Malware problem
September 3, 2004 7:01 PM Subscribe
Malware problem. (Yes, on IE. Why would you ask?) This is some kind of browser hijack that keeps trying to reset my relly's home page and has added a tool bar to everything in his Windows files inviting him to pharmacy and gambling sites. [mi]
These links may help:
www.google.com/search
ask.metafilter.com/mefi/4176
ask.metafilter.com/mefi/683
ask.metafilter.com/mefi/6866
http://ask.metafilter.com/mefi/9891#182165
http://ask.metafilter.com/mefi/7675
ask.metafilter.com/mefi/9571
posted by dash_slot- at 7:12 PM on September 3, 2004
www.google.com/search
ask.metafilter.com/mefi/4176
ask.metafilter.com/mefi/683
ask.metafilter.com/mefi/6866
http://ask.metafilter.com/mefi/9891#182165
http://ask.metafilter.com/mefi/7675
ask.metafilter.com/mefi/9571
posted by dash_slot- at 7:12 PM on September 3, 2004
Response by poster: The browser keeps trying to reset to "makemesearch.com" but I gather some of these can be customized, so I don't know if that's a clue. And, by the way, whatever it was evaded Ad-Aware and SpySweeper to install itself. I've got him trained NOT to click on executables in e-mails and he hasn't installed any new programs. I'm thinking he got this from some webpage but he doesn't remember where he's been.... Yeah. right. NSFW sites, wanna bet?
I've been thru MIT's malware site and their referrals but I cannot track down the specifics of this. I'm worried that it might be WORSE than spyware and might open a backdoor of some sort. I'm working my way thru a previous thread here with advice about what to carry when called to family computer emergencies, but if anybody here recognizes this specific bit of scumware, I'd really appreciate some help.
My dears, when I'm called on to play computer mavin, the family is in dire straits. Any clue?
posted by realjanetkagan at 7:30 PM on September 3, 2004
I've been thru MIT's malware site and their referrals but I cannot track down the specifics of this. I'm worried that it might be WORSE than spyware and might open a backdoor of some sort. I'm working my way thru a previous thread here with advice about what to carry when called to family computer emergencies, but if anybody here recognizes this specific bit of scumware, I'd really appreciate some help.
My dears, when I'm called on to play computer mavin, the family is in dire straits. Any clue?
posted by realjanetkagan at 7:30 PM on September 3, 2004
Here's two specific procedures. Searching for makemesearch also finds quite a few.
It does sound like a tough one, good luck.
posted by milovoo at 7:38 PM on September 3, 2004
It does sound like a tough one, good luck.
posted by milovoo at 7:38 PM on September 3, 2004
Response by poster: Sorry, dash slot-,
This is the first time I've ever tried a [mi], which only goes to prove how clueless I am in this case. I run on Mozilla, which keeps me out of a lot of trouble (knock wood), but I've no idea if Mozilla would protect me from this one.
Yes, I've been working my way thru all those threads all afternoon...so far, I've had no luck pinning down exactly what this is and exactly what this does.
BTW, I'll bet I'm asking you to teach your grandmother how to suck eggs. How can you resist? LOL!
posted by realjanetkagan at 7:48 PM on September 3, 2004
This is the first time I've ever tried a [mi], which only goes to prove how clueless I am in this case. I run on Mozilla, which keeps me out of a lot of trouble (knock wood), but I've no idea if Mozilla would protect me from this one.
Yes, I've been working my way thru all those threads all afternoon...so far, I've had no luck pinning down exactly what this is and exactly what this does.
BTW, I'll bet I'm asking you to teach your grandmother how to suck eggs. How can you resist? LOL!
posted by realjanetkagan at 7:48 PM on September 3, 2004
Don't feel the need to apologize. See this MeTa thread.
posted by calwatch at 11:19 AM on September 4, 2004
posted by calwatch at 11:19 AM on September 4, 2004
Sorry if I didn't couch it in soft phrase: it was a quick tip, followed by the results of a specific ask.mefi site search which seems to have been useful and took a few minutes to accomplish - all before rjk's [mi].
I was making a small point, but hopefully without snark, I am proceeding hotfoot to meta as we speak.
posted by dash_slot- at 4:14 PM on September 4, 2004
I was making a small point, but hopefully without snark, I am proceeding hotfoot to meta as we speak.
posted by dash_slot- at 4:14 PM on September 4, 2004
From reading milovoo's second link, the last comment says a file MTC.dll is causing the problem, along with adding registry entries to make that web site the IE start page. Also it says that the hijack can happen with Firefox or IE but only IE will be affected. The last comment on this link at CastleCops lists steps in using Adware to remove the hijack. Steps include: downloading the latest update and scanning the registry for all users instead of just the current user, also make sure you don't have a browser running when you scan.
posted by obedo at 1:09 AM on September 5, 2004
posted by obedo at 1:09 AM on September 5, 2004
Response by poster: Thanks, gentlefolk.... The Ad-Aware/MTC.dll tip seems to have done the trick. Whew. And I'm much relieved that this hijack seems to be more annoying than vicious.
(I still wish I knew where or how he picked it up, so this doesn't happen again. Maybe I can get one of my nephews to pry the info out of him. grin.)
To be honest, I didn't think dash_slot- was being snarky. I'd spent most of the earlier part of the day working my way thru the ask-mefi links, tho, in hopes somebody had already asked about this particular bit of malware. I know I'm slow to post (obsessive about poorfreading) and my server was being painfully slow that day, as well....
Lordy, NO! I NEVER would have tried to post here from an infected machine! When I have no idea what a nasty might be able to do, I consider the machine quarantined for the duration!
posted by realjanetkagan at 3:17 PM on September 5, 2004
(I still wish I knew where or how he picked it up, so this doesn't happen again. Maybe I can get one of my nephews to pry the info out of him. grin.)
To be honest, I didn't think dash_slot- was being snarky. I'd spent most of the earlier part of the day working my way thru the ask-mefi links, tho, in hopes somebody had already asked about this particular bit of malware. I know I'm slow to post (obsessive about poorfreading) and my server was being painfully slow that day, as well....
Lordy, NO! I NEVER would have tried to post here from an infected machine! When I have no idea what a nasty might be able to do, I consider the machine quarantined for the duration!
posted by realjanetkagan at 3:17 PM on September 5, 2004
Response by poster: re: "poorfreading"
It's a joke, son.
posted by realjanetkagan at 3:18 PM on September 5, 2004
It's a joke, son.
posted by realjanetkagan at 3:18 PM on September 5, 2004
This thread is closed to new comments.
posted by dash_slot- at 7:06 PM on September 3, 2004