# Hijacking



## Phoenix44 (Aug 1, 2004)

Forget about "surfing" the web...I can barely crawl, because of browser hijacking and pop-ups.

I have a cable connection, Windows XP; IE6; McAfee virus protection, firewall and privacy protection; spyware protection; and pop-up stopper.  I've even reported the offenders to the attorney general.  But the problem is so huge, that even BLOCKING all the pop-ups is taking forever, and my browser is STILL being hijacked.

Maybe I'm missing something.  If I put the IP address of the hijacker into the "banned IPs" section of the firewall, shouldn't it stop it?  Or is there something else I can do?  I'm at my wits end, and I'd appreciate any helpful suggestions.  Thank you.


----------



## Bob Hubbard (Aug 1, 2004)

If you are still dealing with browser hijacks and popups, you've got something 'stuck' in your system.

1 Disable Windows Messenger service for XP
http://www.microsoft.com/windowsxp/using/security/learnmore/stopspamv45.mspx

2 make sure you have a good firewall.  Zonealarm is good, Blackice isn't. (Zonealarm does in and out...BlackIce only In)

3 Use both Adaware and SpyBot to kill the spyware.

4 In Internet Explorer - Tools - Internet Options - Under General Tab - Set HomePage to "Blank".

5 Make certain your antivirus is upto date, do a complete scan of the system.


You can also check these sites:
http://grc.com/optout.htm
http://boards.cexx.org/


----------



## Cthulhu (Aug 1, 2004)

If at all possible, stop using Internet Explorer and use Mozilla or Opera.  It's apparently painfully easy to hijack IE and reset your homepage to a site that will inundate you with pop-ups.  Mozilla has a built-in, customizable pop-up blocker and I have yet to see or hear of anyone resetting a homepage w/ Mozilla.

If you're stuck w/ IE, there is a registry tweak that will get rid of the offending homepage.  I'm sure you can find it with a quick Google search.

Cthulhu


----------



## Phoenix44 (Aug 1, 2004)

Thanks.  I've implemented some of your suggestions, and I ALREADY notice an improvement.


----------



## OULobo (Aug 2, 2004)

O how I love my spybot and hijackthis. They have made surfing fun again.


----------



## OUMoose (Aug 3, 2004)

IE has gone the way of the dodo on my systems.  Every one of them runs Firefox now and I haven't had a problem since.


----------



## PeachMonkey (Aug 12, 2004)

Phoenix44 said:
			
		

> Maybe I'm missing something. If I put the IP address of the hijacker into the "banned IPs" section of the firewall, shouldn't it stop it? Or is there something else I can do? I'm at my wits end, and I'd appreciate any helpful suggestions. Thank you.


 First, make sure that you upgrade your XP machine to Service Pack 2 when it's offered to you.

 Next, make sure your anti-spyware software is up to date, and that you run complete scans with it frequently.  I recommend Spybot Search and Destroy.

 Last, putting the IP address of the hijacker into your firewall won't help... your computer is actually opening connections to the hijackers, either via spamware on your machine or via your web browser connections to sites containing the malicious software.  Since you're actively making these connections, the firewall considers them valid.

 It can sometimes help to run a firewall that blocks inbound AND outbound connections, such as ZoneAlarm.


----------



## OUMoose (Aug 12, 2004)

I agree with PeachMonkey except for one statement:



			
				PeachMonkey said:
			
		

> First, make sure that you upgrade your XP machine to Service Pack 2 when it's offered to you.



I would amend that statement to say "when it's offered in a form that won't make the rest of your PC horribly unstable".  Many PC manufacturers (Dell, HP) and some large corporations said they will not upgrade to SP2 because, in it's current incarnation, it just breaks too many things.


----------



## Jade Tigress (Aug 12, 2004)

After having many problems with my computer I finally got 2 pop up stoppers, AdAware, Spybot S&D, and AVG anti-Virus installed. IE runs pretty good for me usually but upon reading this thread I liked the sound of the Mozilla FireFox browser. I went to the site and began downloading it and halfway through the download a small error box popped up that said 7-Zip Unspecified Error and I can't complete the download.  Does anyone know what's up with that? Thanks.


----------



## Ping898 (Aug 12, 2004)

I would also add, don't get your e-mail through outlook, ton of fun vulnerabilities there, lots of fun to attack.  

Also in your services, shut down the telnet, if you don't use it, which typically unless you have a bunch of networked computers at home, you don't, and even then you don't really need it.

I don't know if you use any software like SQLServer, but make sure you patch any software you can that might have an open port, not just your OS and browser.

Also if you have visit websites with security certificates, don't visit it if the certificate issues a warning, unless you really trust it.  Not that hard to go and redirect to a place where worms will be d/l-ed to you computer.  That's one of the reasons the certificate will issue a warning, cause someone else has put in a fake certificate in that will redirect you somehow and most people just click ok and keep going anyways. 

Also unless you keep your computer on 24/7 unplug it from the net before you turn it on.  Many of the programs like Ad-Aware and Zone Alarm Firewall, don't start immediately.  They take a good 30 sec to a minute at least to get up and running after your computer has started and trust me, that more than enough time to break in and take control of you system.  Lots of fun there!

Anyways...just my two cents in, take it for whatever you think it is worth...:ultracool


----------



## PeachMonkey (Aug 13, 2004)

OUMoose said:
			
		

> I would amend that statement to say "when it's offered in a form that won't make the rest of your PC horribly unstable". Many PC manufacturers (Dell, HP) and some large corporations said they will not upgrade to SP2 because, in it's current incarnation, it just breaks too many things.


 Do you mean on their internal networks or otherwise?

 HP actually *recommends* that their customers upgrade to XP SP2:

http://www.hp.com/pond/windowsxp/index.htm

 Dell does not yet officially support XP SP2 because they have not yet shipped any computers with it; however, their support knowledge base already contains information on running Dell machines with XP SP2.

 Many large corporations wait to deploy major patches until they are fully tested with their applications and drivers, and it always behooves home users to back up their critical information before patching their systems.  However, as an official XP SP2 beta-tester, I can say both that this is the most reliable major patch Microsoft has ever released, and that the security improvements it provides are worth any patch risk.


----------



## PeachMonkey (Aug 13, 2004)

Ping898 said:
			
		

> I would also add, don't get your e-mail through outlook, ton of fun vulnerabilities there, lots of fun to attack.


 Actually, Outlook 2003 is far, far better.  And Outlook Express in XP SP2 is no longer such a swiss-cheese target either.



			
				Ping898 said:
			
		

> Also unless you keep your computer on 24/7 unplug it from the net before you turn it on. Many of the programs like Ad-Aware and Zone Alarm Firewall, don't start immediately. They take a good 30 sec to a minute at least to get up and running after your computer has started and trust me, that more than enough time to break in and take control of you system. Lots of fun there!


 Windows Firewall under XP SP2 protects the network stack from the moment the network subsystem is started, unlike earlier versions of the Windows Firewall (and many commercial products).


----------

