404/DNS Error Pages Hijacked By Directnic Affiliate? - GoFuckYourself.com

Ludedude · 11-20-2003, 04:33 PM

OK, I'm about at the end of my rope. I pride myself on the ability to outfuck the fuckers when they attempt to do shit to my machines but this one has me stumped.

On two of my machines here, my 404 and DNS Error pages are being hijacked by a Directnic search page. I've done all the usual including running spytbot, hijack, adaware etc. There is nothing unusual in my hosts files. My IE search pages or home pages have not been affected, there is no new stuff in my IE favorites. If I disconnec the machine from the net then all is normal but if I type in a non-existing domain while connected then I get the Directnic page.

Yes, there is a Directnic affiliate ID attached to it so MikeAI if you're seeing this then please ICQ me 53618488 for more info.

Has anyone run across this before? Any suggestions?

Thanks,

Lude

Nobody Specific · 11-20-2003, 04:37 PM

Mike's not around but hit me up on icq and I'll see what I can do. 33484716

Smokey The Bear · 11-20-2003, 04:46 PM

Quote:

Originally posted by Ludedude
OK, I'm about at the end of my rope. I pride myself on the ability to outfuck the fuckers when they attempt to do shit to my machines but this one has me stumped.

On two of my machines here, my 404 and DNS Error pages are being hijacked by a Directnic search page. I've done all the usual including running spytbot, hijack, adaware etc. There is nothing unusual in my hosts files. My IE search pages or home pages have not been affected, there is no new stuff in my IE favorites. If I disconnec the machine from the net then all is normal but if I type in a non-existing domain while connected then I get the Directnic page.

Yes, there is a Directnic affiliate ID attached to it so MikeAI if you're seeing this then please ICQ me 53618488 for more info.

Has anyone run across this before? Any suggestions?

Thanks,

Lude

Check your registry , then go into your windows folder and system folder and sort files by last modified and look for anything new check your main dir as well

This was the one on madsexorgy.com i think. Sounds like the same trick.

There will prob be a few new html files in your c: or c:\windows or c:\windows\system

And some exe's too boot

Watch out cause one of them is an smtp server that prob got installed as well.

I checked a test system and it came up clean with spychecker but the problems were still there

Smokey The Bear · 11-20-2003, 04:47 PM

P.s. once you find out what it is let us know what you find out

ZipaHosting · 11-20-2003, 05:13 PM

I work for directNIC and we came across your post at about getting the 404 and DNS error pages hijacked. Generally, this is due to a domain that was using our hosting and has been removed from it due to violating our terms of service. The domain is probably still resolving to our server, but getting our 404 page which is the search page (parked.directnic.com) because it was deactivated. Most likely before it resolves to our 404 it will show the actual domain name in the address bar, though it might be hard to see... We are going to go ahead and ICQ you regarding this problem and hopefully we can get this resolved for you tonight.

kenny · 11-20-2003, 05:55 PM

Fucking browser jackers are getting more and more clever. I say 50% of the adware I encounter these days cannot be removed with spybot software or adware remover.

I have to use a pain in the ass firewall just to detect files on my computer attempting to access the internet. Ounce I see a strange file attempt to access the internet I block it and then search for it so I can delete it manually.

Ludedude · 11-20-2003, 06:04 PM

Just to keep you guys up to date, there is no resolution to this yet. I spent some time talking to ZipaHosting but we haven't found an answer yet.

Smokey The Bear: Nope, nothing like what you described on my machine but thanks for the try

11-20-2003, 04:33 PM	#1
Ludedude Suck it! Industry Role: Join Date: Jun 2001 Location: Who wants to know? Posts: 4,432	404/DNS Error Pages Hijacked By Directnic Affiliate? OK, I'm about at the end of my rope. I pride myself on the ability to outfuck the fuckers when they attempt to do shit to my machines but this one has me stumped. On two of my machines here, my 404 and DNS Error pages are being hijacked by a Directnic search page. I've done all the usual including running spytbot, hijack, adaware etc. There is nothing unusual in my hosts files. My IE search pages or home pages have not been affected, there is no new stuff in my IE favorites. If I disconnec the machine from the net then all is normal but if I type in a non-existing domain while connected then I get the Directnic page. Yes, there is a Directnic affiliate ID attached to it so MikeAI if you're seeing this then please ICQ me 53618488 for more info. Has anyone run across this before? Any suggestions? Thanks, Lude __________________

11-20-2003, 05:13 PM	#5
ZipaHosting Registered User Join Date: Oct 2003 Location: New Orleans Posts: 2	I work for directNIC and we came across your post at about getting the 404 and DNS error pages hijacked. Generally, this is due to a domain that was using our hosting and has been removed from it due to violating our terms of service. The domain is probably still resolving to our server, but getting our 404 page which is the search page (parked.directnic.com) because it was deactivated. Most likely before it resolves to our 404 it will show the actual domain name in the address bar, though it might be hard to see... We are going to go ahead and ICQ you regarding this problem and hopefully we can get this resolved for you tonight. __________________ <A HREF="http://www.zipa.com/?1050"><IMG BORDER=0 SRC="http://zipa.com/images/zipa120x60_01.gif"></a>

11-20-2003, 05:55 PM	#6
kenny Confirmed User Industry Role: Join Date: Mar 2002 Posts: 7,245	Fucking browser jackers are getting more and more clever. I say 50% of the adware I encounter these days cannot be removed with spybot software or adware remover. I have to use a pain in the ass firewall just to detect files on my computer attempting to access the internet. Ounce I see a strange file attempt to access the internet I block it and then search for it so I can delete it manually. __________________ 7

11-20-2003, 06:04 PM	#7
Ludedude Suck it! Industry Role: Join Date: Jun 2001 Location: Who wants to know? Posts: 4,432	Just to keep you guys up to date, there is no resolution to this yet. I spent some time talking to ZipaHosting but we haven't found an answer yet. Smokey The Bear: Nope, nothing like what you described on my machine but thanks for the try __________________

11-20-2003, 04:37 PM	#2
Nobody Specific Confirmed User Join Date: Jun 2003 Posts: 319	Mike's not around but hit me up on icq and I'll see what I can do. 33484716

11-20-2003, 04:47 PM	#4
Smokey The Bear So Fucking Banned Join Date: Oct 2003 Location: In my house Posts: 786	P.s. once you find out what it is let us know what you find out