Browser Hijack

[kaizersose]

Someone must have seen this before.

I originally experienced it when I logged on to my amex account. A windows box pops up (not an IE box) and says that the site is doing security maintenance and asks for SS#, date of birth and mother's maiden name.

I immediately did spyware checks with Microsoft Antispyware and McAfee, both freshly updated. Nothing. I went to purchase Spyware Doctor after a family member recommended it, but I got the hijack's query when I tried to buy it (prevented me from going any further without entering info). ended up buying it using a laptop that is uninfected. ran spyware dr. and it removed a bunch of other stuff but lo and behold, the hikack is still there.

all anti-virus and anti-spyware programs are running real-time mode. i dont know what i've got or how to get rid of it. i have a screenshot of the query box at home so i cant post it now.

thanks in advance, -K

 

[Medea]

How did you get to the Amex site? Did you click a link in an email? On first blemish, it looked like a phishing site or even a pharming site.

If, however, you got the same thing when you tried to d/l Spyware Doctor, it sounds like you may have something else on your system.

Have you posted a HijackThis log?

 

[elkinm]

Did spyware doctor find the same hijack twice or did it find nothing with the hijack still appearing.
Serious hijacks attach themselves to running system processes like explorer.exe or some other file so you should run cleaners from safe mode and or kill explorer.exe or any linked precess so it cannot auto reload. You can run programs from task manager with explorer.exe not running.

Did you disable the Messenger and Alerter services?

If you can, try to get return Spyware Doctor for a refund. It works but it is not worth it against Adaware, SpyBot Search and Destroy, CWShredder and other programs which work better and are free. Spyware doctor works, but I have always used additional free software for a complete cleaning.

Post a hijackthis log. It does wonders for finding and fixing hidden hijacks.

Good Luck

 

[mechBgon]

Also follow this routine precisely: http://www.omnicast.net/~tmcfadden/scan.txt This keeps Explorer.exe from running and will help against many (but not all) rootkits and the stuff they hide. PM me the output from the C:\Report.html file if you don't mind

 

[kaizersose]

thanks for the replies.

just got back from work and have to head out again. i will do a hijack this routine tomorrow night (hopefully) and post results.

 

[kaizersose]

so this is funny....

when i hit the post button for the above post, the three other IE windows I had open closed and I got the 'timer' mouse symbol and i can tell my computer is mulling over something. i'm thinking, 'wtf is happening now' when my the AT reply box closed as well. oh sh1t. then, mcAfee pops up and says it removed a trojan, pws-banker.j.dll.

poof, it's gone. mcafee, i hate and love you at the same time. why do you toy with me?!?!?:|

thanks anyway.

 

[BadThad]

Originally posted by: kaizersose
so this is funny....

when i hit the post button for the above post, the three other IE windows I had open closed and I got the 'timer' mouse symbol and i can tell my computer is mulling over something. i'm thinking, 'wtf is happening now' when my the AT reply box closed as well. oh sh1t. then, mcAfee pops up and says it removed a trojan, pws-banker.j.dll.

poof, it's gone. mcafee, i hate and love you at the same time. why do you toy with me?!?!?:|

thanks anyway.

You should still dig deeper to make sure ALL traces are gone and there's not additional, non-detected processes running.

 

[kitkat22]

ditto on the ultimate clean before you say anything is done. Run your antispy AV software in safemode. I usually top off with trendmicros free searches on their website. Limiting your account will do wonders in keeping this garbage off.

 

[RBBRMADE]

You also need to turn off system restore, reboot.
Make sure the machine is CLEAN!
Turn System restore back on, and set a restore point.

 

[rasczak]

never mind system restore, I would seriously reformat if I were you. Once you've been infected, you can never really know if you are clean ever again unless you reformat completely. If you have another computer around that you know is clean, run the real time antivirus scanner while you transfer files over from your infected box to your clean box. also if you have one, run a real time spyware scanner as well.

then once you have completely backed up your files, reformat that sucker and start fresh. If you don't know how to do it and the files that are on the infected box are very important to you, then I would suggest taking the computer to your local PC shop and pay the $50 to $100 buck they would charge you to backup your files and reload your os.