I was trying to browse the internet on my younger sister's new laptop tonight. I searched for a website, and clicked the link.

It went to teenage porn.

Literally. I couldn't go anywhere without it being porn.

So then I crippled the piece of **** with as many restrictions as I could think of. When I type in "www.google.com", it goes to some IP address and gets blocked. But when I go to the google firefox homepage, it works fine.

Has anyone ever encountered something like this? It really startled me.

She is on Vista and has McAffee running and all that junk.

I use Linux so I don't worry about that crap.

It sounds like she needs Spybot or Ad-aware. McAfee isn't.. good.

Spybot download here. (http://www.safer-networking.org/en/spybotsd/index.html)

Free anti-spyware only works so well, I still had problems using spybot and ad-aware. Since I started using Spyware Doctor I haven't had any problems, I think it's $30/year but well worth it. McAfee isn't worth a crap.

As usual I recommend http://www.malwarebytes.org

Free anti-spyware only works so well, I still had problems using spybot and ad-aware. Since I started using Spyware Doctor I haven't had any problems, I think it's $30/year but well worth it. McAfee isn't worth a crap.
Seriously, where do you people get this stuff? Every time this comes up, I ask where people have been visiting or what they've been downloading, and I just can't seem to find anything other than blatant malware that can easily be avoided. I'm running Clamwin, so I don't even have on-access scanning any more (and when I did, it was McAfee, albeit enterprise). Default Windows firewall (long since gave up on ZoneAlarm) and up to date on Windows Update.

I know the dangers of anecdotal evidence, but in nearly 30 years of computing, with 15 of those on the internet, I've never been infected, and I have certainly been to some fairly disreputable sites, and yet I hear constant reports of people getting infections that they didn't invite and that can't be cleaned with normal tools. It's not so much that I doubt it happens as that I don't understand how it happens.

Hi

Oooh!

SOMEONE has had his HOSTS (http://support.microsoft.com/kb/172218) file overwritten.

It should look something like this:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

McAfee = Useless. Seriously. Do not ever pay for that crap

I'd suggest malwarebytes as well. Trend micro's free housecall scan is sometimes useful too.

It sounds to me like you have Anti-Virus 2009 or Spyware protect 2009 or some similar malware. It can be a giant pain to get rid of, especially when it prevents you from using the internet as it seems it has.

There was so much gay porn on my computer a couple of years ago I didn't even want to turn it on. :covereyes
I complained to my cousin that all of my toolbar icons were now little pictures of naked men so I took my computer tower to Future Shop. I got a call later from the tech guy saying that I had almost 1500 viruses and crap on my computer, all the guys were gathered around my computer tower in awe. :jaw-dropp
They cleaned it all off and downloaded Norton Antivirus on for me, I haven't had a single problem since.

Wait..... let me see if I get this straight. You got free porn on your computer ...... and you tried to close it?????????????

I had a rootkit (http://forums.randi.org/showthread.php?t=132741) on my computer, but since you're running Vista, not XP, I'm not sure what to say.

Wait..... let me see if I get this straight. You got free porn on your computer ...... and you tried to close it?????????????
Er, younger sister's computer.

This is how the gay porn was down loaded onto my computer free:

my eight year old daughter was downloading every game she saw, there was a site called bloodsomething with an icon that looked like a child's Christmas stocking called games which was actually the free porn site, which multiplied exponentially everyday until the computer was completely loaded with porn

Yup, the other big one is video, to see 'Star YXZ' in video clip you must download our "Magic Video Viewer", said viewer makes you vulnerable and someother malware jumps in.

You can not access 'bad' web sites at my school, yet we get Anitvirus2009 and the like.

Now it is worse at the high schools, they do workarounds that infect machine and all of of us carry USB flash drives that carry the stuff around.

(I had to wipe mine this week :( )

Actually, check your DNS server IP. Antivirus2009 and similar will set your DNS to their own servers which reroutes DNS lookups to whatever they please. Reset your DNS to whatever your ISP gave you and it will help a little bit. Also check your Hosts file as mentioned above.

I seem to recall a browser extender a few years ago that behaved like this.
I've been trying to get it for ages, but my computers, like Rat's seem sadly immune.

By chance, I'm running a free version of Mcafee on this Vista box. Seems OK to me.

What do the critics feel is wrong with it?

And TB- have you had any luck fixing this?

Hi

Oooh!

SOMEONE has had his HOSTS (http://support.microsoft.com/kb/172218) file overwritten.

Possibly - but there are also a number of pieces of malware that do browser hijacking/re-directs by installing malicious .dlls into the windows folder.

I second the recommendation of mbam (Malwarebytes Anti-Malware.) It is a very powerful tool and free for private use. If, as seems likely, the system is compromised with some form of browser/network hijack, you may not be able to download mbam (as one fo the most common tactics for this sort of malware is to block access to all the security-related sites the author is aware of.) You may need to download the most recent mbam installer on a different machine and transfer it via a thumb drive - in which case, be sure to check the thumb drive for the presence of malware after you've used it on the compromised machine.

Another trick is to download the Microsoft malicous code remover and run it (from a flash or CD) this will sometimes give you a windo to get the other stuff downloaded. (We are doing it at work to get a worm, MMCR and then Panda updates and it goes away, we hope.)

Actually, check your DNS server IP. Antivirus2009 and similar will set your DNS to their own servers which reroutes DNS lookups to whatever they please. Reset your DNS to whatever your ISP gave you and it will help a little bit. Also check your Hosts file as mentioned above.

My dad had this nasty piece of crap on his laptop, and although allt he spyware cleaners got rid of most of it, the browser re-direct was IMPOSSIBLE to shift - every web address routed via a fake virus warning site, and nothing I tried could remove the problem. You think it was the DNS settings? On the router itself?

Seriously, where do you people get this stuff? Every time this comes up, I ask where people have been visiting or what they've been downloading, and I just can't seem to find anything other than blatant malware that can easily be avoided. I'm running Clamwin, so I don't even have on-access scanning any more (and when I did, it was McAfee, albeit enterprise). Default Windows firewall (long since gave up on ZoneAlarm) and up to date on Windows Update.

I know the dangers of anecdotal evidence, but in nearly 30 years of computing, with 15 of those on the internet, I've never been infected, and I have certainly been to some fairly disreputable sites, and yet I hear constant reports of people getting infections that they didn't invite and that can't be cleaned with normal tools. It's not so much that I doubt it happens as that I don't understand how it happens.

Agreed. For the most part these people are running suspicious executables, clicking on email attachments, or not keeping their systems updated. Viruses that don't require any user interaction to infect are less common.

My dad had this nasty piece of crap on his laptop, and although allt he spyware cleaners got rid of most of it, the browser re-direct was IMPOSSIBLE to shift - every web address routed via a fake virus warning site, and nothing I tried could remove the problem. You think it was the DNS settings? On the router itself?

Not the router, but the computer. I discovered this when of our remote sites got the Antivirus2009. Everything seemed clean but the browser would go to whatever site it wanted to no matter what you typed in. In troubleshooting I pinged my own domain, and saw the IP wasn't close to my IP. Then I checked what DNS server the computer was using* and it wasn't any DNS server I had ever seen. I went into the network settings, which should have been "get DNS from DHCP" but was instead two static DNS addresses. I removed them and all was fine after that, (except I had to clean it again because all the bad pages that it was being redirected to kept putting the virus back on).

*To check your DNS go to Start>Run and type in CMD and hit enter. (with Vista just type CMD in the search box) You should get a black DOS box where you can enter commands. Type: ipconfig /all <just like that. In the information given you will see plainly labled DNS Servers with numbers like 209.32.10.1 and the like. Write those numbers down. Call your ISP and ask them what DNS servers you should be using. If they don't match, change them**

**If you need help changing your DNS settings PM me. I've already typed too much.

Majorgeeks.Com>Support Forums>Malware Removal (http://forums.majorgeeks.com/forumdisplay.php?f=35)

Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs (http://forums.techguy.org/54-malware-removal-hijackthis-logs/)
Sticky Thread: Please read here first BEFORE posting for help in this forum (http://forums.techguy.org/malware-removal-hijackthis-logs/622404-please-read-here-first-before.html)

Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs (http://forums.techguy.org/54-malware-removal-hijackthis-logs/)


It is truely an amazing guide to help. I prefer the major geeks. :)

http://forums.majorgeeks.com/showthread.php?t=35407

Be careful with HijackThis!

AVG is another very good 'free' program. It does have a facility to upgrade to a subscription program, but in three years the free version has not let me down (knocks wood furiously)

Seriously, where do you people get this stuff? Every time this comes up, I ask where people have been visiting or what they've been downloading, and I just can't seem to find anything other than blatant malware that can easily be avoided. I'm running Clamwin, so I don't even have on-access scanning any more (and when I did, it was McAfee, albeit enterprise). Default Windows firewall (long since gave up on ZoneAlarm) and up to date on Windows Update.

I know the dangers of anecdotal evidence, but in nearly 30 years of computing, with 15 of those on the internet, I've never been infected, and I have certainly been to some fairly disreputable sites, and yet I hear constant reports of people getting infections that they didn't invite and that can't be cleaned with normal tools. It's not so much that I doubt it happens as that I don't understand how it happens.
8 years ago or so I built a new computer. The first time I connected it to the internet it somehow became infected with all kinds of porn malware, I have no idea how! The machine was particularly vulnerable since I hadn't even had a chance to update it or install anti-malware programs yet.

8 years ago or so I built a new computer. The first time I connected it to the internet it somehow became infected with all kinds of porn malware, I have no idea how! The machine was particularly vulnerable since I hadn't even had a chance to update it or install anti-malware programs yet.
Hmm, if the time were 6 years ago, then that'd be MSBlast, but I can't think of anything doing the rounds in 2001, unless you had IIS enabled. Even MSBlast wouldn't be a problem behind a firewall. I would concede that I did, aroundish that time, load up a machine with XP and put it up to the internet without Windows updates or a firewall just for fun, and I had much the same experience.

8 years ago or so I built a new computer. The first time I connected it to the internet it somehow became infected with all kinds of porn malware, I have no idea how! The machine was particularly vulnerable since I hadn't even had a chance to update it or install anti-malware programs yet.

This happened to my boyfriend a few years ago, on a new computer as well (he's a programmer too, not a computer n00b). He had just installed XP (I don't think there were any SPs out yet), had just started IE to go straight to the Firefox homepage, downloaded and installed Firefox... did nothing else yet somehow he got a virus. It didn't take long before he cleaned it out and protected the computer, but still, we were in awe at how fast it happened. I was with him when it happened, too, so I know he didn't make it up.

I have heard tales that MS software is already preloaded with viruses.

I always thought it was urban legend...

8 years ago or so I built a new computer. The first time I connected it to the internet it somehow became infected with all kinds of porn malware, I have no idea how! The machine was particularly vulnerable since I hadn't even had a chance to update it or install anti-malware programs yet.
Hmm, if the time were 6 years ago, then that'd be MSBlast, but I can't think of anything doing the rounds in 2001, unless you had IIS enabled. Even MSBlast wouldn't be a problem behind a firewall. I would concede that I did, aroundish that time, load up a machine with XP and put it up to the internet without Windows updates or a firewall just for fun, and I had much the same experience.
This happened to me, too. I had just installed the operating system (Win2000) on a brand new hard drive, but had not yet added any service packs or updates, and there was no anti-virus or other protection on the machine yet. Within an hour of being connected to the internet, I had a worm. I hadn't downloaded and opened any files (like others I was probably on my way to get Firefox), and it certainly wasn't a result of opening an e-mail attachment, as there wasn't even an e-mail client on the machine at all! I know it was reckless, but I wasn't concerned since there was no data on the machine, just the OS, so I could have simply wiped the hard drive and started over if it had come to that. Fortunately, the worm was easy to remove. That computer ran infection-free for years afterward.

Seriously, where do you people get this stuff? Every time this comes up, I ask where people have been visiting or what they've been downloading, and I just can't seem to find anything other than blatant malware that can easily be avoided. I'm running Clamwin, so I don't even have on-access scanning any more (and when I did, it was McAfee, albeit enterprise). Default Windows firewall (long since gave up on ZoneAlarm) and up to date on Windows Update.

I know the dangers of anecdotal evidence, but in nearly 30 years of computing, with 15 of those on the internet, I've never been infected, and I have certainly been to some fairly disreputable sites, and yet I hear constant reports of people getting infections that they didn't invite and that can't be cleaned with normal tools. It's not so much that I doubt it happens as that I don't understand how it happens.


A few years ago, a magazine re-loaded the stock install of Windows, and within 6 minutes, the PC had been compromised and invaded by port sniffer worms just sitting there.

Every 8 months or so I have to re-load the OS on my machine, and I'm always scared at that point because I have to be connected to start the update process (which I force to happen immediately), but that window is frighteningly small while the first update is several times longer than that.

A few years ago, a magazine re-loaded the stock install of Windows, and within 6 minutes, the PC had been compromised and invaded by port sniffer worms just sitting there.

Every 8 months or so I have to re-load the OS on my machine, and I'm always scared at that point because I have to be connected to start the update process (which I force to happen immediately), but that window is frighteningly small while the first update is several times longer than that.
I suspect that this means that a magazine loaded the stock install of XP pre-SPs, with the firewall off, and indeed it will be compromised, assuming there are still enough bots doing the port scanning.

If you have to reload (and I can't really think of any reason to do so that often), then make sure you have a firewall before connecting to the internet. Believe me, I reload machines once a week or so (in a work capacity), and I kick off the Windows installation and, quite often, the machine can sometimes sit for a day before I then continue with the loading up.

If you have to reload, have a USB stick with the service pack on before you start. Then you can load Windows, install the latest SP (and Firefox and a third-party firewall if you want) and then connect. If you really reload that often, streamline the SP with the installation and save a step. If you're really worried, download something like Project Dakota (seems to be down these days) to install all the updates before connecting.

I have heard tales that MS software is already preloaded with viruses.

I always thought it was urban legend...I'm highly dubious of the virus claim

However, there certainly are Easter Eggs in Microsoft products, with Excel being - I think - most 'featured'

wikipedia.org/wiki/Easter_egg_(virtual) (http://en.wikipedia.org/wiki/Easter_egg_(virtual))A virtual Easter egg is an intentional hidden message, in-joke or feature in an object such as a movie, book, CD, DVD, computer program, web page or video game. The term draws a parallel with the custom of the Easter egg hunt observed in many Western nations, but actually is derived by the practice of the last Russian imperial family's tradition of giving elaborately jeweled egg-shaped creations by Fabergé which usually contained hidden gifts themselves.

This practice is similar in some respects to hidden signature motifs such as Diego Rivera including himself in his murals, Alfred Hitchcock's legendary cameo appearances, and various "Hidden Mickeys" that can be found throughout Disneyland. An early example of these kind of "Easter eggs" is Al Hirschfeld's "Nina".

Atari's Adventure, released in 1979, contained what was thought to be the first video game "Easter egg", the name of the programmer (Warren Robinett). However, evidence of earlier Easter eggs has since surfaced. Several cartridges for the Fairchild Channel F include previously unknown Easter eggs, programmed by Michael Glass and Brad Reid-Selth, that are believed to predate Robinett's work.


wikipedia.org/wiki/Easter_eggs_in_Microsoft_products (http://en.wikipedia.org/wiki/Easter_eggs_in_Microsoft_products)

eeggs.com Excel Easter Eggs (http://www.eeggs.com/tree/279.html)

Your computer has contracted some malware, if you can't clear it up with antivirus and antispyware programs you will likely have to backup your data and reload your operating system.

Once the computer is clean make sure your antivirus, antispyware, firewall, and windows updates are all active and set up properly.

I recommend AVG Free and Windows Defender (both are free!)