General discussion

Help! My Browser is Highjacked & I've tried Everything

I have tried everything - adaware, spybot S&D, bps' spyware/adaware remover, hijackthis.de & microsoft's anti-spyware beta. McAfee was disabled, but I got it back up and running and have no viruses. Ad-aware is still finding backdoor.haxdoor.c and i can't remove it, spybot finds nothing. My problem is that I can only get on-line for the first few minutes after i reboot and then my browser starts getting redirected & timing out regardless of whether i use ie, netscape or mozilla. I don't have a clue what else to do. Can you help??

Discussion is locked

Follow
Reply to: Help! My Browser is Highjacked & I've tried Everything
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Help! My Browser is Highjacked & I've tried Everything
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
one more thing

p.s. java seems to be disabled in ie - i can't see this forum from my infected computer.

- Collapse -
Hi jennleibo
- Collapse -
thanks

i tried to follow these instructions on symantec and i didn't have all of the files and reg entries they mentioned. i'm not sure how else to figure out what is going on though with my browser...i am trying to avoid completely reinstalling windows. any other tips on the internet connection issue?

- Collapse -
Did you also run your

Virus scanner again as also suggested on the Symantec link? I have a couple of other questions too. You said you used "adaware, spybot S&D, bps' spyware/adaware remover, hijackthis.de & microsoft's anti-spyware beta." Did you delete anything from them? Particularly with the BPS one or the hijackthis.de? hijackthis.de can be dangerous if you delete the wrong thing. I hope you are using the correct Ad-Aware also. There are a lot of ripoffs. The correct one is Ad-Aware SE from Lavasoft. The BPS spyware remover you can read about on this link here for rogue products. Scroll down to it and read the note about it. It is one of the worst offenders.
http://www.spywarewarrior.com/rogue_anti-spyware.htm

- Collapse -
Hmmmm

Well, I'll be uninstalling BPS when I get home...I thought it was a different product and unfortunately bought it before I realized that. I have Lavasoft's product, I made sure it was the real one before I downloaded it. I only have one thing left on hijackthis.de which is listed as "nasty." The backdoor.haxdoor.c may be coming up in the bps product... I deleted lots of things found in ad-aware, microsoft's product, bps & spybot. I had bugs like DSO Exploit, cool web search, istbar etc. and those seem to have gone. I deleted some things from hijackthis that I recognized as part of the other bugs i'd seen. Also, someone sent me a utility to remove the istbar that worked. I turned off the system restore point in my computer's properties setting - i thought that might help. Somehow though we still are having issues. I even downloaded SP2 for XP. I am about to call the "geek squad" if they guarantee to fix my computer. I am mildly tech savvy, but so frustrated that i went to the apple store today to look at MACs. Any other ideas?

- Collapse -
Sounds like you have done

a lot for sure. You've had so many different issues that I'm not sure what to tell you next. The DSO exploit in Spybot will come back again probably because there is a bug in Spybot so it doesn't really get fixed but that is not a problem, you can ignore that. That is the least of your worries now. Turning off system restore would have been the last step to do once you were totally clean, then you reenable it to create a new restore point. As far as the internet connection being as it is not a constant thing meaning a break in the LSP chain, I'm not sure what to tell you. That MAY be a totally unrelated issue. It's awful hard to tell when we have no idea what you have actually deleted with all the different applications.

- Collapse -
One more suggestion which
- Collapse -
i'll try that...

...posting my hijackthis log was the last thing i was going to try....i have no clue how to reinstall the internet explorer. I actually got rid of the dso exploit - ready about the bug and how to get rid of it from spybot - i had meant to download spyware blaster instead of bps so i might try that. i could have deleted a setting - my ISP was totally useless in trying to help - which is why i was thinking of calling that geek squad. i'll try posting a hijack this log and see how that goes....thanks for all of your help!

- Collapse -
You are welcome and

SpywareBlaster is excellent, I use it myself but it won't rid you of your problem because it is a blocker and not a scanner. I definately recommend it for protection though. I'm going to give you the correct URL for it so you don't get a ripoff one by mistake. There are many of them for this application too. You want the one from javacool which is on this link.

SpywareBlaster (a blocker only, download it, check for updates, enable it and leave it alone except for checking for updates occasionally)
http://www.javacoolsoftware.com/spywareblaster.html

- Collapse -
i got the right one...

...finally. i should have gone to download.com in the first place...i uninstalled bps last night...but still have the problem staying online....no clue..thanks again for all of your ideas & help...not sure how to reinstall IE, but that may be my next start....

- Collapse -
Hi again, did you
- Collapse -
Hi

so one of my IT colleagues at my office took pity and is helping me, so i brought in my machine from home, but he just installed xoftspy on my computer which i just read not great things about and i'm not sure whether it's going to fix the problem. my colleague searched for the spyware for the specific file for cws that was also on my machine and xoftspy came up as a removal tool. having been duped before by rogue software i'm not sure this is going to help, but i figured i would try...i will try hijacker this weekend if what we did today doesn't work. thanks again for your follow-up.

- Collapse -
(NT) (NT) OK jennleibo, good luck and keep us posted.
- Collapse -
will do

i'm going to be crazy and stop selective startup and see what havoc i wreck on my computer...should be a fun weekend...have a great one & thanks for your time.

- Collapse -
(NT) (NT) You're welcome.
- Collapse -
ok...so xoftspy didn't fix the problem

my browser is still hijacked and who knows what else is wrong...assuming i can get online from home for a few minutes this weekend, i will go ahead & post the hijackthis log to the forum you suggested. (unless my IT colleagues are able to produce a miracle before COB today)
Thanks....and i'll keep you posted.

- Collapse -
(NT) (NT) I really think HJT is your best option. :D
- Collapse -
i hope so...

...not looking forward to reinstalling windows.

- Collapse -
DO NOT GET A MAC

Do not get a mac. I sugggest reinstalling IE. You will not be happy with a mac.

- Collapse -
Defence!

I too, have had problems with hijcker problems, until I purchased a program CD named 'System Mechanic5 Professional! This program works VERY well at BLOCKING any hijacker, and included is an anti-virus program, named kaspersky. THis program works very well, as it wil block anyhijacker, as well as any virus intrusion.

Best Wishes,

Sam

- Collapse -
Stolen Browser

You have probably already tried this, but the only way I have found to correct this problem is to use Spy Sweeper. I have used it for a long time and If you have not tried it, I hope you will. It has never failed me. It is a Webroot product and you can use it as long as you wish. If you will go to options on the left side then above to Shields, click on it then click on Restore without notification. At the bottom it will show you have shielded what you need. When you close out be sure and minimize. I hope you are already fixed but if not, I think thie will take care of you. Bill Anderson

- Collapse -
Stolen Browser

Go to Panda.com if you can and run a free scan.

- Collapse -
Stolen browser

Oops---That should be pandasoftware.com Sorry.

- Collapse -
tried it just now

Hi - I ran this....it deleted some things, but my browsers are still timing out - IE, Foxfire & Netscape...any other thoughts? thanks

- Collapse -
jennleibo

Just to let you know, this was one of the threads that was put into one of the CNET newsletters so the whole thread might become quite active for the next couple of days. All people have to do to respond to it is click a link in the e-mail newsletter that they received. Have you posted the HJT log in a HJT forum yet?

- Collapse -
I'm posting the hjt log today

I am posting the log today at castle cops - also under jennleibo as the username...i'll let you know when i hear back.

- Collapse -
(NT) (NT) OK, Good luck.
- Collapse -
(NT) (NT) i'll need it :)
- Collapse -
HJT log posted at this forum
- Collapse -
I just looked at your post, you did

a good job with a lot of information supplied. It's too bad that more people didn't do it that way. It makes it easier for everyone involved. Like I said, they are busy but someone will help you as soon as they can.

CNET Forums

Forum Info