| laborlitigator |
Every single time I try to start up my Interet Explorer my home page is www.egoog.com
Then, when I go to internet options, I clear all the cookies, I clear the temp folders and manually type in my old homepage but to no avail.
Then, I ran adware.com to find any suspicious programs with no help.
Although I can manage with it, it is so annoying to have to retype the homepage that I want.
Any suggestions? |
|
|
| DaleB |
What a small world! I just ran into that one too. A trojan no doubt.
The root is in:
Windows/Local Settings/Temporary Internet/ContentIE5
There are two folders there with IH7....or such nomenclature. I tried to delete them but they pop up again on reboot.
I can not find anything in my startup menu that is turned on to cause that.
Did searches and found a troubleshooting website discussing the same problem but there was no solution.
I have adware also, latest version, no luck. |
|
|
| laborlitigator |
| GRRRR!!!!!!! Anyway I can threaten to sue these people. . . let me brush up on my consumer/internet law. |
|
|
| TheWorm |
| Shot in the dark here -- have you tried the IP Properties tab in Network Config in the Control Panel? Check the IP addy's for gateway, DNS and WINS resolution. They (probably) should be blank. |
|
|
| buhmabee |
| Tried it on both my Mac running latest OSX, and my PC running 2000 Pro. I could not replicate your problem. I will ask around, and if I hear anything I will get back to you. |
|
|
| DaleB |
quote:
Originally posted by TheWorm
Shot in the dark here -- have you tried the IP Properties tab in Network Config in the Control Panel? Check the IP addy's for gateway, DNS and WINS resolution. They (probably) should be blank.
They are blank except for a domain name and my ISPs url.
I should be running ZoneAlarm, etc. I suppose. I have done probe tests of my PC ports and always come out 'stealth'.
Basically hide behind a router plus have a static IP. But that's not 100%. More than likely associated with something I recently downloaded. I am sure as this becomes more prevalent they will find the culprit.
These critters come and go, and then some inocuous website will offer an OPT OUT option after enough complaints.
What makes it worse is this Egoog website is about the most useless thing you ever saw!! DON'T GO THERE!
It is definitely an IE cling-on. IE 6 has had some big holes that MS is constantly working security patches for. |
|
|
| jonnygoodboy |
| Microsoft would just love IE everywhere, including your beloved MDX. Doesn't that sound like a good idea? :eek: |
|
|
| Desant |
Yeap. Laborlitigator, I am 99% sure you got a "URL hijacker". My cousin in Montreal had one. Most of Internet Security tools will not help. There are some specialized programs that also will not help most of the time. Cleaning up Temporary Internet files, cookies will not help either.
The way I fixed my cousin's is finding the entry in the registry and replacing it with the original Windows (IE) entry. However, you should be careful doing it, because if you simply remove the "hijacker" from registry without replacing it with the original entry, your Internet Explorer won't recognize URL addresses any more. :3: And reinstalling IE or AOL won't fix it.
I will do a little bit more research on automated tools and will let you know soon. |
|
|
| laborlitigator |
| I'm trying startpage guard. . . it seems to work. . . let's see |
|
|
| ghost |
Type MSCONFIG in your Run box to view what's in your startup routine - it will let you see if there are suspicious programs there.
I found a program called 5-1-25-230.exe that was resetting my home page each bootup. I was able to uncheck it, which solved the problem but the program name still shows up in my startup list. |
|
|
| mdxxxx |
laborlitigator,
A few questions...
1. Do you have a personal firewall? (Norton or ZoneAlarm)
2. What anti-virus software are you running? (Norton, McAfee)
3. Are your virus definitions up to date?
4. Do you have a system utility suite? (Norton systemworks) |
|
|
| laborlitigator |
quote:
Originally posted by mdxxxx
laborlitigator,
A few questions...
1. Do you have a personal firewall? (Norton or ZoneAlarm)
2. What anti-virus software are you running? (Norton, McAfee)
3. Are your virus definitions up to date?
4. Do you have a system utility suite? (Norton systemworks)
No, to all of the above |
|
|
| mdxxxx |
quote:
Originally posted by laborlitigator
No, to all of the above
:eek: , ok.. I'll have to give this more thought... |
|
|
| Desant |
| Laborlitigator, it seems to me like you may have a Trojan Horse - type program - a program that runs on your computer and among other things doesn't allow you to go to any other web site. If you have such a program, it may be also sending confidential info from your computer (if any) to other people. You can usually find it and get rid of it with a security software from a local electronics store. Programs like Norton Internet Security 2003 or others. |
|
|
| mdxxxx |
quote:
Originally posted by Desant
Laborlitigator, it seems to me like you may have a Trojan Horse - type program - a program that runs on your computer and among other things doesn't allow you to go to any other web site. If you have such a program, it may be also sending confidential info from your computer (if any) to other people. You can usually find it and get rid of it with a security software from a local electronics store. Programs like Norton Internet Security 2003 or others.
My thoughts exactly, however, Laborlitigator apparently has been bitten already...preventative measures may thwart future attacks, but right now, he is in need of a repair solution. If I had my Norton systemworks tools and his computer, it would be no problem in irradiating the problem.:4: |
|
|
| DaleB |
quote:
Originally posted by mdxxxx
laborlitigator,
A few questions...
1. Do you have a personal firewall? (Norton or ZoneAlarm)
2. What anti-virus software are you running? (Norton, McAfee)
3. Are your virus definitions up to date?
4. Do you have a system utility suite? (Norton systemworks)
For me, yes to 2 and 3. Running Norton AV 2002, always up to date. |
|
|
| Desant |
| I agree. I would actually get Norton Internet Security 2003, which includes Norton AV. I would run it and let it find the visruses and Trojan Horses (if any), eradicate them and then prevent intrusions moving forward. I think this should fix the problem and prevent it from hapenning in the future. |
|
|
| laborlitigator |
quote:
Originally posted by Desant
I agree. I would actually get Norton Internet Security 2003, which includes Norton AV. I would run it and let it find the visruses and Trojan Horses (if any), eradicate them and then prevent intrusions moving forward. I think this should fix the problem and prevent it from hapenning in the future.
Gentlemen,
Thank you for your suggestions. I will try those out. |
|
|
| DaleB |
I just downloaded another 'spy finder' called Spybot which did find several problems not found by Adware, and cleaned them up, but did not get rid of the 'Egoog'.
I do have a backup hard drive from which I could do an image copy that will be a few weeks old. But will work on this more before doing that. Will check out the Norton one. Maybe they have a 30 day trial , hate to buy it if it doesn't do the job. |
|
|
| texrb |
quote:
Originally posted by laborlitigator
No, to all of the above
I recommend you get a personal firewall - Zonealarm is free & works fine. I am behind a router & firewall, run Norton AV weekly & ad-aware weekly to keep my system "clean".
The problem you have can be fixed with Regedit as others have mentioned - but if you aren't sure what key to edit, be sure to backup the registry first. The msconfig may work too - if you know what the name of the startup program is to uncheck. This is a much easier fix.
if you don't get it fixed, pm me and I'll be happy to try to help.......but with all the computer gurus on here (that know a lot more than me) I 'm confident we'll get a fix posted quickly. |
|
|
| mdxxxx |
quote:
Originally posted by texrb
I recommend you get a personal firewall - Zonealarm is free & works fine. I am behind a router & firewall, run Norton AV weekly & ad-aware weekly to keep my system "clean"....if you don't get it fixed, pm me and I'll be happy to try to help...
Ditto... |
|
|
| Desant |
Good advice, Texrb.
I personally suggest using Norton Internet Security or BlackICE instead of ZoneAlarm, because the first two prevent intrusion in real time by combining Firewall and Intrusion Detection. ZoneAlarm lets you block traffic since it is a firewall, but it does not prevent many attacks that pass through firewall. However, it is free! :) |
|
|
| DaleB |
quote:
Originally posted by Desant
I tried Spybot also before - did not work for a URL Hijacker.
You can try Norton AV at:
http://nct.digitalriver.com/0001/
I have NAV and it works fine but does nothing for this problem. I do not have Norton Security, but will wait until laborlitigator tries his. It sounds like he needs a good utiility anyway.
I think the security product will work good as a preventative measure, but I don't think it will fix an existing problem. I hope I am wrong. |
|
|
| mdxxxx |
quote:
Originally posted by DaleB
... It sounds like he needs a good utiility anyway.
I think the security product will work good as a preventative measure, but I don't think it will fix an existing problem. I hope I am wrong.
I agree DaleB, That's why I recommend Norton Systemworks. An excellent diagnois and repair suite. A lot of the same functions can be performed using Regedit and/or MSconfig, however, Using NS insulates you more from making major mistakes with your registry and disk drive(s). Hidden files may also re-infect the registry. Some of this vicious code can be very insidious. |
|
|
| Desant |
Dale and MDXXX, you are right, Norton Internet Security WILL work in preventative mode. However, that product also includes Norton Antivirus which is integrated with the rest of the package.
AntiVirus should find and fix this problem if it is a Trojan Horse, virus or a hybrid attack. And NAV will detect, quarantine and fix hidden and system files if they are infected.
SystemWorks is a great tool, but in this situation I don't think it will help.
My recommendation is try Norton AV for free from the website from my earlier post, see it fixes the problem. If it does, purchase Norton Internet Security to prevent this and other problems in the future. |
|
|
| texrb |
Desant & Mdxxxx are absolutey correct with their posts :4:
I use Norton Systemworks as well & it is very efficient at cleaning up registry issues, however I haven't had a trojan horse issue as described here - so not sure it would be effective there.
I believe Norton Internet security is a better product than the free ZoneAlarm (as is ZoneAlarm Pro)- but the free version is better than nothing - which is why I suggested it as an immediate fix to help block future problems.
If anyone is on a broadband connection (cable or DSL) the best solution is a router with a firewall behind that.......I believe it is a necessity :4: |
|
|
| DaleB |
quote:
Originally posted by Desant
AntiVirus should find and fix this problem if it is a Trojan Horse, virus or a hybrid attack. And NAV will detect, quarantine and fix hidden and system files if they are infected.
My recommendation is try Norton AV for free from the website from my earlier post, see it fixes the problem.
I will repeat this one more time, I have Norton AV and it does not attack this problem. |
|
|
| Desant |
| DaleB, which NAV version do you have and do you have current virus signatures? |
|
|
| DaleB |
quote:
Originally posted by Desant
DaleB, which NAV version do you have and do you have current virus signatures?
2002 and auto updates, and weekly scans. |
|
|
| DaleB |
Have my fingers crossed, so far so good after 2 reboots.
Download this baby, it works instantly!
Select an alternate URL for your homepage. You can always change it later to anything.............
good luck!!!!!!!
http://www.spywareinfo.com/downloads/spg/ |
|
|
| DaleB |
| It does not work reliably. Ever so often egoog raises it's ugly head again! |
|
|
| xcel |
Hi All:
___I don’t have a good idea of how to fix the original Home Page reset since it is not sitting in the normal places by the descriptions so far. You can control most startup items using MSConfig under ME and XP but under Windows 2K, you have to use reg edit or load a third party startup manager. If you are using 2K, open reg edit and go to the following key: My Computer --> HKEY_LOCAL_MACHINE --> Software --> Microsoft --> Windows --> CurrentVersion --> Run --> Select the programs you don’t want to run and hit delete. Be careful using reg edit of course as your PC may never start up again ;) Another and guaranteed to work solution (my suggestion anyway) is a simple Format C: which will remove any traces of everything (not entirely as the DOD can pick off data even after a 3X 0’s written to disk format …). When you start over, drivers first, OS patches or updates next, and Norton Antivirus 2002 or 03 w/ the updated Virus def’s downloaded immediately after install is a very good start. Second, do not let Norton System Works 2003 – WinDoctor or any other of the included 1-touch utilities run rampant through your setup. If you follow each and every one of the Reg or dll changes for example, you will find that even the latest 03 WinDoctor guesses wrong on many occasions. Just don’t let it do what it thinks is right automatically. Zone Alarm still has a consumer level freebie for those interested. Just don’t click randomly and or install garbage and your set. I receive a virus based E-Mail ~ every 3 days and Norton has yet to fail me in this regard over maybe 7 years of use. As for the rogue scripts and executables, don’t let them take over! Get the kids on their own PC networked through a router or yours and keep them off at all costs. Lastly, might I suggest a dual partition setup with Data and the Installables on the D:\ and the OS and installed programs on the Root or C: … My own main PC triple boots ME, 2K Pro, and XP Pro. A full load from scratch takes ~ 1.5 hours for ME, 2.0 hours for 2K, and 4 hours for XP Pro and this includes ~ 2 GB’s of installables on both the ME and 2K Partitions and ~ 4 GB’s on the XP Pro partition. I clean house ~ every 6 – 9 months as programs outdate and begin to clutter myself but that is just me. You can create a B/U of the C: (an Image) on the D:\ using either Norton’s, now Symantec Ghost or PowerQuest’s Drive Image Pro for a quick restore but you will lose any updates from the original image. Setup your E-Mail program to store its contents on the D:\ drive so it will not be lost. I completely back up the .pst file of MS Office XP’s Outlook myself which is another solution.
___Sorry for all the run together thoughts but its late and I am a bit tired right now …
___Good Luck
___Wayne R. Gerdes
___Hunt Club Farms Landscaping Ltd.
___Waynegerdes@earthlink.net |
|
|
| Desant |
| DaleB, sorry to hear about it! :( It seems to be a persistent one. If you have still the support option, I would call Symantec Tech Support. You are probably not the only person dealing with this - so they may have a workable suggestion. |
|
|
| laborlitigator |
DaleB,
Haven't gotten anything to work yet. Although I have not gotten a copy of NAV |
|
|
| TheWorm |
Wow, we're up to 2 pages and you're still stuck?!!?
No luck/ideas from anyone on the spywareinfo forums, either? If you posted over there, do provide the link -- I'd be curious to see what they're suggesting... |
|
|
| laborlitigator |
Worm,
I'm trying NAV right now. . . hopefully, grandaddy takes care of it. . . |
|
|
| mdxxxx |
quote:
Originally posted by laborlitigator
Worm,
I'm trying NAV right now. . . hopefully, grandaddy takes care of it. . .
Crossing fingers... Also, Worm has a good suggestion. http://www.spywareinfo.com/yabbse/index.php has a lot of info and expertise in dealing with spyware hijacking ect. I've learned a lot in just minutes... |
|
|
| laborlitigator |
| Alas, even NAV fails to remove egoog . . . motherfather! |
|
|
| mdxxxx |
quote:
Originally posted by laborlitigator
Alas, even NAV fails to remove egoog . . . motherfather!
Hmmm, a real challenge.. stay tuned... |
|
|
| laborlitigator |
| And no posts on spywareinfo.com |
|
|
| mdxxxx |
Hmm, your quick laborlitigator,
Nice post on spywareinfo. I looked at your Hijak log dump, and of course this line jumped out...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.egoog.com/
Have you run regedit and searched on this string yet? DaleB, you too... |
|
|
| Desant |
| MDXXXX, great suggestion!!!!! That shoud solve it. ...Unless, there is a file that will add that back to registry after another reboot! :3: |
|
|
| laborlitigator |
MDXXX,
I tried unchecking it with hijack this. . . it still comes back (just like the big H!) I'll keep trying. |
|
|
| DaleB |
I did lots of peeking into the registry (brave or dumb as I may be) and even deleted some values that were 'egoog' etc. Plus some other funny stuff.
It worked until I booted up the 2nd time then came back.
I wrote an email to 7Search.com who apparently is associated with 'egoog'.
Here is their response:
Dear Dale,
Thank you for contacting 7search.com. Please be aware that we are
investigating Egoog.com and as soon as we find what they have done in
order to get this off of your site. Thank you for your time and
cooperation. If you have further questions please feel free to contact
customer support.
Please submit your follow-up questions regarding this case at (make sure
to copy-and-past the whole URL found between the doule-quotes!)
"http://7search.com/scripts/support/support_followup.asp?supportid=15459&c
e=dalebesh%40rawbw%2Ecom"
Thank you,
Giovanni P.
7Search.com
info@7search.com
Please check out our easy-to-use FAQ page for answers on many of your
questions about 7Search.com!
http://7search.com/info-about/faqindex.htm
--- Question(s) Transcript ---
*** Date: 12/11/02 10:07:35 AM ***
"Egoog" has hijacked my IE homepage and keeps recurring. When I do
searches on Egoog I get references back to 7Search.
Any information you have on this problem would be appreciated.
This is happening to more than just my PC.
--- Answer(s) Transcript ---
Try our new search engine 7MetaSearch.com! |
|
|
| mdxxxx |
| ok, I think its logical to assume there are hidden files that are re-initializing the registry values. Systemworks would be able to find these files, however, maybe we can manually detect them. In Windows explorer, make sure your settings/options are to show hidden files. Go to the Windows/System folder and sort files by date. Check date stamp on todays files, and check the properties of 'unusual' files... could be .dll, .inf, vbx, .html, .reg, or .exe files... keep in mind, this is a needle in a haystack for now... |
|
|
| TheWorm |
Interesting thread over there. They just jump right in to fix it.
I'm interested to know the "how did it get there" and "what does it do and why" stuff. As in, what's the point of resetting someone's homepage? |
|
|
| Desant |
TheWorm. Here are some ideas.
How did it get there? Several ways. ActiveX scripts - there are some vulnerabilities in Windows and IE as a part of it that will allow to put a file on your system without you knowing it. Then there is another way. When you get a popup after a popup, and you close them, sometimes it pops up a box or two asking if you want to put a certain website as your home page. Without noticing you may click yes, and there goes another script and there goes a Trojan. The way I prevent it is of course having Intrusion Prevention, like Norton Internet Security. Additionally, I have set up my IE in such a way that every time it tries to execute ActiveX or Java script it asks me. And, even if I have a slightest concern, I say no. Finally, I download all IE and Windows security updates as they become available. It is inconvenient, but it works.
When I lived in Atlanta, I actually counted how many times my wife's machine was attacked a day. Guess!!! ... around 800 attacks!!! Given, some of them were not serious, but about 20 !!! of them were Trojan Horse attempts!!! At the time I had BlackICE and it stopped all of them. Now I have Norton, which provides broader security coverage.
What can they do? Nothing or very many things! For one, they can shadow all your keystrokes and get all data you type, including credit card, bank numbers, etc. Some of them redirect traffic, so all unencrypted data ends up going through them and it is not that hard to crack 128-bit encryption as well. What else they can do? I know cases where these Trojan Horses send random files to people in your Outlook list. I know cases where they use computers of unsuspecting people to attack companies and consumers. And so on...
IMO, the dangerous ones are not the ones like egoog that you know of, but the ones that are silent to the user and do damage. For that reason, every 6-12 months, I back-up just my files. I disconnect my computers from the network, Fdisk/mbr, format HDs, reinstall Windows and all apps, install Norton Internet Security with the latest updates, run all checks, restore data and then connect to the Internet again.
I admit, this may be an extreme, but if you are connected via DSL or Cable Modem, and you don't have an Intrusion Prevention, Firewall or AV, chances are you already have are infected with something.
Sorry for a long post, I just thought it may be helpful to share... :) |
|
|
| laborlitigator |
quote:
Originally posted by TheWorm
Interesting thread over there. They just jump right in to fix it.
I'm interested to know the "how did it get there" and "what does it do and why" stuff. As in, what's the point of resetting someone's homepage?
I believe it's a control issue. . . however fleeting it may be. |
|
|
| laborlitigator |
Desant,
Nice post. I'll take some of the steps you've recommended, especially the NAV Internet Security. . . . however, for now, this is becoming personal.:11: |
|
|
| DaleB |
Great ideas guys, I really appreciate the effort. Checking the 'hidden' files in conjunction with the date the problem started sounds smart.
Great info here, I hope no one else gets bugged.
Will beef up my firewall too as soon as I get this put to bed. |
|
|
| mdxxxx |
Desant, you've hit the nail on the head. You and I have virtually identical methodology and set up. I trust in addition to your software firewall suite, you also have an additional layer of hardware/firmware protection such as a linksys router, ect.
In analyzing logs, the amount of attempted attacks are very high! I shudder to think of a systems vulnerability when connected to the Internet without protection. Even with protection, various code can bypass security, especially through email. I really appreciate NAV thorough scanning of each email.
laborlitigator, DaleB, how goes the fight? |
|
|
| ghost |
quote:
Originally posted by Desant
TheWorm. Here are some ideas.
How did it get there? Several ways. ActiveX scripts - there are some vulnerabilities in Windows and IE as a part of it that will allow to put a file on your system without you knowing it. Then there is another way. When you get a popup after a popup, and you close them, sometimes it pops up a box or two asking if you want to put a certain website as your home page. Without noticing you may click yes, and there goes another script and there goes a Trojan. The way I prevent it is of course having Intrusion Prevention, like Norton Internet Security. Additionally, I have set up my IE in such a way that every time it tries to execute ActiveX or Java script it asks me. And, even if I have a slightest concern, I say no. Finally, I download all IE and Windows security updates as they become available. It is inconvenient, but it works.
Desant, good post, but one key point. Whenever those boxes come up that say things like "Do you want to make this your home page? Yes/No", you really don't know what bits of code are going to run when you say No (No could mean yes, or No could run something entirely different and more malicious). I suppose with javascript you could view the source, but with other kinds of embedded code or links, it would be impossible to know. If a suspicious site gives me a box like that, I usually bail out or kill the process with the task manager.
Of course, who knows what great offers I'm passing up... :rolleyes: |
|
|
| DaleB |
quote:
Originally posted by mdxxxx
laborlitigator, DaleB, how goes the fight?
That last link you posted, mdxxx did it!
It worked like a charm cleaning out those msgrv32 files in the startup.
I had already deleted all the other spyware programs, with the exception of adware which I will likely keep. It's not as effective as I would have hoped, but it is gentle to the registry.
It's still cleans out some crap.
Next move will be to get a software firewall. |
|
|
| mdxxxx |
quote:
Originally posted by DaleB
That last link you posted, mdxxx did it!
It worked like a charm cleaning out those msgrv32 files in the startup....
Good! Definately a learning experience... |
|
|
| laborlitigator |
Gentlemen,
Thanks for your assistance. It worked and I've finally got my computer back (on my terms). I will be setting up a firewall and leaving NAV on my system. |
|
|
| laborlitigator |
| BTW, any good freeware firewalls? Zonealarm won't work on my laptop. . . |
|
|
| DaleB |
quote:
Originally posted by laborlitigator
BTW, any good freeware firewalls? Zonealarm won't work on my laptop. . .
You might check Tiny Personal Firewall. Do a search. I heard they charge now, I thought they still had a freebie for home use.
Look here too...shopping myself.
http://downloads-zdnet.com.com/3150-2092-0.html?tag=dir |
|
|
| mdxxxx |
quote:
Originally posted by laborlitigator
BTW, any good freeware firewalls? Zonealarm won't work on my laptop. . .
The most comprehensive firewalls to cost. (Unless you get a copy from Kazaa Lite), however, I wouln't use Kazaa Lite without a firewall... kind of like the chicken and the egg. I had ZoneAlarm until I downloaded Norton's firewall from Kazaa Lite.
The thing I like about Norton products is how they integrate within the systemworks suite. So the suite is updated in one entire operation. When you update your virus definitions, any other software updates to the suite's software package is done at the same time (firewall, windoctor, diskdocor, speeddisk, ect.)
laborlitigator,
What problems are you having with Zonealarm? |
|
|
| mdxxxx |
quote:
Originally posted by laborlitigator
DaleB,
Here's a good one recommended by the Spyware.info folks. . .
http://www.kerio.com/us/kpf_home.html
it seems to work fine for now. . .
Good. This seems more than adequate. |
|
|
| laborlitigator |
quote:
Originally posted by mdxxxx
The most comprehensive firewalls to cost. (Unless you get a copy from Kazaa Lite), however, I wouln't use Kazaa Lite without a firewall... kind of like the chicken and the egg. I had ZoneAlarm until I downloaded Norton's firewall from Kazaa Lite.
The thing I like about Norton products is how they integrate within the systemworks suite. So the suite is updated in one entire operation. When you update your virus definitions, any other software updates to the suite's software package is done at the same time (firewall, windoctor, diskdocor, speeddisk, ect.)
laborlitigator,
What problems are you having with Zonealarm?
It won't let me dl Zonealarm for the laptop. . . i've got to pay for the version for the lappy.
It's ok. . . this one by Kerio seems fine. |
|
|
| texrb |
| labor - thatis odd since I have free zonealarm installed on my laptop. Can you hook up the laptop to your desktop on a network & download it to your desktop? |
|
|
| Desant |
Laborlitigator and DaleB, glad that you got rid of the problem!!! :)
MDXXX, good point on FW HW - I have one in my cable modem and that significantly reduces attacks.
Ghost, I agree about killing the process on scripts rather than just clicking OK.
Finally, Laborlitigator - I would go with Norton Internet Security instead of ZoneAlarm, because it will make a big difference in the level of security offered and attacks stopped. Just FWIW. :) |
|
|
| DaleB |
quote:
Originally posted by Desant
Laborlitigator and DaleB, glad that you got rid of the problem!!! :)
MDXXX, good point on FW HW - I have one in my cable modem and that significantly reduces attacks.
Ghost, I agree about killing the process on scripts rather than just clicking OK.
Finally, Laborlitigator - I would go with Norton Internet Security instead of ZoneAlarm, because it will make a big difference in the level of security offered and attacks stopped. Just FWIW. :)
For now I went with the Kerio recommended by the site. I found it better at setting up than ZoneAlarm. You set it up as it stops various intrusions. Besides doing the Permit or Deny you can also decide if you want to have it always 'denied' or 'permitted'.
Zone Alarm had this list with all these options you would set up before hand and have to go back and update if you wanted to change, etc.
Of course you can still edit your list anytime but Kerio seem to setup and go to work much quicker.
It's been a while since I had ZA so it may have changed, and I know Norton gets a good grade in the reviews.
But I have depended on my D-Link router, plus the fact I have a fixed IP address. It worked fine for me for a long time, until this recent problem.
I have always had NAV and keep it updated and well as revised when a new one comes out. |
|
|
| mdxxxx |
quote:
Originally posted by DaleB
I was just sent the 'killer' for the egoog homepage hijacker program.
You can get it here:
http://www.free-popup-killer.com/uninstall.html.
I couldn't get it DaleB...
BTW. DaleB, what ISP do you use... Your IP address may be 'kinda fixed' if you use SBC Pac Bell, I believe the IP address may be fixed as long as there is a connection. If the connection is broken (no power, ect) your IP address may change... |
|
|
| laborlitigator |
quote:
Originally posted by DaleB
For now I went with the Kerio recommended by the site. I found it better at setting up than ZoneAlarm. You set it up as it stops various intrusions. Besides doing the Permit or Deny you can also decide if you want to have it always 'denied' or 'permitted'.
Zone Alarm had this list with all these options you would set up before hand and have to go back and update if you wanted to change, etc.
Of course you can still edit your list anytime but Kerio seem to setup and go to work much quicker.
It's been a while since I had ZA so it may have changed, and I know Norton gets a good grade in the reviews.
But I have depended on my D-Link router, plus the fact I have a fixed IP address. It worked fine for me for a long time, until this recent problem.
I have always had NAV and keep it updated and well as revised when a new one comes out.
DaleB,
I found the Kerio to be better than the ZoneAlarm also.
Have you run the spybot program. . . if so, I keep getting the same problem found in the registry. It then states that it was fixed but when I run it again, there it is again.
Any suggestions? |
|
|
| DaleB |
quote:
Originally posted by laborlitigator
DaleB,
I found the Kerio to be better than the ZoneAlarm also.
Have you run the spybot program. . . if so, I keep getting the same problem found in the registry. It then states that it was fixed but when I run it again, there it is again.
Any suggestions?
The 'fix' I just linked above didn't work?
Mine has been fine since I 'cleaned' those msgrv and msgrv32 files in the start up menu as suggested before.
Here's the text of the email I got from 7Search............
Dear Dale,
Thank you for contacting 7search.com. In order to remove the homepage
takeove please go to http://www.free-popup-killer.com/uninstall.html.
Thank you for your time and cooperation. If you have further questions
please feel free to contact customer support.
Please submit your follow-up questions regarding this case at (make sure
to copy-and-past the whole URL found between the doule-quotes!)
"http://7search.com/scripts/support/support_followup.asp?supportid=15459&c
e=dalebesh%40rawbw%2Ecom"
Thank you,
Giovanni P.
7Search.com
info@7search.com
Please check out our easy-to-use FAQ page for answers on many of your
questions about 7Search.com!
http://7search.com/info-about/faqindex.htm |
|
|
| DaleB |
quote:
Originally posted by mdxxxx
I couldn't get it DaleB...
BTW. DaleB, what ISP do you use... Your IP address may be 'kinda fixed' if you use SBC Pac Bell, I believe the IP address may be fixed as long as there is a connection. If the connection is broken (no power, ect) your IP address may change...
I have a 'service shell' for PacBell. It's run by Raw Bandwidth, and yes, does offer a fixed IP address.
Do you guys need this 'fix'? maybe I can email the little program to you. I don't know if it really works since I don't have the problem any more. |
|
|
| TYP |
After all these troble...
just got one Q..
GOT MAC?
:2: |
|
|
| DaleB |
| Great catch!! thanks! |
|
|
| kflint |
Even old threads can come in handy.
I got his by a trojan this week, called QHosts. This little gem changes your DNS settings and hijacks your browser. Among other things, it stops you from being able to access most search engines, including google to a fake notice that the site doesn't exist. :3:
After two frustrating days, I remembered this thread and, through its links, found the answer.
By the way, I am behind a secure firewall and run Norton anti-virus. This hit my computer on Wednesday, a few hours before Norton posted an update to its virus definitions that deals with this. You can't be too careful in a windows environment.
Thanks to everyone who shares here. |
|
|
|
