection Analysis

 

It could be, and most probably is, a problem with AOL. On doing a web search I found that they had a similar problem with their mobil mail address redirecting somewhere else. Have you contacted them yet? They might be working on it.

Aside from the AOL bashing, did you try the other things I listed? Could solve your problem. Who knows where it came from, it could be a million things, but somehow you probably downloaded a tiny program onto your computer that tells it to send IE to another page either through a registry change or through a running script. IE is highly vulnerable to attacks such as this. Have you tried to search your computer for fake links name? In the address bar, or in the pages code you'll see the real address for the page (which won't be "mail.aol.com", etc, it'll be something like "mail.aol59.thogl.com", etc. In this case you'd do a windows search for "thogl.com" and see what pulls up on your computer. Also how comfortable are you with editing your registry? I'd imagine the script is in your AOL settings in the registry.

 

I know the challenge well. A few years back I was chasing malware for fun and learned more than a few things along the way (pre Bonzi Buddy and Comet Cursor). I also stumbled across a couple of script kiddies who were using their TI calculators to create and upload malicious code. That's when I focused on social engineering and physical security of IT. Is this problem at home or at work? You know, 90% of all hacking occurs from within

 

Hi,

Interesting thread IMHO - Thanks!

As a user of XP-SP2 under Parallels on my Mac are you "recommending" that "we" (the great unwashed as it were) hold off on installing SP3?

In other words, in your obviously considered/experienced opinion, is SP3 a good or bad thing overall? [I'm not trying to be facetious BTW, but I was about to install it.]

Thanks,
Ian
PS - This is obviously *not* the place to say "buy a Mac"

 

IE is the worse browser you can use Firefox is great, but the new one has some bugs. Best of luck, keep us posted on your progress.

 

Well thank you Ian. From an IT management perspective I'd advise that SP3 is not yet quite ready for adoption. Let the "me first" play with it for awhile.

 

Download Spybot search & destroy

 

Ever try checking the hosts file? C:\WINDOWS\System32\drivers\etc\

Open it in notepad and if there are any entries that you did not put there they are most likely malicious*. It's a long shot, but it's worth checking out.

*Not all entries are malicious and if for whatever reason there are entries, I'd only focus on the ones that pertain to AOL.

 

These suggestions are way too technical. Do the easy most reliable thing. Use the XP machine as a doorstop and go buy an Apple.