Is it me or Yahoo ?

AMUN · 10-15-2008, 01:37 AM

"AMUN" <antispam@sparmmstop.net> wrote in message
news:gd3pr3$p99$1@aioe.org...
>
> "Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
> news:gd3201$gjn$1@registered.motzarella.org...
>> AMUN wrote:
>>> "Max Wachtel" <maxwachtel@nomail.afraid.org> wrote in message
>>> news:gd2j41$g23$1@registered.motzarella.org...
>>>> AMUN wrote:
>>>>> I'm a bit stumped if my machine picked up some malware infection, or
>>>>> is Yahoo and a few other sites pulling something new ?
>>>>>
>>>>> For the last week or so, I do a search at Yahoo.com, and pages
>>>>> intermittently get re-directed to strange link pages or sales sites.
>>>>>
>>>>> Noticed when I try to go back (using the back button), there are often
>>>>> several strange pages in the history after the page I was at.
>>>>> Some actually do say "re-direct."
>>>>> Yet ran several scans on my system using several anti-mal/spyware's
>>>>> and no malware is being found.
>>>>> Also often noticing the same thing at Amazon.com.
>>>>> Yet other websites show no problems at all.
>>>>>
>>>>> So is my system infected with some rare redirection trojan, or, are
>>>>> some sites getting really ignorant with the ad's ?
>>>> Sounds like your system has been compromised. Are there any other
>>>> strange goings-on? What scanners have you run? (please be specific)
>>>> What browser do you use? Have you installed any toolbars lately? I see
>>>> by your posting headers, you are running XP. Is it up-to-date?
>>>
>>> First thing I thought was something infiltrated the system.
>>> Classic MO of a redirect trojan.
>>> No changes have been made (to my knowledge) and no new IE helper apps,
>>> or toolbars are installed.
>>> And IE (version 6) security settings are higher than most,
>>>
>>> Only change that was tried, was to update the winamp player (see my post
>>> about that choking AVG)
>>> But even that was removed and an older version restored.
>>>
>>> Spybot and AVG always show 100% clean (with latest updates)
>>
>> You should scan your system with SUPERAntiSpyware and malwarebytes' mbam
>> scanners.
>>>
>>> Yet results from yahoo & Amazon often lead to completely wrong web
>>> pages.
>>> Not all the time though. and IE home page is normal.
>>> System does not seem to be showing ANY other problems.
>>> Router logs don't show any suspicious activity either, all unauthorized
>>> access seems to be blocked
>>
>> Have you tried those sites with another browser?
>>>
>>> It is XP but a HP ******* version that quit allowing Microsoft updates
>>> months ago.
>>> (last HP/Compaq I ever #*^%$## buy.)
>>
>> This issue must be fixed! (I am using an older compaq laptop)
>> Have you looked into if the update service is running?
>> Administrative Tools/Services
>>>
>>> Perhaps tonight I'll look into it further.
>>> We do run the MVP Hosts files, but had not updated in a while, so I'll
>>> try that too.
>>>
>> MVP hosts file should not be causing your problem(I use it also)
>>
>> As a last resort, do you still have the install disk that came with your
>> system? It might be a good idea to make copies of all important files
>> (docs,pics,music,etc) on removable media, today.
>> --
>> Virus Removal http://max.shplink.com/removal.html
>> Keep Clean http://max.shplink.com/keepingclean.html
>> Change nomail.afraid.org to gmail.com to reply by email.
>> nomail.afraid.org is for use in USENET-feel free to use it yourself.
>
>
> We backup religiously here, so no real chance of losing much of
> importance.
>
> But yes, I do have the HP Install disks, but they only get your system
> back to what HP sold you "loaded" in the first place. So they really are
> more "restore" disks, than "installation"
> As it was full of trial programs and outright malware that took weeks to
> clean out, it's hardly an option I want to repeat.
>
> If it came to that I have a "hacked" version of XP, I'd install first, as
> a CLEAN INSTALL.
>
> Just running Trend micro (second try)on it now.
> First try found a few "questionable" files, but not much info about them.
>
> Strangely the first run of Trend micro seemed to have zeroed in on my
> hosts file, and listed hosts\127.0.0.1 as a bad link/file
> (and why I'm running it a second time before letting it fix anything)
>
>
> And it did show a dozen or so "windows security flaws", so perhaps
> tomorrow I'll phone HP again and rip them a new one over why their XP
> won't update from Microsoft.
> Of course Microsoft will offer no help/support on the "XP" that HP sells
> installed in their systems.
>
> And why I'd never buy another HP "preloaded" computer again.
> (unless they throw in a full version operating system)
> But I suppose all the others like Dell etc, are the same too.
>
> Still a bit strange that after a week of updates both Spybot AND AVG still
> didn't find any problems at all.
> Yet something IS clearly wrong.
>

Still waiting to see what Trend Micro scan will turn up.
But so far it's showing a strange entry in "application data" \
lobqjkvc\lwrkruxm.exe
And I just don't remember installing "lobqjkvc" at all, either the full or
trial versions <g>

But decided to also try your suggestions "SUPERAntiSpyware and malwarebytes'
mbam" before I let anything get fixed.

I'll post the results tomorrow here of what each found.
And which could actually get rid of problems.

Thread: Is it me or Yahoo ?

Thread Tools

Display

Threaded View

Re: Is it me or Yahoo ?

Thread Information

Users Browsing this Thread

Posting Permissions