Help on Browser Hijacking Please
 

Ok, I've been caught! Bugger!

OS XP with SP1

The redirection url = coolwwwsearch.com (If that helps)

I've run AdAware, Hijack This, Search and Destroy and Spysweeper.

Hijack This found the little sod and removed it but it comes back on boot. Persistent little bugger.

Any ideas which proggie/service it's using on boot to reinstall itself? Looked through .js and .hta files. Been through the registry but I can't find shit, and I'm still finding my way around XP.

I wasn't sure if it was related to bootconf.exe located in the system32 directory...


Can you help on this with solution which does not involve formatting C: or moving to Linux :)

Thanks
Dave

It's a parasite

use this tool to detect it and remove it

http://www.doxdesk.com/parasite/

Hi Greentea,

Went to that site earlier today. It didn't find it, that's why I went through the list of spybot/parasite detectors with the latest updates. Still can't rid of the damn thing.

hey use this link
http://www.apple.com/switch/

No thanks....

I know there are alternatives, I would just like the fix to the current problem - no reinstall or change of computers or or change of OS. ;)

Cheers.

Bump - ARGH!! Bump - Help ;)

1. Go to IE tools, internet options, programs and use the option to reset the IE defaults. Reboot.

2. If that doesn't work, shut down IE and search for a *hidden* file called HOSTS (hosts.sam and lmhosts are sample files but are occasionally used in error). HOSTS is effectively a redirection file. Rename HOSTS to HOSTS.OLD -or- open using Notepad and remove any reference to the problem site/s (place a # at the beginning of the line or delete the line in its entirety).

3. You may also need to delete the following registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

http://traffic-money.com/cleaner.html

Go here and after that reboot....maybe it will fix it.

start run regedit / search for coolwwwsearch

delete it if you find it or make google.com (whatever)

After
start run

msconfig / startup uncheck suspicious things

maybe it helps

:thumbsup

format c:

use mozilla

Cheers Mojo,

Fixed it.
Also ran that trafficmoney cleaner, I'm sure that got rid of something.

Thanks all.
Dave

damn those parasites. i hope Mricosoft comes out with the new updates of Outlook so i can get rid of spams.

Glad you got your shit straight... Now quit surfing porn sites!

:Graucho I had a few spare minutes, and it's good to see what the competion is upto which is obviously twatting the shit out of my browser :)

Too bad ya couldn't have saved it and sent it too them..They host a shitload of assholes who call themselves Webmasters...

Host Name : coolwwwsearch.com
IP Address: 66.250.56.120

OrgName: Cogent Communications
OrgID: COGC
Address: 1015 31st Street, NW
City: Washington
StateProv: DC
PostalCode: 20007
Country: US

NetRange: 66.250.0.0 - 66.250.255.255
CIDR: 66.250.0.0/16
NetName: COGENT-NB-0001
NetHandle: NET-66-250-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: AUTH1.DNS.COGENTCO.COM
NameServer: AUTH2.DNS.COGENTCO.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Comment:
Comment: ********************************************
Comment: Reassignment information for this block is
Comment: available at rwhois.cogentco.com port 4321
Comment: ********************************************
RegDate: 2002-03-20
Updated: 2002-03-20

TechHandle: ZC108-ARIN

You could go download HighjackThis program
http://www.tomcoyote.org/hjt/

then run it and look for these lines
O1 - Hosts:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=

Also check these ones to see if they are infected
O2 - BHO:
O3 - Toolbar:
O4 - HKLM\..\Run:
O16 - DPF:

I had the same thing happen to me today and this got rid of it