Announcement

Collapse
No announcement yet.

Google Toolbar in IE hijacked/hacked?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Google Toolbar in IE hijacked/hacked?

    Running latest Adshield, Adaware, and Spybot and also an up to date NIS2003 on a permanent ADSL connection to internet with Messenger disabled ..........

    Left machine this morning to check on a client and on returning have Google toolbar awol, a ton of blocked pages by Adshield and a shit-house full of new links in IE - stuff like gambling, dating, flowers etc etc................

    Ran Adaware manual scan and have 47 new items listed! (Now this piss me off - I thought if it can identify it manually it should also prevent installation no?) - stuff I see are things from 180solutions a file called msbb.exe, istbar, stoppop, VX2betterinternet, iesearchbar.dll, bridge.dll, bi.dll

    Anybody see the same or similar ?

    What the hell is this all about now again?
    Lawrence

  • #2
    Not uncommon apparently and

    Yet some more


    Anybody know how this thing gets into my system (in my opinion secure and up-to-date system)?
    Last edited by LvR; 2 April 2004, 08:05.
    Lawrence

    Comment


    • #3
      Ad-aware doesn't block them just removes them. There a few about programmes around that claim they block them but I haven't tried them.
      Basically be very careful what you click on when you're browsing.
      Chief Lemon Buyer no more Linux sucks but not as much
      Weather nut and sad git.

      My Weather Page

      Comment


      • #4
        I think the pay versions of Ad-Aware have agents that stay in memory and protect you.

        I use Ad-Aware's free version, and Spybot S&D. Spybot's "immunize" and some other things help protect you in advance.
        Gigabyte P35-DS3L with a Q6600, 2GB Kingston HyperX (after *3* bad pairs of Crucial Ballistix 1066), Galaxy 8800GT 512MB, SB X-Fi, some drives, and a Dell 2005fpw. Running WinXP.

        Comment


        • #5
          From what I read: Adaware is good at removing, but the protection doesn't prevent stuff from being isntalled.

          Also Adaware doesn't catch everything that Spybot does and Spybot doesnt't catch everything Adaware does (Read a review, too lazy to search for link ATM).

          The best is to use both.

          Recently I was asked to unf*ck a machine that had about 100 adaware items, abot 15 items spybot found, 5 manually removed viruses and a few that Norton found.

          Some virus prevented:
          - access to keyboard, while machine is unplugged from net
          - acess to ZoneAlarm, Norton Antivirus and Taksmanager

          I had to download Process Explorer from Sysinternals in order to find out what was running. Then I googled for a few active processes.

          In order to remove them had to reboot Win2k in safe mode, open registry editor, go to HKLM\Software\Microsoft\Winows\Current version\Run and remove everything that was not driver or utility (googled for name of entries) clean it up, so that I could boot up, enable firewall and install Norton Antivirus and do Adaware scan.


          My adwice:
          - install firewall (on your router or software firewall) Kerio is powerful but not so user friendly, ZoneAlarm is decent (doesn't work well with DC++), but is more user friendly. Also resides lower in the system than Kerio (enabled prior to logon), so it can be more easily disabled.
          - patch Windows to lattest service pack
          - download trial edition of some antivirus and do a scan or do online scan at Symantec website.
          - run both Adaware and Spybot Search and destroy
          - either browse web with IE on restricted settings or under User or Guest account or use Mozilla/Firefox or Opera as main browser (or at least for pr0n, warez and sites that you don't know).

          I like Firefox, but it's not completely out of beta yet.


          For browser to function you (may) need:
          - quicktime
          - windows media
          - flash player
          - shockwave
          - ipix (3d panorama) plugin
          - google toolbar

          Every other plugin or whatever site wants to install is most likely a virus or spyware.
          Last edited by UtwigMU; 2 April 2004, 17:33.

          Comment


          • #6
            Thats what I cannot understand UtwigMU..........

            Running an up to date Adaware Pro 6.181 with its "Adwatch monitoring" component resident and active and often catching these things (get a notification and the activity gets blocked) - this in addition to the latest Spybot 1.3 (6) that shows I definitely had "immunized" against their known threats - this in addition to the latest Adshield 3.0.7.0 that is kept up to date daily - this in addition to NIS2003 that is also kept up to date daily....................

            Given all of that WTF must I add to this bundle to prevent the exact same happening again?
            Lawrence

            Comment


            • #7
              NIS2003 doesn't stop this stuff and never has. Generally you only need one or these little buggers to get in and it downloads it's pals.
              One thing that helps is blocking secondary cookies, pop ups and block all activeX controls. Aviods dodgy sites and don't be click happy. I've got my security level set to high on my 2004 NIS and combined with Netgear DG834G and it's firewall not much gets through. Mainly the odd cookies.
              Other things not to do is download excutables from dodgy websites or use peer to peer as this downloads junk onto your computer.
              I don't use any active blocking stuff from lavasoft or the spybot authors. Just do a weekly scan with spybot and Ad-aware.
              Chief Lemon Buyer no more Linux sucks but not as much
              Weather nut and sad git.

              My Weather Page

              Comment


              • #8
                LvR ... do you have the Google Toolbar advanced options set? Turn them off.
                <TABLE BGCOLOR=Red><TR><TD><Font-weight="+1"><font COLOR=Black>The world just changed, Sep. 11, 2001</font></Font-weight></TR></TD></TABLE>

                Comment


                • #9
                  Originally posted by LvR
                  this in addition to the latest Spybot 1.3 (6) that shows I definitely had "immunized" ...........
                  Huh? The latest Spybot I can find is still 1.2
                  Gigabyte P35-DS3L with a Q6600, 2GB Kingston HyperX (after *3* bad pairs of Crucial Ballistix 1066), Galaxy 8800GT 512MB, SB X-Fi, some drives, and a Dell 2005fpw. Running WinXP.

                  Comment


                  • #10
                    From what I read (haven't tried full versions of Adaware or Spybot), they aren't good at preventing stuff from being installed.

                    The only difference is that resident version might detect them after they are installed, while free version will detect them on first scan.

                    I really recommend ditching IE for some other browser.

                    Comment


                    • #11
                      Originally posted by xortam
                      LvR ... do you have the Google Toolbar advanced options set? Turn them off.
                      Spyware !!!!!!!


                      Even better stop downloading all that pron

                      Works wonders after my sister stopped my nephrews doing it.
                      Chief Lemon Buyer no more Linux sucks but not as much
                      Weather nut and sad git.

                      My Weather Page

                      Comment


                      • #12
                        Originally posted by UtwigMU
                        From what I read (haven't tried full versions of Adaware or Spybot), they aren't good at preventing stuff from being installed.

                        The only difference is that resident version might detect them after they are installed, while free version will detect them on first scan.

                        I really recommend ditching IE for some other browser.
                        Spybot won't catch an installation, but it will fix your ActiveX settings to something more reasonable, and blacklists the IPs of many places that you would install the malware from.
                        Gigabyte P35-DS3L with a Q6600, 2GB Kingston HyperX (after *3* bad pairs of Crucial Ballistix 1066), Galaxy 8800GT 512MB, SB X-Fi, some drives, and a Dell 2005fpw. Running WinXP.

                        Comment


                        • #13
                          Wombat - Spybot 1.3

                          Xortam - Have Google Toolbar installed in standard mode.

                          Pit - but then you guys should stop posting links to pics/stuff here that one can dissect to look at other stuff on the same host ........ curiosity definitely killed the cat in this case I suspect. Not using any peer to peer setups that I know of to download anything
                          Last edited by LvR; 3 April 2004, 21:31.
                          Lawrence

                          Comment


                          • #14
                            this is good to and free:

                            P4b@2.7, AOpen ax4spe max II, 4X Parhelia 128 with Zalman zm80c and fan -or- ATI Radeon X800GTO, 1024mb.

                            Comment

                            Working...
                            X