PDA

View Full Version : can any techies help with this?


administrator
07-08-2004, 12:30 PM
here's a very strange problem... when krystian tries to get to eskimofriends.com it opes up a site called Jive Records which is in no way related to this site or damien rice... same thing happens when clicking on a link to this site...any idea why that's happening and what can be done to fix it? thanks!

looly
07-08-2004, 12:34 PM
hi. You should contact your service provider. could be something to do with the mx records.....god, sounds like I know what I'm talking about! haha. Seriously, I work in a telecoms and have heard of this problem before. U should contact ur service provider and explain the prob. It could be a problem on their side. Hope this helps.smileys/smiley4.gif

administrator
07-08-2004, 02:45 PM
thanks, i'll pass on all suggestions people might have

Angela
07-08-2004, 03:31 PM
It could be a browser hijack. She should run Spybot: http://www.safer-networking.org/en/download/index.htmlIt's the leading software for finding and removing adware and the like. (It's free.)

administrator
07-08-2004, 04:51 PM
thanks angela!

cille
07-08-2004, 04:54 PM
bless ange!smileys/smiley32.gif


SHE DESERVES AN EXTRA STAR FOR BEING SUCH A COOL TECHIE GAL!


that's what i think, anyway.smileys/smiley1.gif

SexGod
07-08-2004, 05:55 PM
Nooooooooo Angela beat me to it *cries* - SDBlocker helps prevent
hijacks (included with Spybot), and there are options to lock pages in
Spybot



(murmurs something about checking the board more often)

Angela
07-08-2004, 08:09 PM
Nooooooooo Angela beat me to it *cries* - SDBlocker helps prevent hijacks (included with Spybot), and there are options to lock pages in Spybot

(murmurs something about checking the board more often)



Only in terms of speed smileys/smiley36.gifThere are options for locking pages? I better explore all those options. And I don't know about SDBlocker either. Though I've only had one hijack so far, but, man, that took forever to get rid off. I still have parts of it around that even SpyBot doesn't find!

Tomathy
07-20-2004, 04:18 PM
Go purge your registry!

administrator
07-22-2004, 02:22 PM
she's still having problems...

-------------

No luck as of yet. I have had numerous chats with Earthlink Support People. It takes a while to get to a person who knows what they are talking about. So far I have: updated Microsoft and IE, reset my websettings, renamed host files to host.old, reset IP settings, changed access numbers, changed DNS numbers, cleared cache and cookies and temp. int. files. I have another browser, Mozilla Firefox, and the page is showing up the same way with the jiverecords thingy. I downloaded the spybot thing, and I have been running scans, everynow and then it will find something and fix it, but it isn't helping me with the site issue. I also run virus scans with AVG, and Norton everyday. It has found a few viruses and healed them, but the page is still having problems.

New Issue: I can't get to livejournal.com, so now it's 2 pages that my computer can't reach. I have talked to 6 Earthlink Support people in total over just these 2 problems. And each person I talk to seems more unintelligent than the last. I finally got my problem escalated to a Engineer,( I guess they are higher up on the totem pole) after talking to someone for 2 hours. The Engineer is supposed to give me a call sometime soon. In the mean time, I plan to talk to more service members. Each time I tell them what I have done so they don't give me a solution that I know does not work. Hopefully something will work. I am feeling way igloo deprived.

Thanks for all the help and support!

Mojo_Pin1980
07-22-2004, 02:27 PM
Only in terms of speed smileys/smiley36.gifThere are options for locking pages? I better explore all those options. And I don't know about SDBlocker either. Though I've only had one hijack so far, but, man, that took forever to get rid off. I still have parts of it around that even SpyBot doesn't find!


I've got this Trojan Horse that keeps coming back. Norton finds and removies the files but when I scan it afterwards there are newly infected files. And I keep getting these porn pop-ups! When I type www.hotmail.com (http://www.hotmail.com) in my browser I go to a teen porn sitesmileys/smiley5.gifAnd whenever I'm offline (this is my dad's computer which still has dial-up) it keeps asking me if I wanna connect to some site (prolly porn as well) cuz someone's allegedly put in a request to be connected to that site. Could that be a browser hi-jack as well???


HELP MEEEEEEE!!!smileys/smiley5.gif

Tomathy
07-22-2004, 03:34 PM
Try Ad-aware 6 from Lavasoft (http://www.lavasoft.com)if SpyBot fails. Mojo, have you tried Spybot?



A quick Googling found me this (http://www.spywareinfo.com/articles/hijacked/#removal)



It is apparently frequently updated. May I reccomend having up to date
Windows Updates, and not using Internet Explorer because it has a huge
number of holes! If you must use it, make sure you edit the settings
for the Medium security zone, and disable all ActiveX controls. I
prefer Mozilla Firefox.

Tomathy
07-22-2004, 03:46 PM
http://www.wired.com/news/infostructure/0,1377,63280,00.html?tw=wn_story_related]Signs[/url]
that one of CWS' two dozen variants is present in a computer
include home and search pages that have been reset to one of the 80 or so domains (http://www.spywareinfo.com/articles/cws/)
that appear to have an affiliation with CoolWebSearch.com. Any URLs
that are entered without "www" will be redirected to porn, search or
other sites apparently affiliated with CoolWebSearch.com.

Tomathy
07-22-2004, 03:55 PM
[QUOTE=Mcafee]"</font></font>When page
requests are made, they are rerouted to specified Domain Name Servers.
This allows a remote 'administrator' to direct users to the pages of
their choosing. For example, if an infected user attempted to navigate
to http://www.google.com, they would be routed to a different site</font></font>" </font></font>






I know I keep posting more on this thread, but I keep finding more
info. That's how it's being done emmett, just thought I'd let people
know smileys/smiley1.gif

Mojo_Pin1980
07-22-2004, 11:27 PM
Sounds like we have the same problem. I do have Adaware and it works fine but the sh*t just keeps on coming and coming..

Angela
07-23-2004, 12:58 AM
Coolweb is what I had (and sort of still have!)- it is the pits! smileys/smiley7.gif smileys/smiley7.gifsmileys/smiley7.gif


I would start looking at the web and newsgroups for solutions. That's what I did:


http://www.google.com/search?sourceid=navclient&amp;ie=UTF-8 (http://www.google.com/search?sourceid=navclient&amp;ie=UTF-8&amp;oe=UTF-8&amp;q=removing+coolweb) &amp;oe=UTF-8&amp;q=removing+coolweb

Angela
07-23-2004, 01:33 AM
she's still having problems...


You might want to have her trace eskimofriends: from the Start menu, open the Run command, type in "cmd" (withought the quotes) and then run the following command (in bold). I'm going to remove some of my personal data at the start, but you get the general idea of what it is you see.


I can't ping or trace eskimfriends, I'm assuming that's a security feature, but at least she might get a geographic idea of where her request is heading.


C:\&gt;tracert www.eskimofriends.com (http://www.eskimofriends.com)


Tracing route to www.eskimofriends.com (http://www.eskimofriends.com) [213.171.218.36]
over a maximum of 30 hops:


4 20 ms 20 ms 21 ms so-5-0-0-0.BB-RTR2.NY325.verizon-gni.net [130.81
.12.121]
5 21 ms 20 ms 20 ms so-1-0-0-0.PEER-RTR1.NY111.verizon-gni.net [130.
81.4.14]
6 19 ms 19 ms 21 ms so-6-2-0-0.gar2.NewYork1.Level3.net [65.59.196.1
7]
7 19 ms 19 ms 21 ms ge-1-3-0.bbr1.NewYork1.Level3.net [209.247.9.205
]
8 86 ms 84 ms 85 ms as-0-0.mp2.London1.Level3.net [4.68.128.105]
9 85 ms 85 ms 84 ms 4.68.128.126
10 85 ms 85 ms 85 ms so-0-0-0.gar1.London1.Level3.net [212.113.3.5]
11 85 ms 85 ms 86 ms 195.50.91.2
12 90 ms 90 ms 90 ms azt-tele1-pos.telewest.net [194.117.136.1]
13 * * * Request timed out.
14 90 ms 90 ms 89 ms 82.33.208.14
15 * 195.188.40.106 reports: Destination net unreachable.


Trace complete.

SisterMidnight
07-23-2004, 05:18 AM
I had this same problem on the desktop in the living room. We did have a Trojan (and also got the lovely porn sites Mojo) but supposedly had it removed (though they say once your infected you're more susceptible)but even after that the hijacker thing took me to a totally unrelated site-- but only if I tried to access eskimofriends!! How cruel!! I ran Ad-Aware, Spy-Bot and set up Zone Alarm firewall software and haven't had the problem since. But I've downloaded Highjack This! just in case. Jeez! What a headache! smileys/smiley11.gifI had to take mine into a professional to get the trojan removed though, Norton didn't cut it. He was sort of a hack though and ripped me off I think. Wish Angela lived around my parts! smileys/smiley23.gifsmileys/smiley2.gifsmileys/smiley1.gif

Angela
07-23-2004, 06:41 AM
smileys/smiley2.gifMy name is Rumpelstiltkin!

SisterMidnight
07-23-2004, 07:17 AM
smileys/smiley36.gif....... smileys/smiley5.gif....... smileys/smiley36.gif

cille
07-23-2004, 09:42 AM
ok, according to a very thorough danish anti-spyware site (www.spywarefri.dk (http://www.spywarefri.dk) , but you will probably not understand it - it's in danish),this is the best free anti - spyware/trojan/hijacker combo:


ad-aware (http://www.lavasoft.de/support/download/); a free spyware removal program that works very well and is easy to use -just remember to update it at least once/week, and you should be able to get rid of most spyware/adware/trojans/tracking cookies.


this could be used in combo with spybot (mentioned and linked above) to make sure you get everything out.


spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html): a free sort of 'spyware-firewall', it's a small program that runs in the background and prevents you from getting spyware, etc in the first place. you just have to remember to update it, and you're pretty safe. a great feature of this program: you can take a 'snapshot' of your system, so if you one day get nasty spyware into your computer, you can recreate your system as it was when you took the snapshot.


these two should work well as basic protection.


if you've got hijacking problems that won't go away with the use of your usual spyware protection, you can use hijackthis (http://www.spychecker.com/program/hijackthis.html). however, this tool is ratherdifficoult to use, and you might need some help if you're not totally sure of what files you can remove and which ones you can't - it can be fatal for your system removing the wrong files.it does sound like something like this is needed for krystian.Edited by: cillecille

#Ian#
07-23-2004, 10:50 AM
OK, here's the anti-Spyware guide that I wrote in work and sent round the office. I haven't heard of anyone having spyware problems since.

This was mainly cribbed from another page and written by someone who knows what hes doing. My comments are inverted. - Ian Wright, 03 June 2004

Spybot (http://www.safer-networking.org/) and AdAware (http://www.lavasoftusa.com/). The ONLY two spyware removal tools to trust. Do NOT buy any spyware removal tools, because none of them work better than these two, and all of them except these two are suspect.

SpywareBlaster. (http://www.javacoolsoftware.com/spywareblaster.html)Will nuke twelve hundred different potentially malicious ActiveX controls, and now has the ability to prevent a number of non-ActiveX methods of installing spyware for people who use Mozilla/Firefox.

SpywareGuard (http://www.javacoolsoftware.com/spywareguard.html). From Javacool, like SpywareBlaster. It's a real-time scanner for spyware. A decent first line of defense.

IE-SpyAd. (http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD) Throws numerous ad-related URLs into IE's Restricted Zone, where they won't display or affect your system. Bookmark this one, since it's the only one that doesn't have an in-program update.

Only download them from the links provided above.

With AdAware and Spybot, check for updates using their internal update function at least once a week. Run them at least once a week or whenever you think you might have problems. Remember, the new version of Spybot has browser protection capabilities, so have that run at startup and leave it running. Check for updates to SpywareBlaster once a week. It only needs to be run once initially in order to establish protection. Then, after it downloads updates, just click on the line that says "Enable Protection For All Unprotected Items" (definitely run that one, since they just put in another database update in the last couple days) and kill it. It doesn't need to be active. For IE-SpyAd, bookmark the site and check for updates twice a week, since it has no kind of internal updater. Since all it does is add Registry entries, it doesn't eat up anything.

NOTE THE NEED TO UPDATE IE-SPYAD YOURSELF. After your initial install run the update tools to get the latest versions of what they should protect against.

cille
07-23-2004, 10:54 AM
cheers, ian

Angela
07-23-2004, 04:10 PM
IE-SpyAd. (http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD) Throws numerous ad-related URLs into IE's Restricted Zone, where they won't display or affect your system. Bookmark this one, since it's the only one that doesn't have an in-program update.


Does that differ in any way from editing the hostfile?

#Ian#
07-23-2004, 04:11 PM
not sure, it does it automatically thats all I know

Angela
07-23-2004, 05:00 PM
Interesting...I just looked in my restricted zones and there is a long list of restricted hosts. I had Spybot innoculate my system and am guessing that that's who placed those there.


I gert my HOSTS file from here: http://www.mvps.org/winhelp2002/hosts.htm

administrator
07-23-2004, 09:57 PM
from krystian:

Angela: I am going to check out the cool web links, thanks! I have tried to ping the site, here were the results:



Pinging with www.eskimofriends.com [170.171.252.60] with 32 bytes of data

Request timed out.



Sister Midnight- I dont have annoying pop-up-ads, the google blocker seems to keep them away. I have been running AVG virus checker, as well as using Nortons one button checkup, which found a few probs and fixed them.



#Ian# & CilleCille:

Thank you for the links. I will certainly check them out.



Thanks for everyone suggestions. I really appreciate it! Hopefully I can kick this problem in the a$# and get it gone. :OP



Cheers,

Krystian

Krystian
07-23-2004, 10:21 PM
I got back!!!!!!!!!!!!! Thank you everyone!!!! I think the Highjack this really worked!!!! smileys/smiley4.gif

SisterMidnight
07-23-2004, 10:26 PM
Yay!! smileys/smiley4.gifKrystian's back on!! smileys/smiley32.gifhttp://www.eskimofriends.com/forum/smileys/smiley31.gifsmileys/smiley1.gif


damn browser hijackers anyway! hmmph! smileys/smiley7.gif

cille
07-23-2004, 10:32 PM
welcome back, krystiansmileys/smiley31.gif


it's unbelieveable that some people actually design those hijackers to bother other ppl. grrrsmileys/smiley7.gif

SisterMidnight
07-23-2004, 10:36 PM
Too right, Cille!! Grrr!! smileys/smiley7.gif


And did you notice it was me and you that recommended highjack this! for a fix? *buffs nails on shirt* smileys/smiley2.gif

Krystian
07-23-2004, 10:56 PM
I looked to my eskimo friends when I was down, and it got me back to the IGLOO!!!!!!!!! smileys/smiley36.gif





Wow, I had been out of the igloo since June 10th! AY DIOS MIOS! smileys/smiley5.gifEdited by: Krystian

Angela
07-24-2004, 12:16 AM
Wow - good to see you back Krystian! smileys/smiley31.gifWhata saga!

administrator
07-24-2004, 12:20 AM
yay! that's so great! well done krystian! great to have you have back!

Krystian
07-24-2004, 04:31 AM
smileys/smiley9.gifthanks guys

Petra
07-24-2004, 07:05 AM
well ive said on two other threads - but what the hey - ill say it again


WELCOME BACK KRYSTIAN!!!smileys/smiley1.gif

Krystian
07-24-2004, 03:42 PM
smileys/smiley9.gif smileys/smiley36.gif

Loveless
07-24-2004, 07:04 PM
I gert my HOSTS file from here: http://www.mvps.org/winhelp2002/hosts.htm

thats cool. I had built up my own one by hand over the years, had it up to 70K.. but a 170K one is even more useful.

And that section about the Ad-Aware exclusion was very interesting. Now I can guess why my HOSTS file did stop working recently. I'll watch out for that in future.