Help please.

I have aquired an About web hijacker.

I downloaded Aboutbuster, which has worked well in the past. Somehow this one is disabling the Aboutbuster and will not let it run.

I rebooted in safe mode, and ran About Buster from a floppy. It worked that way, and found the infection.

The problem is the infect came right back. It appears that the file is hidden somewhere and recreates itself.

This SUCKS.

Suggestions short of reformat c:?


Barry

Hummmm...


Spy Ferret and Spy Sweeper can't find it.

It only pops up when I open Fugly.com

It only opens ever third time I open Fugly.com.

I tried about 100 other website, no problem.


Hummm......


Barry

I refresh the page at fugly.com three times = about:blank

No other site is effected

HARLAN?

DWAINE?

JEFF?

Is anybody home?????

Barry

have you tried your anti-virsu AVG insafe mode?

i found that the most effective way of combating the multitude of intrusive shit that sneaks onto my pc whilst browsing fugly was to stop browsing fugly

i found that the most effective way of combating the multitude of intrusive shit that sneaks onto my pc whilst browsing fugly was to stop browsing fugly


Word.

But I am like a crack whore to this non sense.

I need rehab.

Barry

You can try Spybot. Sometimes it does the trick. Sometimes nothing works, even reformatting.

http://downloads-zdnet.com.com/Spybot-Search-Destroy/3000-8022-10401314.html?tag=list

use opera fatjack

I feel so violated.

Does anyone know of a good therapist?


Barry

I feel so violated.

Does anyone know of a good therapist?


Barry

Go here :arrow: Rebecca of Sunnybrook Farm (http://www.komando.com/tips_cat.asp?catID=14)

Barry, I use HijackThis all the time myself as well as in my job.

If the nasty little sucker is affecting only fugly.com then why dont you search your registry for any reference to fugly? Also ping fugly to get the ip address and search for any reference to the ip.

Thinking... :?

Oh here is where to get HiJackThis http://www.tomcoyote.org/hjt/

Also whats in your host file have you looked?

What is your os?

Gimme a screen shot of all the processes listed in task list
Gimme a text file of hijackthis results
and gimme a list of all your non microsoft services (msconfig from run menu) as well as everything on your startup. (Same utility)

I'll see what I can find.

If you do not understand send me a message. I clean up systems all the time in my job.

Fugly is hot on the trail Joe.....

I do not think the bug is on my machine. It appears to be the web link produced by the search engine.

Barry

Barry Hit Control Alt Delete, Then sort by user. Then I want you to close everything except exploer.exe and Taskmgr.exe.

after doing this the web highjacker will start it exe as soon as you close it as a different name. Post that name here and I will tell you how to kill it.

Barry Hit Control Alt Delete, Then sort by user. Then I want you to close everything except exploer.exe and Taskmgr.exe.

after doing this the web highjacker will start it exe as soon as you close it as a different name. Post that name here and I will tell you how to kill it.

It is not produciing anything. No exe file is running. It only opens with a certain weblink.

I think Fugly got it fixed. It is not happening now.

Barry

Hummm strange, Most highjackers have an exe.

Hummm strange, Most highjackers have an exe.

Yes, very strange. I talked to Fugly by phone about it. He was pretty upset.

He said that others were having the same problem, and he was pretty pissed at somebody. Obviously he got it fixed.

Good job J.

Barry

Well so long as its fixed. Good way to smoke out one of those random generated type of .exe though Grim I'll save that away for later.

Well after you sniff it out, Search for it thru the start menu, It will make a copy of itself in the root folder. Then you have the name of the program.

Then just go into regedit an remove anything with that folder and exe name.

Right but be careful with the ones that spoof a similar legitimate windows file name.

Really though it never dawned on me to force a random file name .exe to stop so that when it regenerates to annotate the new name.