Jump to content


Photo

Possible Hijack?


  • This topic is locked This topic is locked
12 replies to this topic

#1 romac

romac

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 21 March 2007 - 12:52 AM

I think my browser needs help

Attached Files



#2 Ai_Tak

Ai_Tak

    Advanced Member

  • Members
  • PipPipPip
  • 1372 posts

Posted 21 March 2007 - 05:42 AM

Post a comboscan log.

#3 romac

romac

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 23 March 2007 - 12:23 AM

Post a comboscan log.

Attached Files



#4 Ai_Tak

Ai_Tak

    Advanced Member

  • Members
  • PipPipPip
  • 1372 posts

Posted 25 March 2007 - 10:42 PM

Remove these (less important items) with hijackthis:
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll


Describe when and in what situations the popups appear, and the nature of the popups.

#5 romac

romac

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 26 March 2007 - 01:12 AM

Remove these (less important items) with hijackthis:
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
Describe when and in what situations the popups appear, and the nature of the popups.


I removed 02 BHO browser address error redirect
Latest scan did not show R3 - URLSearchhook (could not find it)
These are popups that only appear on my earthlink startpage
on my start page I have a window for local and international news
I click on a news headline and the news article comes up
The ad's are on the same page as the news article
usually one for EBAY on the top of the page similar to a header for the page.
the second (usually only 2 ad's) will be in the middle of the page, this one is uaually animated, And is usually for blockbuster video or Fidelity finacial.
these ad's are present on all news articles that I open.
I asked earthlink to control my pc from their location, they did so, and saw on ad's.
at the same time I viewed the same article from my locatoin and had the ad's on my screen.
earthlink insisted that they do not place ad's there.
after removing 02 - BHO browser address error redirect, I checked and the ad's were still there.
I never see ad's any place else.

Also one last thing, I cannot update my adaware definitions. I get an error, It says ERROR retrieving updates.
my last update was 03/21/07

Edited by romac, 26 March 2007 - 01:37 AM.


#6 Ai_Tak

Ai_Tak

    Advanced Member

  • Members
  • PipPipPip
  • 1372 posts

Posted 26 March 2007 - 05:03 AM

Could you post a screenshot of the ad, and the link to the page the ad appeared on?

#7 romac

romac

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 26 March 2007 - 11:48 PM

Could you post a screenshot of the ad, and the link to the page the ad appeared on?

I tried to post a screenshot. however, when I opened the shot without being connected to the internet, all I saw was the news article.
No ad's anywhere on the page.
It seems that I can save the article but not the ad's
If I sent it to you all you would see is the news article, no ad's

As for a link, this is on my homepage for earthlink.
I could send you the link, but without my password you wouldn't get in.

#8 Ai_Tak

Ai_Tak

    Advanced Member

  • Members
  • PipPipPip
  • 1372 posts

Posted 28 March 2007 - 04:52 AM

I don't want or need a saved copy of the webpage. Go to the page, press the printscreen key on your keyboard, open an image editing program such as MS paint, paste the screenshot from your clipboard (edit->paste), save the file as a png image in paint, attach the picture to your next post.

#9 romac

romac

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 31 March 2007 - 11:20 PM

I don't want or need a saved copy of the webpage. Go to the page, press the printscreen key on your keyboard, open an image editing program such as MS paint, paste the screenshot from your clipboard (edit->paste), save the file as a png image in paint, attach the picture to your next post.

Sorry for the delay
I had problems getting to the forum site

Attached Thumbnails

  • print_screen.png

Edited by LS CalamityJane, 03 April 2007 - 11:40 PM.
Replaced .bmp attachment with .png file to reduce file size


#10 Ai_Tak

Ai_Tak

    Advanced Member

  • Members
  • PipPipPip
  • 1372 posts

Posted 04 April 2007 - 08:48 PM

I managed to find the non-signed-in version of that page and I checked it's contents, it contains two iframe ad banners which use either ad.doubleclick.net or view.atdmt.com as their source. These ads are inserted by the creators of the page; they are by design, not spy/ad/malware.

If you were to block:
ad.doubleclick.net
view.atdmt.com
as well as other related domains occurring in the ad banner frames:
an.tacoda.net
servedby.advertising.com
clk.atdmt.com
spe.atdmt.com
rmd.atdmt.com
with your hosts file, these ads would stop working.

I'm not sure why the earthlink person was so confused about ads they insert, but then again I don't have a very high opinion of earthlink...


(a side note, it is my opinion that web advertisements using flashplayer are just wrong, I didn't install flashplayer so advertisers would be able to make loud annoying sounds and bog down the computer with flashy animations to make me look at their ads while I am trying to read a news article)

#11 romac

romac

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 15 April 2007 - 12:27 AM

I managed to find the non-signed-in version of that page and I checked it's contents, it contains two iframe ad banners which use either ad.doubleclick.net or view.atdmt.com as their source. These ads are inserted by the creators of the page; they are by design, not spy/ad/malware.

If you were to block:
ad.doubleclick.net
view.atdmt.com
as well as other related domains occurring in the ad banner frames:
an.tacoda.net
servedby.advertising.com
clk.atdmt.com
spe.atdmt.com
rmd.atdmt.com
with your hosts file, these ads would stop working.

I'm not sure why the earthlink person was so confused about ads they insert, but then again I don't have a very high opinion of earthlink...
(a side note, it is my opinion that web advertisements using flashplayer are just wrong, I didn't install flashplayer so advertisers would be able to make loud annoying sounds and bog down the computer with flashy animations to make me look at their ads while I am trying to read a news article)

I tried doing opt out from these cookies, but it does not seem to work.They just return.
can I block just these cookies?
If so How do I do it?

#12 Ai_Tak

Ai_Tak

    Advanced Member

  • Members
  • PipPipPip
  • 1372 posts

Posted 15 April 2007 - 11:17 PM

I made no mention of blocking any cookies. To block those ads from loading add:

127.0.0.1 ad.doubleclick.net
127.0.0.1 view.atdmt.com
127.0.0.1 an.tacoda.net
127.0.0.1 servedby.advertising.com
127.0.0.1 clk.atdmt.com
127.0.0.1 spe.atdmt.com
127.0.0.1 rmd.atdmt.com

to your hosts file
(c:\windows\system32\drivers\ect\hosts)

#13 miekiemoes

miekiemoes

    Malware Killer Dog

  • Volunteer Security Advisor
  • PipPipPip
  • 4092 posts

Posted 11 May 2007 - 11:14 PM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending your helper a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users