Can someone help me?

If I search from the google toolbar, I have no problem.

If I search from the google main page, and hit "enter" after typing in my search query, then I have no problem.

But if I search from the google main page and hit the "search" button to initiate the query, then another browser window opens, that shows results from lycos for that query. For example, if I search for "fred" then the URL in the new window that opens is:

http://www.searchreslt.com/files/adframe.aspx?SE=google&ST=fred

What the heck is going on?

You have spyware hijacking you.

Go here (http://www.lavasoftusa.com/software/adaware/) , download 'ad-aware' (it's free). Then run it and delete all the crap it catches. ;)

That should resolve the problem. Then run it every week-ish (depending how much stuff you end up with) to get rid of spyware.

Originally posted by Marian
You have spyware hijacking you.

Go here (http://www.lavasoftusa.com/software/adaware/) , download 'ad-aware' (it's free). Then run it and delete all the crap it catches. ;)

That should resolve the problem. Then run it every week-ish (depending how much stuff you end up with) to get rid of spyware.

Oh I did yesterday as soon as I noticed the problem. And spybot search and destroy. They reported no problems. I'll do adaware again right now though...

ok, I just ran adaware again and it found something called "overpro" which it seems was doing it.

Thanks Marian.

My pleasure, glad it resolved it.

OffTopic: spyware should be illegal. :mad:

Originally posted by Marian
My pleasure, glad it resolved it.

OffTopic: spyware should be illegal. :mad:

When you install a program that installs spyware, oftentimes in the user agreement it has a clause somewhere that lets them install stuff on your computer.

Originally posted by Marian
OffTopic: spyware should be illegal. :mad:

I so much want to agree but the non-goverment approach seems to be the best, so far at least.

Maybe I should start a thread.

Works best how?

I just spent the last 2 hours removing spyware/adware crap from my work computer.

Where did I visit today? Get Fuzzy, dilbert, computerworld, food network, msnbc.com, and.... here. Where'd it come from? I have no idea.

It suddenly went to work 20 minutes after I came in this morning.


If I'm not mistaken, isn't it against the law to hack into someone's computer? Which is what these bozos are doing.

What we need is to enforce the current laws. Which should be easy, considering that these bozos are redirecting you to THEIR OWN WEBSITES.

Why the feds have dropped the hammer on them I have no idea. Guess they have other things to do.

PS The only thing I've installed on my work box during the last month is ad-aware. That's it. Since I'm not agreeing to install squat, installing anything on my box without my permission should be hacking and therefore, ILLEGAL.

Originally posted by bignickel
Works best how?

I just spent the last 2 hours removing spyware/adware crap from my work computer.

Where did I visit today? Get Fuzzy, dilbert, computerworld, food network, msnbc.com, and.... here. Where'd come from? I have no idea.

It suddenly went to work 20 minutes after I came in this morning.


If I'm not mistaken, isn't it against the law to hack into someone's computer? Which is what these bozos are doing.

What we need is to enforce the current laws. Which should be easy, considering that these bozos are redirecting you to THEIR OWN WEBSITES.

Why the feds have dropped the hammer on them I have no idea. Guess they have other things to do.

The problem is that almost all of the spyware/adware/malware ends up on people's computers because somebody on that computer intentionally downloaded it.

Often, deleting it does not do the trick because the spyware/adware/malware being deleted 'partners' (for lack of a better term) with other programs that simply reinstall the deleted files.

I know from experience that if I restrict the ability to install program files to only myself, I don't have any problem. I run spybot and adaware every so often as well.

Originally posted by bignickel


Why the feds have NOT dropped the hammer on them I have no idea. Guess they have other things to do.


Trying to edit this to say "NOT dropped the hammer"

No, the problem is all the crap that gets installed on people's box WITHOUT THEIR PERMISSION.

People downloading Returnoftheking.rar thru kazaa or whatever get whatever crap they deserve when they install that stuff, as far as I'm concerned.


I'm sick of this crap. I'm just gonna run spybot at work full time; I don't time to spend hunting this crap down.

Most of the web based programs users install that contain spyware first display their security certificate and licensing agreement, then the user unknowingly accepts by clicking YES or AGREE.

You can prevent this type of malicious install and all others that use a security certificate(ones that don't currently exist) by doing this:

Open Group Policy (gpedit.msc)
Manuever to :

User Configuration
Windows Settings
Internet Explorer Management
Security
Double Click 'Authenticode Settings'
Click the check box next to "Enable trusted publisher lockdown'
Click OK.

Most of the web based programs users install that contain spyware first display their security certificate and licensing agreement, then the user unknowingly accepts by clicking YES or AGREE.

No, i'm sorry to disagree but a lot of them DON't do that. They use Java pop-ups to install themselves-change your homepage-mess up your favorites etc. they do not ask for permission or if they do it is concealed in a seemingly innocent pop-up window.

Bignickel, i have used both Adaware and Spybot for a while now and they are great. Particularily, Spybot has some "Immunization" features that works wonders.:)

http://news.yahoo.com/news?tmpl=story&u=/cmp/20040622/tc_cmp/22101195

"Nearly one in three computers scanned by EarthLink and Webroot in their second monthly SpyAudit were found infected with a Trojan horse or system monitor planted by spyware, the two companies said."

Remember the good old days when we only had to worry about 'spam' and 'viruses'? :rolleyes:

Microsoft has at long last realised that people will just click to get rid of dialogue boxes, in SP2 most of installation dialogues, like "Do you want to install this ActiveX component" will default to "No" or "Cancel" as being the first highlighted choice.

I reckon that simple change alone will decrease the number of “hijack” installations dramatically.

No doubt about it. The install pop-up is allways nr 5 out of 8 (or more)you have to shut.;)

They use Java pop-ups to install themselves-change your homepage-mess up your favorites etc. they do not ask for permission or if they do it is concealed in a seemingly innocent pop-up window. OK then go into group policy and enable the settings to prevent changes being made to your home page, favorites, etc.. the settings are in there. Although we shouldn't have to be dealing with this BS in the first place. Firing squads for all of these instigators...

Originally posted by michaellee
OK then go into group policy and enable the settings to prevent changes being made to your home page, favorites, etc.. the settings are in there. Although we shouldn't have to be dealing with this BS in the first place. Firing squads for all of these instigators...

Hi, I fired up Group Policy on my work Win2K box. I don't see any section that prevents changes from being made to home page, faves, etc.

What I see under User Configuration is Windows Settings, and under that Internet Explorer Maintenace, and then:
Browser User Maintenance (Browser Title, Custom Logo, Browser Toolbar Customizations), Connection (Connection Settins, Automatic Browser Configuration, Proxy Settings, User Agent String), URLs (Favorites and LInks, Important URLs), Security (Security Zones and Content Ratings, Authenticode Settings), and Programs.

But I don't see anything inside these items that prevent what you mention.

If I do ever have the mistfortune of getting hijacked again, I'll try to find the pop-up that did it and send you the addy (though that might not help: it'll probably just give you the ad server, and you'll just be sent the latest ad in the queue).