Forum
Comments:
-
- on Wed 11 Nov 2009
- 05:23:53 PM UTC
Some things to check
I'm not going to bother explaining these things. This is a short list of where I'd check first:
-- Hosts file (in c:\windows\system32\drivers\etc)
-- Registry load points (your HijackThis log will give you these)
-- Unexpected, running services (using services.msc)
-- Unexpected, running applications (using Process Explorer)
-- Firefox settings (see http://support.mozilla.com/en-US/kb/Resetting+pref... for instructions)Sounds like a pretty basic hijack. Should be easy to fix, and in the meantime you can add the following line to your local Hosts file to block that site:
(whatever the domain name is).com 127.0.0.1
Please, for future reference, include the actual domain name or URL.
Has anyone else heard of "Yahoo Search 13"? I can't find any other reference to it anywhere.
-
- on Wed 11 Nov 2009
- 06:23:14 PM UTC
As far as I am aware of,
As far as I am aware of, Search13 is associated with at least stylishprofiles dot com add-on, which claims to add some sort of themes support to facebook.
I submitted it for inclusion to hphosts and MysteryFCM found the connection. It apparently hijacks homepage and searches :)
"Men make good pets."
-
- on Thu 12 Nov 2009
- 01:13:39 AM UTC
Cotojo has an article up
http://freepcsecurity.co.uk/2009/11/10/stylish-pro...
Also, I've listed the IP and associated domains on this post:
http://www.mywot.com/en/forum/4840-62-16-115-178-r...
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W -
- on Thu 12 Nov 2009
- 03:37:57 AM UTC
May be the solution
That may be it. If so, it's a shame we may have chased the OP off to those boards, though if we've (well . . . g7w, and Colin) found it, I suspect those boards will know it too.
-
- on Tue 10 Nov 2009
- 10:20:53 PM UTC
If Google is your default search
And it's also your homepage (as you say in your post), then you may have malware that's hijacking it and redirecting to the page you reference. To maybe see if that's the case you should run a HijackThis log and post it here.
Here are step-by-step instructions on how to do that:
To download HijackThis go to the following link:
http://free.antivirus.com/hijackthis/1. Click on the "Installer" link next to the icon of the guy with the spyglass.
2. Save HJTInstall.exe to your desktop.
3. Doubleclick on the HJTInstall.exe icon on your desktop. You may get the "open file - security warning" window asking you if you want to run the file. If so, just click "Run".
4. Click "Install". By default it will install HJT to C:\Program Files\Trend Micro\HijackThis and create a HJT icon on your desktop and launch HJT.
5. Click on the "Do a system scan and save a log file" button. It will scan and then save the log to Notepad.
6. Close HJT by clicking on the "X".
7. At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy (doing that copies the text to the clipboard, you won't see it yet....)
8. Paste the log in this thread. (To paste from Firefox, just click on the "Edit" menu selection, and then "Paste" in the drop down menu)
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required. WAIT until a we look at your log and post a reply on it..
-
- on Tue 10 Nov 2009
- 10:29:37 PM UTC
BobJam, are you in any way
BobJam, are you in any way HijackThis qualified? By any known malware removal school or such? If not, I'd rather not have people helping others with tools like that in forums like this.
Instead we should give the possibly infected user guidance where to seek help, from somewhere where people deal with logs daily :) Like BleepingComputer for example.
No offence intended, I am just thinking the best of the person asking for help.
"Men make good pets."
-
- on Wed 11 Nov 2009
- 12:16:06 AM UTC
OK
Here's a list:
Aumha forum: http://forum.aumha.org/viewforum.php?f=30&sid=551c......
Bleeping Computer: http://www.bleepingcomputer.com/forums/forum22.htm...
Geeks to Go: http://www.geekstogo.com/forum/Virus-Spyware-Troja...
Major Geeks: http://forums.majorgeeks.com/forumdisplay.php?f=35
Malware removal: http://malwareremoval.com/forum/viewforum.php?f=11......
Spyware Info: http://www.spywareinfoforum.com/index.php?showforu...
Tech Support Guy: http://forums.techguy.org/54-malware-removal-hijac...
What the Tech (formerly Tom Coyote forum): http://forums.whatthetech.com/Infections_Removal_f...
Be sure to read all the sticky announcements/instructions at the top of each malware forum!
You will probably have to register to post.
(BTW, the reason I've listed so many malware removal forums is so that you can post your HJT log on each one . . . some respond faster than others, so if you post on each one you are likely to get an answer within 24 hours from one of them . . . sort of like a shotgun approach. BUT, once you get an answer, STICK with that one . . . don't mix and match)
And lordpake, the point of looking at the HJT log was just to identify any Browser Hijack Objects . . . at that point, if there were any, the next recommendation I would have had was to visit these malware removal sites. I agree with you that this forum is not the place for detailed removal instructions, though that's been done here a few times.
And no offense taken.
-
- on Wed 11 Nov 2009
- 01:44:34 AM UTC
though that's been done here a few times
Which is not within the scope of WOT or the Forum.
I agree that redirecting a person to a qualified malware removal site / forum is best for both the person involved and this Community.This would make an excellent topic on the Wiki along with links to helpful (outside) resources. Care to start one? :-)
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W -
- on Wed 11 Nov 2009
- 05:38:25 AM UTC
Exactly
Which is why I said: "BUT, once you get an answer, STICK with that one . . . don't mix and match"
Once you get a response from one, you can drop the others. And, as I said, "some respond faster than others."
The thing to be careful about is not to post on one board something like "But on the other board they said to use . . .". Just stick with the one that responds first, and DO NOT go back and post on the other boards.
-
- on Wed 11 Nov 2009
- 05:50:13 AM UTC
Yes but,
I understand what you mean. But some forums Spybot's for example. Do not even want anyone posting their Hijackthis logs in more then one place.
Not trying to contradict you of course! Just want to make sure the starter of this thread gets the best help they can.
-
- on Wed 11 Nov 2009
- 06:03:53 AM UTC
Patience
If a user wants to wait for a response (and some boards don't respond very promptly) from one board only, then fine. But some users want (or expect) a quick response, for one reason or another.
Just take a look at all the threads on those boards that have "Bump" (some boards allow "Bump", and others don't). Certified Malware Removal techs are in short supply, and are vastly outnumbered by all the infections out there.
They try to respond to every post, but now and then one falls through the cracks. You'll frequently see a user get frustrated and quit when that happens. Hope that's not the case if the OP chooses to post on only one board.
-
- on Wed 11 Nov 2009
- 03:27:39 AM UTC
WOT Community - gives us security through unity.
I rather hope that the WOT community gives us security by the sharing of experience and expertise. Such experience and expertise might not be in the scope of WOT but that doesn't mean that experience and expertise cannot be shared through this forum. I, for one, am happy to read the possible resolutions to problems that we might all suffer at some time, and I am readily bored by the tired bleatings of others who criticise rather than engage with possible solutions (Lordpake take note).
-
- on Wed 11 Nov 2009
- 09:03:52 AM UTC
and I am readily bored by
and I am readily bored by the tired bleatings of others who criticise rather than engage with possible solutions
You may be happy to read about possible solutions, however unprofessional advice can result in bricked machines. Will you be willing to accept responsibility in that case?
Also, the malware out there nowadays, in a bad case, is not a joke. They require people who know what they are doing, and who can instruct in the use of specialist tools if necessary! And those communities have many who know, so even if the fixer doesn't recognize the infection he/she can draw upon the pool of knowledge present in that community.
While WOT is wonderful place in many aspects, this is not a dedicated malware removal forum.
"Men make good pets." -
- on Thu 12 Nov 2009
- 11:45:35 AM UTC
willing to accept responsibility
I can and do take responsibility for everything on my computers. Since I build the computers that I use, I am well aware of many of the pitfalls. Quite frankly, the worst that can happen in the case of malware or viruses is that I have to completely wipe the hard drives and reinstall the OS. However, I keep backups of all important files so it only costs me a couple of hours to do this.
As for your suggestion that the advice being offered is not from experts, I do not know if the advice is expert or not but I have the capacity to investigate and confirm whether the advice being offered is worth using. Whilst the forum is not a dedicated malware removal forum, I see no difficulty with using the forum to impart such advice as might be requested.
BTW Men are not pets.
-
- on Thu 12 Nov 2009
- 04:00:47 PM UTC
You and I both know about
You and I both know about backups etc.
My concern here is the regular user, who doesn't know a thing about OS or disaster recovery.
I do not know if the advice is expert or not but I have the capacity to investigate and confirm whether the advice being offered is worth using
This place lacks any form of "expert system". Anyone can give advice, no matter how ill-adviced that advice is. What happens to the poor soul who in good faith seeks help in the wrong place and gets totally unprofessional help? You can't expect normal users to do serious research regarding files/processes/BHOs/registry entries etc.In case you haven't noticed yet, most if not all HjT forums have a system of trainees/experts/fixers/teachers and so on, and only those are allowed to post replies to posters seeking help with malware removal.
In here, anyone can post with their "advice". I am not here to hamper *your* learning. If you are interested about these things start visiting places like MBAM and Spybot forums for starters :)
I see no difficulty with using the forum to impart such advice as might be requested
I do. As pointed out above, anyone can answer, no matter how little they know. The OP has no way of knowing if the advice is correct, or will it cripple his/hers system.That is why I advocate directing help seekers like this thread here ("I am computer illiterate! Please help!") to a more professional forum than ours here.
"Men make good pets."
-
- on Wed 11 Nov 2009
- 04:16:34 AM UTC
How about your anti virus..?
How about your anti virus; has it detected anything bad lately? Is it updated..?
Have you tried an online scanner to get a 'second opinion'..?
Find several here: www.mywot.com/wiki/Online_toolsWhat is "Yahoo Search 13"? I've never heard about it, and Google didn't seem to know either. Is it the full name, or an abbreviation? Any specific details you could add..?
-
- on Wed 11 Nov 2009
- 04:39:45 AM UTC
Hmm
deyaboo.net maybe? I'm not really sure but it was the closest I could find...
Iframe to alt.impresionesweb.com, http://www.UnmaskParasites.com/security-report/?pa...
rated red by Creastery; http://www.mywot.com/en/scorecard/alt.impresionesw... -
- on Wed 11 Nov 2009
- 08:32:28 AM UTC
Virtues of Malware Removal tools
While I do indeed agree that Malware Removal procedures are outside the scope of the WOT forum, and have said as much in my prior post, my opinion of Malware Removal procedures is that they are generally . . . a waste of time.
Here's why . . .
I can see only two good reasons to try these procedures: 1) You don't have backups of your data (and need to try to save your data on the off chance that a removal routine will leave your data intact . . . not always the case), and/or 2) You don't have a clean image ready to substitute.
I mean, how are you ever going to be 100% sure that these removal devices have cleaned your machine completely? You may not see any symptoms for a few days, and then something may come out of hiding again. And in those few days you may accumulate valuable data that will be corrupted by the infection(s).
IMHO, a clean install would take less time than it would for removing the mess. Consider this: A full reinstallation of OS and all the applications/drivers would take about two or three hours. Then their customization would take approximately 6 hours total. The updates of all the components might take another two hours (depends upon the components that need to be updated, the connection speed, and how far behind the latest versions they currently are). In short, one day . . . maybe less
Trying to remove the malware from the system with malware removal tools would likely take longer (malware removal procedures frequently have many iterations, and if you look at most malware removal threads on those boards I listed, you'll see that they usually span over a week in the process). Also, some redundant registry entries or files would be likely to get left behind (in Windows). You can never be sure of a 100% clean state once the system's been infected. The best defense is not to get infected in the first place (which is one of the reasons for using WOT).
Bottom line, the only way to be absolutely sure that all malware is gone is to do a clean install.
Save yourself time and headaches, and just do a clean install and be done with it (save all your valuable data FIRST).
And when you're done with that clean install, make yourself a clone or an image so you never have to go through these headaches again if you get infected.
Many users recommend SAS and MBAM, which are good removal tools and can even be used by noobs (not so for industrial strength removal tools like ComboFix, SmitFraudFix, and such, which should only be used under the guidance of malware removal pros on those boards). But SAS and MBAM lead to the same flaw in malware removal procedures: you can never be sure they got it all (which leads back to the only two reasons I can see for trying them . . . see above).
BTW, lordpake, I was a certified malware removal person, but the OS I trained on back then was Windows, and I've not used Windows in over a year (I'm a Linux junky now). Plus that was several years ago, I've not been active, and I'm sure my skills are wayyyyyy out of date. Consequently, I would not presume to lend detailed advice on how to use those tools, OTHER THAN READING A HJT LOG JUST TO SEE IF THERE'S CAUSE TO GO FURTHER ON THOSE REMOVAL BOARDS, IF A USER WANTS TO GO FURTHER WITH REMOVAL PROCEDURES (which I recommend against, and recommend a clean install instead, with the exception of the two circumstances that I detailed).
-
- on Wed 11 Nov 2009
- 12:07:15 PM UTC
What happened to the Original Poster..?
Publishing the same questions on many boards and forums may ensure the poster get a quicker answer. Yet, there's also an obvious drawback: it may waste a lot of peoples time as well.
When the first answer appears, the others have wasted their efforts.
Furthermore, the first answer may be fastest, yet not the best.
Finally the best response may even be the slowest...And, perhaps this is what has happened here.
I mean, where is the original poster now?
There are (so far) 15 posts from us -
but the OP seems to have vanished... -
- on Wed 11 Nov 2009
- 02:17:46 PM UTC
Boilerplate
@phantazm,
"Yet, there's also an obvious drawback: it may waste a lot of peoples time as well. "
Malware Removal experts have initial boilerplate responses that they can cut and paste quickly. Reading a HJT Log for evidence of infection, based on the user's stated symptoms, doesn't take much time either. 99% of the infections are pretty ho-hum and they've seen it before, so coming up with a first step is boilerplate too. Consequently, the initial response doesn't take all that much time.If the user responds with additional requested logs (like SAS, ComboFix, SmitFraudFix, etc., that's when it may take some time, and is why boards ask, and I said, STICK with the first response. Yes, if a user keeps multiple malware removal experts working on it from different boards, it does indeed waste the malware removal expert's valuable time.
BTW, here are some excerpts from one of the malware removal boards:
"Do not bump or add additional posts to your thread" before a response.
"don't start another message for the same problem or ask why your thread is not getting answered"
"A new post will not get answered before your original post anyway since we work in queue order. Thus it does not help you."
"We are way too busy to waste time trying to read poorly formatted hard to understand messages and may even refuse to answer your message if they are written this way."
As you can see, these "rules" are designed to conserve the limited time available because there are so few malware removers.
Good question about the OP . . . so maybe h/she took our advice and went to a malware removal forum.
My settings were changed from an outside sourse! How do I change them back?
I am using the latest version of Mozilla Firefox. Google is my homepage as well as my default search engine. However, when I enter info in the "address bar" in the top centre of the page, it goes to Yahoo Search 13. This site has a very poor rating, and I did not select it. How do I get rid of it, and re-set it to another site? I am computer illiterate! Please help!