Jump to content

IE 8 getting hijacked


csmdew

Recommended Posts

Lately when loading ebay or some other sites ie is being hijacked to yahoo, windstream info or some other sites. Have scanned with eset, malwarebytes, hitman, and a few others but can't find anything to fix problem. ran a hijackthis but nothing stoop out at me so i am attaching another run to see if anyone can spot something. sorry for typing but currently have no use of good hand due to recent shoulder surgery. thanks in advance. had to attach as txt file but u can just ch to log if needed

hijackthis.txt

Link to comment
Share on other sites


  • Replies 13
  • Views 714
  • Created
  • Last Reply

Download HostsMan, then install, run as admin.. ( if needed for your version of Windows.. ) Then see if you have anything that should not be in your LMHosts file.. If this isn't the case; be sure to erase your temp files.. in your browsers.. and possibly reboot your router/modem. Reason for this is that IF it is not your Hosts file.. then it could be anything that interacts with your Browsers.. OR DNS Poisoning. This can also depend on other protections that can be in place as well..

EDIT: Also regardless.. you should open your WINDOWS folder and scan the files in the folder and in System32 for anything that may seem foreign or oddly named.. with like named accompanying INI files.. See if they have properties and descriptions and check them out online in a few places to see if they are possibly and infection or malware of some sort.. Next I would download and install SpyBot Search and Destroy.. ( make sure you select all file sets and scan your system .. )

This should take care of the most common areas that these issues occur... You HiJack Log seems to be missing a few things.. but I did think that the IE Maximizer.exe is rather weird... check areas 02,04,15,23 and make sure these are actually items you have installed..

Link to comment
Share on other sites


Download HostsMan, then install, run as admin.. ( if needed for your version of Windows.. ) Then see if you have anything that should not be in your LMHosts file.. If this isn't the case; be sure to erase your temp files.. in your browsers.. and possibly reboot your router/modem. Reason for this is that IF it is not your Hosts file.. then it could be anything that interacts with your Browsers.. OR DNS Poisoning. This can also depend on other protections that can be in place as well..

EDIT: Also regardless.. you should open your WINDOWS folder and scan the files in the folder and in System32 for anything that may seem foreign or oddly named.. with like named accompanying INI files.. See if they have properties and descriptions and check them out online in a few places to see if they are possibly and infection or malware of some sort.. Next I would download and install SpyBot Search and Destroy.. ( make sure you select all file sets and scan your system .. )

This should take care of the most common areas that these issues occur... You HiJack Log seems to be missing a few things.. but I did think that the IE Maximizer.exe is rather weird... check areas 02,04,15,23 and make sure these are actually items you have installed..

Will do the hosts prgm today. The ie maximizer is a cool little prgm that insures that ie opens max'd all the time, been using for yrs on xp and now win7, thanks.

Link to comment
Share on other sites


Download HostsMan, then install, run as admin.. ( if needed for your version of Windows.. ) Then see if you have anything that should not be in your LMHosts file.. If this isn't the case; be sure to erase your temp files.. in your browsers.. and possibly reboot your router/modem. Reason for this is that IF it is not your Hosts file.. then it could be anything that interacts with your Browsers.. OR DNS Poisoning. This can also depend on other protections that can be in place as well..

EDIT: Also regardless.. you should open your WINDOWS folder and scan the files in the folder and in System32 for anything that may seem foreign or oddly named.. with like named accompanying INI files.. See if they have properties and descriptions and check them out online in a few places to see if they are possibly and infection or malware of some sort.. Next I would download and install SpyBot Search and Destroy.. ( make sure you select all file sets and scan your system .. )

This should take care of the most common areas that these issues occur... You HiJack Log seems to be missing a few things.. but I did think that the IE Maximizer.exe is rather weird... check areas 02,04,15,23 and make sure these are actually items you have installed..

Will do the hosts prgm today. The ie maximizer is a cool little prgm that insures that ie opens max'd all the time, been using for yrs on xp and now win7, thanks.

Ran the hostsman and showed no hosts file, i them asked it to optimize hosts file and now have over 14,000 listed ip addresses. Don't understand why u add all the dbl clicks, adbanners, etc to the hosts file.

Link to comment
Share on other sites


Download HostsMan, then install, run as admin.. ( if needed for your version of Windows.. ) Then see if you have anything that should not be in your LMHosts file.. If this isn't the case; be sure to erase your temp files.. in your browsers.. and possibly reboot your router/modem. Reason for this is that IF it is not your Hosts file.. then it could be anything that interacts with your Browsers.. OR DNS Poisoning. This can also depend on other protections that can be in place as well..

EDIT: Also regardless.. you should open your WINDOWS folder and scan the files in the folder and in System32 for anything that may seem foreign or oddly named.. with like named accompanying INI files.. See if they have properties and descriptions and check them out online in a few places to see if they are possibly and infection or malware of some sort.. Next I would download and install SpyBot Search and Destroy.. ( make sure you select all file sets and scan your system .. )

This should take care of the most common areas that these issues occur... You HiJack Log seems to be missing a few things.. but I did think that the IE Maximizer.exe is rather weird... check areas 02,04,15,23 and make sure these are actually items you have installed..

Will do the hosts prgm today. The ie maximizer is a cool little prgm that insures that ie opens max'd all the time, been using for yrs on xp and now win7, thanks.

Ran the hostsman and showed no hosts file, i them asked it to optimize hosts file and now have over 14,000 listed ip addresses. Don't understand why u add all the dbl clicks, adbanners, etc to the hosts file.

To big to load

Link to comment
Share on other sites


I've read that having a large hosts file can slow your Windows down. There's a great site here (MVPS), that talks about hosts files and they have a section called "Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine" where they show how to resolve the issue.

Link to comment
Share on other sites


  • Administrator

Which operating system is this?

If its windows 7 you can delete every entry from your HOSTS file (open it in Notepad2) and see if the issue still occurs. If anything else make sure this entry stays: 127.0.0.1 localhost

Link to comment
Share on other sites


What has happened to your hosts file is that HostsMan did an automatic update and probably added a list or something. I don't use these right now.. simply because of the sheer bloat.. ( sometimes there just isn't any way around it depending on the Network environment though.. ).. The reason I had you download it was to use it to easily ( especially with the arm and all ) view your hosts file.. and its contents.. edit it.. optimize or w/e else you may want.. great little program.. but you need to make sure you set it to what you want first because sometimes it will go ahead and update and backup your Hosts file anyway.. ( which is another great feature.. lots of good useful tools in there ).. BUT yeah the main thing was to use it to load and review your current file without any changes/additions... To see if you had any hi-jacks or redirects listed ( which can be placed by installers and several other things ) which could be causing the problem...

.. and everyone is correct a large hots file will slow the initial reaction and concurrent reaction/load time of each connection. ( Because each new one has to be sent through the filter.. )

IF its actually clean.. then we have another issue.. I would definitely scan with SpyBot.. ( takes some time but this will see if the registry is pointing to anything out of the ordinary - but you have to make sure you have all of the file-sets selected or it may not look for certain things ) .. after that I would definitely grab a copy of PrevX or Hitman Pro .. available here at the site and do a scan for anything in your system.. ( should take a round trip of about 5-6 minutes )

Link to comment
Share on other sites


Which operating system is this?

If its windows 7 you can delete every entry from your HOSTS file (open it in Notepad2) and see if the issue still occurs. If anything else make sure this entry stays: 127.0.0.1 localhost

Did this and just made host file with ip above and everything appears to be working better, thanks.

Plus I had rootkit in sys 32 that I removed as well.

Link to comment
Share on other sites


Root kit.. not good.. I usually use F-Secure's and Sophos Free Rootkit scanners.. but usually if its there its gets picked up log before then..

Link to comment
Share on other sites


Root kit.. not good.. I usually use F-Secure's and Sophos Free Rootkit scanners.. but usually if its there its gets picked up log before then..

rootkit was not detected by any of prgms i used but saw it listed on another forum as a possible evil entry and downloaded a sm prgm to ck fort and then it deleted it (tdsskiller)

Link to comment
Share on other sites


  • Administrator

Hitman Pro is another tool that detects and remove's the latest TDL3 ;)

Glad to hear your problems seem to be sorted.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...