Malware problem
September 3, 2004 7:01 PM   Subscribe

Malware problem. (Yes, on IE. Why would you ask?) This is some kind of browser hijack that keeps trying to reset my relly's home page and has added a tool bar to everything in his Windows files inviting him to pharmacy and gambling sites. [mi]
posted by realjanetkagan to Computers & Internet (10 answers total)
 
Much more helpful to have the [mi] ready when you post, as it happens.
posted by dash_slot- at 7:06 PM on September 3, 2004


These links may help:
www.google.com/search
ask.metafilter.com/mefi/4176
ask.metafilter.com/mefi/683
ask.metafilter.com/mefi/6866
http://ask.metafilter.com/mefi/9891#182165
http://ask.metafilter.com/mefi/7675
ask.metafilter.com/mefi/9571
posted by dash_slot- at 7:12 PM on September 3, 2004


The browser keeps trying to reset to "makemesearch.com" but I gather some of these can be customized, so I don't know if that's a clue. And, by the way, whatever it was evaded Ad-Aware and SpySweeper to install itself. I've got him trained NOT to click on executables in e-mails and he hasn't installed any new programs. I'm thinking he got this from some webpage but he doesn't remember where he's been.... Yeah. right. NSFW sites, wanna bet?

I've been thru MIT's malware site and their referrals but I cannot track down the specifics of this. I'm worried that it might be WORSE than spyware and might open a backdoor of some sort. I'm working my way thru a previous thread here with advice about what to carry when called to family computer emergencies, but if anybody here recognizes this specific bit of scumware, I'd really appreciate some help.

My dears, when I'm called on to play computer mavin, the family is in dire straits. Any clue?
posted by realjanetkagan at 7:30 PM on September 3, 2004


Here's two specific procedures. Searching for makemesearch also finds quite a few.
It does sound like a tough one, good luck.
posted by milovoo at 7:38 PM on September 3, 2004


Sorry, dash slot-,
This is the first time I've ever tried a [mi], which only goes to prove how clueless I am in this case. I run on Mozilla, which keeps me out of a lot of trouble (knock wood), but I've no idea if Mozilla would protect me from this one.
Yes, I've been working my way thru all those threads all afternoon...so far, I've had no luck pinning down exactly what this is and exactly what this does.
BTW, I'll bet I'm asking you to teach your grandmother how to suck eggs. How can you resist? LOL!
posted by realjanetkagan at 7:48 PM on September 3, 2004


Don't feel the need to apologize. See this MeTa thread.
posted by calwatch at 11:19 AM on September 4, 2004


Sorry if I didn't couch it in soft phrase: it was a quick tip, followed by the results of a specific ask.mefi site search which seems to have been useful and took a few minutes to accomplish - all before rjk's [mi].

I was making a small point, but hopefully without snark, I am proceeding hotfoot to meta as we speak.
posted by dash_slot- at 4:14 PM on September 4, 2004


From reading milovoo's second link, the last comment says a file MTC.dll is causing the problem, along with adding registry entries to make that web site the IE start page. Also it says that the hijack can happen with Firefox or IE but only IE will be affected. The last comment on this link at CastleCops lists steps in using Adware to remove the hijack. Steps include: downloading the latest update and scanning the registry for all users instead of just the current user, also make sure you don't have a browser running when you scan.
posted by obedo at 1:09 AM on September 5, 2004


Thanks, gentlefolk.... The Ad-Aware/MTC.dll tip seems to have done the trick. Whew. And I'm much relieved that this hijack seems to be more annoying than vicious.

(I still wish I knew where or how he picked it up, so this doesn't happen again. Maybe I can get one of my nephews to pry the info out of him. grin.)

To be honest, I didn't think dash_slot- was being snarky. I'd spent most of the earlier part of the day working my way thru the ask-mefi links, tho, in hopes somebody had already asked about this particular bit of malware. I know I'm slow to post (obsessive about poorfreading) and my server was being painfully slow that day, as well....

Lordy, NO! I NEVER would have tried to post here from an infected machine! When I have no idea what a nasty might be able to do, I consider the machine quarantined for the duration!
posted by realjanetkagan at 3:17 PM on September 5, 2004


re: "poorfreading"

It's a joke, son.
posted by realjanetkagan at 3:18 PM on September 5, 2004


« Older A grief observed...   |   What's the best way to learn interactive game... Newer »
This thread is closed to new comments.