Computer taken over?
May 19, 2009 9:46 AM   Subscribe

Two tech questions: I've just started running into a weird message when I try to go to a page on the ABC News page: This Account Has Been Suspended Please contact the billing/support department as soon as possible. and this is the URL I was reading a NYT story earlier today that mentioned Lamda at the very end of the story. Cleared the cookies, shut down and restarted both browsers (IE and Firefox) but keep getting the same message. Separately, lately when I read certain blogs, I am suddenly taken to a Google images search page; the original pages' URL shows up in the search field and the message is that the URL can't be found. I cannot seem to get rid of this problem. All ideas welcome, and thanks.
posted by etaoin to Computers & Internet (5 answers total) 2 users marked this as a favorite
 
Sounds like a couple of things....1) I don' t think 'routehost.com' is a valid ABC News domain...combined with the fact that they didn't pay their hosting bill (The suspended message) which tells me that you are being routed to the page probably by spyware, or changes made to the system by spyware. The second issue, also sounds like a browser hijack attempt, and/or hosts file hijack.

I assume you are running WinXP ..so you'll want to check the hosts file...which is located at C:\windows\system32\drivers\etc\hosts (it's just called hosts..there is no extension, and open it in notepad)...the only entry should be 127.0.0.1 localhost.
If you're running Vista then you'll need to google the hosts file location..but I imagine it's in pretty much the same place.
If you have a bunch of other stuff, you will most likely want to get rid of it.
These entries route addresses you enter on your browser to the numeric IP addresses listed in the file...typically owned by spyware/malware creators.

You should also run some spyware scans...I recommend MalwareBytes Anti-Malware, and Spybot Search & Destroy. (running a single scanner typically misses stuff)

And of course a full virus scan is in order, but that goes without saying. (even though I just did).


Let us know how it goes :)
posted by AltReality at 9:58 AM on May 19, 2009


Definitely sounds like spyware - something is hijacking your browser and forcing you to inappropriate websites. Spybot Search & Destroy is my recommendation as well.
posted by AzraelBrown at 10:04 AM on May 19, 2009


Seconding the above... sounds like you're infected with a nasty piece of malware. ABC news certainly pays its bills (I hope), that should be indication #1. I'd consider backing up essential documents (not programs, you can reinstall those again later) and wiping your whole computer back to factory defaults. The way these programs work is to make it look like your webbrowser is working when in fact you're on a malicious, disguised website, collecting your private data.

The thing is, it could be doing a lot more. The nature of rootkit design is modular, to allow easy rollout of custom "payloads", so without catching the thing in its enviornment, I doubt any MeFite can tell you the extent of infection. Even then, these programs are designed to obfuscate themselves from the OS itself. It's hard to track down a file when Windows doesn't think it exists :/

Obviously this isn't an option for some, so absolutely try the above tools, especially Spybot Search and Destroy, which I've had some success with. But if your computer is mission critical to your life, you use sensitive information on it, or you're maintaining a server farm for a client (doubtful), you need to wipe it to ensure whatever *kit is installed is gone.

As an aside about this, getting into the mindset of backing up data is a pretty good one. In this way you can separate the computer and its potentially malicious process from what you really care about. Regular backups make it easy when you want to wipe the thing, as in this case.

Good luck!
posted by teabag at 10:14 AM on May 19, 2009


This.
posted by deezil at 10:57 AM on May 19, 2009


Crap, hit submit by accident, stupid trackpad.

Sounds like something funny. Go through the link above to check for and get rid of spyware.
posted by deezil at 10:57 AM on May 19, 2009


« Older How does one actually make a bindlestick??   |   When I say draft I mean draft! Newer »
This thread is closed to new comments.