Browser Hijacked

That is the loop back to your NIC. The other entries are what I would have dumped.

The other entries are commented out (lines that start with a "#" in the hosts file are comments).

Missed that.

Most browsers have an option to prevent programs from changing your home page.

The bad news is, the homepage in your registry is messed up, as I noted last post.

The good news is, that's probably not why firefox is having the problem, since it doesn't set homepage in the registry.

In \program files\mozilla firefox\defaults\pref there is a file "firefox.js"

In \program files\mozilla firefox\defaults\profile there is a file "prefs.js"

In one or both (my guess would be "firefox.js") you will find something like this:

defaultPref("browser.startup.homepage", "http://www.pricesstart200.com/");
or
lockPref("browser.startup.homepage", "http://www.pricesstart200.com/");

Delete it (or, for that matter, pretty much anything in "firefox.js" that references the homepage) and, unless there is still a process running in your machine to rehijack, you should be good.

The bad news is, the homepage in your registry is messed up, as I noted last post.

The good news is, that's probably not why firefox is having the problem, since it doesn't set homepage in the registry.

In \program files\mozilla firefox\defaults\pref there is a file "firefox.js"

In \program files\mozilla firefox\defaults\profile there is a file "prefs.js"

In one or both (my guess would be "firefox.js") you will find something like this:

defaultPref("browser.startup.homepage", "http://www.pricesstart200.com/");
or
lockPref("browser.startup.homepage", "http://www.pricesstart200.com/");

Delete it (or, for that matter, pretty much anything in "firefox.js" that references the homepage) and, unless there is still a process running in your machine to rehijack, you should be good.

I looked in those folders and couldnt find those files.

Ummm, this may be a stupid question, but did you just try to change your homepage under the options selection in Firefox?

The bad news is, the homepage in your registry is messed up, as I noted last post.

The good news is, that's probably not why firefox is having the problem, since it doesn't set homepage in the registry.

In \program files\mozilla firefox\defaults\pref there is a file "firefox.js"

In \program files\mozilla firefox\defaults\profile there is a file "prefs.js"

In one or both (my guess would be "firefox.js") you will find something like this:

defaultPref("browser.startup.homepage", "http://www.pricesstart200.com/");
or
lockPref("browser.startup.homepage", "http://www.pricesstart200.com/");

Delete it (or, for that matter, pretty much anything in "firefox.js" that references the homepage) and, unless there is still a process running in your machine to rehijack, you should be good.

I looked in those folders and couldnt find those files.

Make sure you have Windows set to view hidden and protected OS files.

Ummm, this may be a stupid question, but did you just try to change your homepage under the options selection in Firefox?

Yes. A million times.

The bad news is, the homepage in your registry is messed up, as I noted last post.

The good news is, that's probably not why firefox is having the problem, since it doesn't set homepage in the registry.

In \program files\mozilla firefox\defaults\pref there is a file "firefox.js"

In \program files\mozilla firefox\defaults\profile there is a file "prefs.js"

In one or both (my guess would be "firefox.js") you will find something like this:

defaultPref("browser.startup.homepage", "http://www.pricesstart200.com/");
or
lockPref("browser.startup.homepage", "http://www.pricesstart200.com/");

Delete it (or, for that matter, pretty much anything in "firefox.js" that references the homepage) and, unless there is still a process running in your machine to rehijack, you should be good.

I looked in those folders and couldnt find those files.

Make sure you have Windows set to view hidden and protected OS files.

It is.

I guess I can live with this crap as long as it isnt overtly malicious?

The bad news is, the homepage in your registry is messed up, as I noted last post.

The good news is, that's probably not why firefox is having the problem, since it doesn't set homepage in the registry.

In \program files\mozilla firefox\defaults\pref there is a file "firefox.js"

In \program files\mozilla firefox\defaults\profile there is a file "prefs.js"

In one or both (my guess would be "firefox.js") you will find something like this:

defaultPref("browser.startup.homepage", "http://www.pricesstart200.com/");
or
lockPref("browser.startup.homepage", "http://www.pricesstart200.com/");

Delete it (or, for that matter, pretty much anything in "firefox.js" that references the homepage) and, unless there is still a process running in your machine to rehijack, you should be good.

I looked in those folders and couldnt find those files.

clever little bastards must be redirecting your config files somewhere else, then. those are the default files/locations for firefox config files.

If you type: "about:config" in your location bar and filter on "homepage" what do you get?

The bad news is, the homepage in your registry is messed up, as I noted last post.

The good news is, that's probably not why firefox is having the problem, since it doesn't set homepage in the registry.

In \program files\mozilla firefox\defaults\pref there is a file "firefox.js"

In \program files\mozilla firefox\defaults\profile there is a file "prefs.js"

In one or both (my guess would be "firefox.js") you will find something like this:

defaultPref("browser.startup.homepage", "http://www.pricesstart200.com/");
or
lockPref("browser.startup.homepage", "http://www.pricesstart200.com/");

Delete it (or, for that matter, pretty much anything in "firefox.js" that references the homepage) and, unless there is still a process running in your machine to rehijack, you should be good.

I looked in those folders and couldnt find those files.

Make sure you have Windows set to view hidden and protected OS files.

It is.

I guess I can live with this crap as long as it isnt overtly malicious?

The prob with a hijacker is that a key logger may be imbedded someplace. Try exterminate it instead of malwarebytes. I have had that fix stuff malwarebytes never even saw.

The bad news is, the homepage in your registry is messed up, as I noted last post.

The good news is, that's probably not why firefox is having the problem, since it doesn't set homepage in the registry.

In \program files\mozilla firefox\defaults\pref there is a file "firefox.js"

In \program files\mozilla firefox\defaults\profile there is a file "prefs.js"

In one or both (my guess would be "firefox.js") you will find something like this:

defaultPref("browser.startup.homepage", "http://www.pricesstart200.com/");
or
lockPref("browser.startup.homepage", "http://www.pricesstart200.com/");

Delete it (or, for that matter, pretty much anything in "firefox.js" that references the homepage) and, unless there is still a process running in your machine to rehijack, you should be good.

I looked in those folders and couldnt find those files.

Make sure you have Windows set to view hidden and protected OS files.

It is.

I guess I can live with this crap as long as it isnt overtly malicious?

The prob with a hijacker is that a key logger may be imbedded someplace. Try exterminate it instead of malwarebytes. I have had that fix stuff malwarebytes never even saw.

Thanks pal

I tried it, but it didnt seem to find it (except what was already placed in quarantine by previous symantec searches).

What the fuck is this thing?

Try doing a System Restore to a date prior to when the problem showed up.

On Windows7, hit the Start button, type "system restore" into the search box, and pick the option that says "restore system files and settings".

Try doing a System Restore to a date prior to when the problem showed up.

On Windows7, hit the Start button, type "system restore" into the search box, and pick the option that says "restore system files and settings".

I hope that helps, but some of this later crop of maleware destroys your restore points as well.

I tried it, but it didnt seem to find it (except what was already placed in quarantine by previous symantec searches).

What the fuck is this thing?

Nasty stuff. IMHO; backup files, fdisk, and reload.

Try doing a System Restore to a date prior to when the problem showed up.

On Windows7, hit the Start button, type "system restore" into the search box, and pick the option that says "restore system files and settings".

I tried restoring to a point 3 months ago but it said it couldn't restore because of some driver installation or something.

I tried it, but it didnt seem to find it (except what was already placed in quarantine by previous symantec searches).

What the fuck is this thing?

Nasty stuff. IMHO; backup files, fdisk, and reload.

I am almost 100% positive I received this through the university email. It is spammed up the ass, however there was one message which I stupidly skimmed very quickly about airline itinerary and I absentmindedly clicked on the link (I happened to have booked a trip right around this time). I realized about five seconds later that the source probably wasnt legitamite.

How is it that just visiting a website allows your comp to be hacked? It isnt as if I downloaded a file and ran it from the site.

I tried it, but it didnt seem to find it (except what was already placed in quarantine by previous symantec searches).

What the fuck is this thing?

Nasty stuff. IMHO; backup files, fdisk, and reload.

I am almost 100% positive I received this through the university email. It is spammed up the ass, however there was one message which I stupidly skimmed very quickly about airline itinerary and I absentmindedly clicked on the link (I happened to have booked a trip right around this time). I realized about five seconds later that the source probably wasnt legitamite.

How is it that just visiting a website allows your comp to be hacked? It isnt as if I downloaded a file and ran it from the site.

Yes, you did; you downloaded their webpage by clicking on it and your browser ran it.

How is it that just visiting a website allows your comp to be hacked? It isnt as if I downloaded a file and ran it from the site.

It happens. It happened to me a couple times. They exploit weaknesses in the browsers that run the embedded scripts.

I tried it, but it didnt seem to find it (except what was already placed in quarantine by previous symantec searches).

What the fuck is this thing?

Nasty stuff. IMHO; backup files, fdisk, and reload.

I am almost 100% positive I received this through the university email. It is spammed up the ass, however there was one message which I stupidly skimmed very quickly about airline itinerary and I absentmindedly clicked on the link (I happened to have booked a trip right around this time). I realized about five seconds later that the source probably wasnt legitamite.

How is it that just visiting a website allows your comp to be hacked? It isnt as if I downloaded a file and ran it from the site.

Yes, you did; you downloaded their webpage by clicking on it and your browser ran it.

Hm. It goes to show how utterly useless norton antivirus is. It didnt pick it up at all.

My home computer has NOD32 which immediately alerts if there is something fishy with a website.

Hm. It goes to show how utterly useless norton antivirus is. It didnt pick it up at all.

My home computer has NOD32 which immediately alerts if there is something fishy with a website.

I have NOD32 too, but it did let me get hit twice with the web injected virus. It also caught and stopped some. I guess that means NOD32 inspects them in parallel, so they might get run before NOD32 finishes with them. I haven't gotten any web virus since I upgraded my PC and to WIN7.

Hm. It goes to show how utterly useless norton antivirus is. It didnt pick it up at all.

My home computer has NOD32 which immediately alerts if there is something fishy with a website.

I have NOD32 too, but it did let me get hit twice with the web injected virus. It also caught and stopped some. I guess that means NOD32 inspects them in parallel, so they might get run before NOD32 finishes with them. I haven't gotten any web virus since I upgraded my PC and to WIN7.

I got screwed with NOD32 once.

Naive question, but is it so difficult to have the virus protection software to scan scripts *before* ( ) they are executed by the computer?

Hm. It goes to show how utterly useless norton antivirus is. It didnt pick it up at all.

My home computer has NOD32 which immediately alerts if there is something fishy with a website.

I have NOD32 too, but it did let me get hit twice with the web injected virus. It also caught and stopped some. I guess that means NOD32 inspects them in parallel, so they might get run before NOD32 finishes with them. I haven't gotten any web virus since I upgraded my PC and to WIN7.

I got screwed with NOD32 once.

Naive question, but is it so difficult to have the virus protection software to scan scripts *before* ( ) they are executed by the computer?

By default, it doesn't do that unless you have a "browser security" option in your anti-virus or a separate browser add-on that specifically does that.

Hm. It goes to show how utterly useless norton antivirus is. It didnt pick it up at all.

My home computer has NOD32 which immediately alerts if there is something fishy with a website.

I have NOD32 too, but it did let me get hit twice with the web injected virus. It also caught and stopped some. I guess that means NOD32 inspects them in parallel, so they might get run before NOD32 finishes with them. I haven't gotten any web virus since I upgraded my PC and to WIN7.

I got screwed with NOD32 once.

Naive question, but is it so difficult to have the virus protection software to scan scripts *before* ( ) they are executed by the computer?

I have F-Secure which incorporates real time virus scanning on inbound and outbound traffic. It is murder on loading video games and has to be turned off before I can call up a game. Other than the insane problems I had before I figured that out, it seems to recognize virus and spyware pretty well.

How is it that just visiting a website allows your comp to be hacked? It isnt as if I downloaded a file and ran it from the site.

It happens. It happened to me a couple times. They exploit weaknesses in the browsers that run the embedded scripts.

Firefox + NoScript = Scripts on webpages do not run unless you choose to allow them.

I'm reinstalling Windows on my daughter's machine. It's been several years since I've seen the machine, and she failed to keep Windows and AV updated. She was highjacked by a Javascript exploit. There have been dozens of Java updates in the last year.

I'm convinced that the holes in Java and flash exist because advertisers and tracking tools need them. So malware can also use them.

Anyway, I was able to clean the drive by attaching it to a clean computer by USB. Unfortunately, even after a repair/reinstall, Windows Update is still disabled, and the official advice is to wipe the drive.

All this for failing to keep things updated and by browsing to the wrong site.