Weird Internet Explorer problem at work *Update: Beware of "HuntBar"*

Apr 5, 2000
13,256
1
0
*Update* 99% sure it was some crap called Huntbar. Installs itself into Program Files/Common Files/BTLink. Deleteable if you ATTRIB -h -r -s the folder. It also installs registry keys which seem to be deletable only in Safe Mode. Also found Gator and MSView and IPinsight as well

I hope someone here can help me here:

My computer at work runs Win2K. Everytime I try to connect to a site in internet explorer, about 10 new windows will open up instantly, then close, then 20 open up, then close, and so on. The only way to stop it is by going to task manager and shutting it down. It only happens when I connect to a site - just opening IE on it's own doesn't trigger this event.

I ran Norton Antivirus, nothing. Checked the start up files, cleared the temp. internet files, still the same thing happens. I tried looking manually through all the folders on the hard drive and couldn't find anything out of the ordinary. Tried looking for instances if IExplore in the registry but couldn't find anything out of the ordinary. This happens on all user accounts on that computer, not just mine, so it's not limited to just my account.

The site that crap keeps pulling up is:

http://69.20.5.22

Which is hosted on rackspace.com. I sent them an email but I'd still like to know wtf is going on with my machine. Thanks!
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
That sounds pretty infuriating :| I bet you'll find some flavor of spyware is responsible for that stunt. If you find it, would you kindly let us know what it was?

Once you do track it down to the folder where it installed to, leave the folder (or re-create one with the same name) and use NTFS permissions to deny all permissions on that folder to ANYONE. The "scorched-earth" policy, I call it :D
 
Apr 5, 2000
13,256
1
0
Originally posted by: mechBgon
That sounds pretty infuriating :| I bet you'll find some flavor of spyware is responsible for that stunt. If you find it, would you kindly let us know what it was?

Once you do track it down to the folder where it installed to, leave the folder (or re-create one with the same name) and use NTFS permissions to deny all permissions on that folder to ANYONE. The "scorched-earth" policy, I call it :D

mech - oh believe me, it was. The most infuriating part was me spending a lot of the day trying to find it. I should have guessed adware but unfortunately I didn't. I'll let you know what kind it is if I can identify it. The worst part was after opening over 100+ ie windows total, it consumes all system memory and forces you to reboot in order to use the computer. I was not a happy camper today
 
Apr 5, 2000
13,256
1
0
Originally posted by: mechBgon
That sounds pretty infuriating :| I bet you'll find some flavor of spyware is responsible for that stunt. If you find it, would you kindly let us know what it was?

Once you do track it down to the folder where it installed to, leave the folder (or re-create one with the same name) and use NTFS permissions to deny all permissions on that folder to ANYONE. The "scorched-earth" policy, I call it :D

mech - found 3 flavors of spyware: Gator, MSView, Weathercast, and Huntbar are the main ones. Weathercast is harmless as is Gator. I'm 99% sure it's Huntbar, which installed itself into Program Files/Common Files/BTLink. I managed to delete the directory after taking off all attributes in a dos window, but for the life of me I cannot delete the registry keys for Huntbar, nor rename it. Guess I have to boot into safe mode in order to do so. My IE is working fine again.
 

wjsulliv

Senior member
May 29, 2001
970
0
0
Gator is by no means harmless... A program that records your passwords and tracks your web browsing for advertiser use? Using gator is asking to have your passwords stolen and identity taken.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Originally posted by: Angrymarshmello
Originally posted by: mechBgon
That sounds pretty infuriating :| I bet you'll find some flavor of spyware is responsible for that stunt. If you find it, would you kindly let us know what it was?

Once you do track it down to the folder where it installed to, leave the folder (or re-create one with the same name) and use NTFS permissions to deny all permissions on that folder to ANYONE. The "scorched-earth" policy, I call it :D

mech - found 3 flavors of spyware: Gator, MSView, Weathercast, and Huntbar are the main ones. Weathercast is harmless as is Gator. I'm 99% sure it's Huntbar, which installed itself into Program Files/Common Files/BTLink. I managed to delete the directory after taking off all attributes in a dos window, but for the life of me I cannot delete the registry keys for Huntbar, nor rename it. Guess I have to boot into safe mode in order to do so. My IE is working fine again.
Thanks for the ballistics report. Gator does report what sites you visit to GAIN's servers, among other things, so if your browser seems slow... yeah. I'd peel it off, if it were me.