Is My Google Infected?

[dr_mabeuse]

Everytime I do a Google search, the first page of hits comes up for a split second, and is then replaced by blank google page containing one hit that's actually an ad, like "Rabid Porno Goldfish is just a click away ad Quiksearch" or something. If I click 3-4 times on the google search bar I'll finally get my page of hits, but if I try to go past the first page I'm returned to the ad page again.

I ran spybot and it came up clean. Am I infected or is Google doing this for everytone now?

---Zooot

 

[Colleen Thomas]

Everytime I do a Google search, the first page of hits comes up for a split second, and is then replaced by blank google page containing one hit that's actually an ad, like "Rabid Porno Goldfish is just a click away ad Quiksearch" or something. If I click 3-4 times on the google search bar I'll finally get my page of hits, but if I try to go past the first page I'm returned to the ad page again.

I ran spybot and it came up clean. Am I infected or is Google doing this for everytone now?

---Zooot

Googl is working fine for me. It sonds like a spyware browser hijack. I use spybot and adaware in concert. some things spybot catches adaware dosent & vice versa, depending upon which has updated their definitions most recently.

You might try that doc.

-Colly

 

[dr_mabeuse]

I just tried them both (Adaware and Spybot), and it's still happening. Today's ad is from a place called "Starware". I'll just havr to go find some other search engine, and it sure as hell won't be Starware.

I haven't been able to send or delete email from my Yahoo account since they 'upgraded' the service last weekend. My onscreen control buttons don't do anything, so I've had to go to Hotmail and make a new email account. I've contacted yahoo about it and they invited me to use their online help service, which doesn't work, so I guess that's it for me and Yahoo.

You know, the better these things get, the worse they seem to operate.

---dr.M.

 

[Guest]

If a man asked me that in real life, with a straight face, I'd call the police.

Mab., my google's fine. P.

 

[Colleen Thomas]

Doc, you might want to look at this it sounds like it might be your problem.

http://www.computercops.biz/modules.php?&name=Forums&file=viewtopic&p=149945

You might try checking for this too:

Official Description: New.Net is a company that sells domain names for "nonstandard" top-level domains including .free, .xxx and .shop.
Comment: While several such nonstandard TLDs are currently implemented by a number of organizations and under consideration by ICANN, this particular implementation smacks of an attempt to overthrow more legitimate pioneers of alternate domain-names (e.g. OpenNIC, AlterNIC).

This software consists of a browser "plug-in" DLL (e.g. newdotnetx_xx.dll, where xxx indicate a version number), which is placed in the user's Windows folder.

The file is normally placed in C:\Windows\ (C:\WinNT\ for NT users) and run silently at start-up (via Rundll32) by a Run key placed in the Windows registry.

Until recently, New.Net offered a 0.05 USD commission for each system the plugin was successfully installed on. According to New.Net staff, this program has been discontinued.

However other file-sharing clients and other free downloads continue to bundle it with downloads.


Hopefully one of those two is your troublemaker.

-Colly

 

[Clare Quilty]

You may want to give very well known a free utility called "Hijack This" a try. It is better at detecting and removing hijacks than adaware or spybot search&destroy. I use all three as well as spywareguard. The link to spywareguard, which will help to prevent future hijacks is below.

This is one of the main reasons why I don't use IE--in addition to IE's not having tabbed windows, mouse gestures, and just being too bloated and slow.

merijn.org

spywareguard

Mozilla FireFox: tabbed browsing, popup blocker, mouse gestures and no bloat.

 

[matriarch]

If a man asked me that in real life, with a straight face, I'd call the police.

Mab., my google's fine. P.

LMAO !!!



PS., my google is absolutely spot on, also.

 

[Clare Quilty]

Spyware Info.com

Mike Healan
March 23, 2004 (Updated May 7, 2004)

If you've ever been infected with a browser hijacker, you know what an infuriating situation it is. For all intents and purposes, your $3,000 computer is converted into a source of revenue for some fly-by-night web site unable to generate legitimate web traffic. Once installed, it usually takes an expert to remove a browser hijacker effectively.

If you've gone through this before, you never, ever want it to happen again. So, how do you prevent being hijacked? This is surprisingly easy.

Dump Internet Explorer

First and most simply, stop using Internet Explorer. If you use either Mozilla, Firefox or Opera, you are immune to all known and future browser hijackers.

You are immune for two reasons. First, most people use Internet Explorer, so most malicious code is custom built to exploit it. Second, Opera's and Mozilla's programmers take security very seriously and have made these browsers very secure. It is not possible to install software from a web site using these browsers without at least seeing a prompt of some sort asking permission.

If you have to use MSIE

Switching browsers is the easy answer. For some people, that is not an option for various reasons. Internet Explorer can be made reasonably safe without locking down every useful function, but it requires some third-party software.

The most important thing is to update your browser and operating system. Go to WindowsUpdates and install the latest version of Internet Explorer (currently MSIE 6 Service Pack 1), then go back and install any security patches that are available. Also install any service packs and patches for Windows itself. This one action will save you from the overwhelming majority of browser hijackers.

After you've done that, replace Microsoft Java VM with Sun Java. You can download that from http://www.java.com/. There are several hijackers that exploit flaws in Microsoft Java VM. Sun's Java is more secure and more up to date. Make certain, in Java's options, that Sun Java JRE is set to work with Internet Explorer.

Open Internet Options from the Windows control panel and click the "Security" tab. Highlight the "Internet" icon and then click "Custom Level". Choose "Medium" from the drop-down box at the bottom, then click the "Reset" button. Click ok, then click "Custom Level" again.

Set your options just as I have listed below:

.NET Framework-reliant components

* Run components not signed with Authenticode (Disable)
* Run components signed with Authenticode (Prompt)

ActiveX controls and plug-ins

* Download signed ActiveX controls (Prompt)
* Download unsigned ActiveX controls (Disable)
* Initialize and script ActiveX controls not marked as safe (Disable)
* Run ActiveX controls and plug-ins (Enabled) (This actually refers to Java and Flash, not ActiveX)
* Script ActiveX controls marked safe for scripting (Prompt)

Miscellaneous

* Access data sources across domains (Disable)
* Drag and drop or copy and paste files (Prompt)
* Installation of desktop items (Prompt)
* Launching programs and files in an IFRAME (Prompt)
* Navigate sub-frames across different domains (Prompt)
* Software channel permissions (High safety)
* Userdata persistance (Disable)

Scripting

* Allow paste operations via script (Prompt)
* Scripting of Java applets (Prompt)

Next, you need to run a registry script called IE-SPYADS. This script will place an enormous number of web sites known to be abusive into Internet Explorer's "Restricted Zone". Any site in that list will be unable to run javascripts, java applets, set or read cookies or use ActiveX scripting. You still will be able to visit those sites but they will be very limited in what they can do.

Be aware that MSIE has many security flaws that will allow a clever site designer to bypass security settings, even if their site is in the restricted zone. More must still be done.

Now you need to install SpywareBlaster. ActiveX programs need to use a CLSID (identifier number) before Windows will execute them. SpywareBlaster stops certain ActiveX CLSIDs from working by setting a "kill bit" in the Windows registry. This will stop ActiveX drive-by installations from programs that use those numbers, as well as preventing software already installed from running if they use that CLSID.

As a final safeguard, install a program called Browser Hijack Blaster. This program will watch for alterations to the home page, default page and search page as well as watching for Browser Helper Objects being installed. If it detects a change, it immediately will pop up a warning and ask if you wish to allow the change.

Be very careful about installing programs. By far the most common source of malware infection comes from third party bundles. Grokster, for instance, will install a dozen or more unwanted programs.

Finally, you also should disable the preview pane if you use Outlook or Outlook Express. Simply by highlighting an email while the preview pane is active, even to delete it, you could activate any scripting in that email. Visit TomCoyote's site for instructions on doing that.

Follow the steps above and it will be very unlikely that you ever will be hijacked again. Periodically scan your system with antispyware and antivirus software. I recommend Spybot S&D for antispyware and Nod32 for antivirus.
Related:

Browser Hijackers


Spyware.com How To Prevent Browser Hijacking

 

[ABSTRUSE]

I just tried them both (Adaware and Spybot), and it's still happening. Today's ad is from a place called "Starware". I'll just havr to go find some other search engine, and it sure as hell won't be Starware.

I haven't been able to send or delete email from my Yahoo account since they 'upgraded' the service last weekend. My onscreen control buttons don't do anything, so I've had to go to Hotmail and make a new email account. I've contacted yahoo about it and they invited me to use their online help service, which doesn't work, so I guess that's it for me and Yahoo.

You know, the better these things get, the worse they seem to operate.

---dr.M.

It's sounds like you have a worm or a trojan horse hidden somewhere, I'm going through the same thing, Zoot. Poor vella tried desperately to help. I found a spy sweep program that is keeping my home page from changing every three seconds.
If you are on Norton, go to the home page and run an online virus scan, that's how I found the problems my antivirus missed.
Hope I helped a little.
~A~

 

[RavenSpirit2k4]

Rabid porno goldfish?!

 

[Virtual_Burlesque]

That happened to me once.

I called up Google by its URL. Deleted the old Google URL, and moved the new one into its old position in my bookmarks. It worked fine, for me, after that.

I don’t know what would have happened if I had a Google Toolbar.



Best advice. Keep your Google prophylactically protected.

 

[gauchecritic]

If it's the google tool bar you're talking about Mab, it may not actually be the google toolbar, look closely, does it say "Google" at the far right?

I've just had to remove a search toolbar that I thought was google but wasn't. It actually helped me to do it too.

"Add/remove programs"

Right clicking on the top tool bar should give you cilckable options and google should be one of them.

Gauche

 

[dr_mabeuse]

Clare, I'd hate to switch browsers because I'd lose all my bookmarks. There's a lot that I really need. But then maybe I'll try it. I guess I can always open up IE to use my bookmarks till they're transferred.

Colleen, thanks, but I really don't understand a word of that post. I went to the site you linked and that was even worse. You're dealing with someone with neolithic computer skills.

Gauche & Virtch, I have the google toolbar, and it's genuine. I guess I could untinstall/reinstall it. I'll have to try it.

Thanks to all. Aside from my email trouble, most of this stuff is just nuisance level trouble. But I do hate nuisances.

---dr.M.

 

[Kiss Me]

I changed over a few weeks ago to Mozilla because of a similar problem. You don't have to worry about loosing all your bookmarks because they carry over. Mozilla simply adds one at the top of it's list called Imported IE Favourites and they're all in there.

 

[sincerely_helene]

It sounds like a similar problem that I have been experiancing of late. Emails have been arriving in both my spam and inbox that are not even ads, but rather complete gibberish. Things like "As purple fox spits firmly time swims fleeting grey slurpie".

I have encountered a few websites with similar random text in my surfing within the past month or so also.

 

[Clare Quilty]

Clare, I'd hate to switch browsers because I'd lose all my bookmarks. There's a lot that I really need.

---dr.M.

Not so good Doctor. FireFox automatically imports IE bookmarks and cookies.

 

[snooper]

Twelve hours too late ...

... I will add my recommendation (as a retired Compusec expert) for Firefox. It really is good, and it will import anything important from IE.

 

[Clare Quilty]

... I will add my recommendation (as a retired Compusec expert) for Firefox. It really is good

Among the many extensions that I use to customize Mozilla FireFox, I have one that allows me to highlight any word (or phrase for that matter) right click on it and then choose from a customizable menu to look up the word in several online dictionaries, translate it into another language, look for encyclopaedia entries pertaining to the word or even look up quotes about the given word or phrase. Now that I have this functionality in a browser, I would be hard pressed to give it up.

 

[Colleen Thomas]

Sorry for the Jargon Doc.

If you are staying with Ie.:

do a file search for newdotnetx*.dll
If your compy finds that Dll, you have new on your computer. Perhaps partially installed & partially removed by your spyware. If it is there, there are several sites with free removal tools. If it isn't, then you know at least that isn't the problem.

-Colly

 

[dr_mabeuse]

Okay, I switched to Mozilla Firefox, and you were right. In Firefox, my yahoo mail works fine, as does Google. It imported all my favorites, although in alphabetical order, rather than in the weird idiosyncratic way I had them organized.

I no longer have the Google toolbar though. I guess I'll have to figure out how to load that into Firefox. Also, my link to Word won't take here. I used to have Word in my links bar so I could write in Word and cut&paste into the Lit posting box, but I'll figure something out.

That's not much of a price to pay for being able to delete mail from my yahoo account though. I was really starting to feel like I was seriously constipated; like all these waste products were filling up in my system.

So thanks to all. I owe you all the sex act of your choice, except for Gauche, for whom I hope a manly handshake
will suffice.

---Zoot: regular again ...

 

[MLyons]

I too have been following this thread, and after a long time of waffling and procrastinating, I finally switched to Firefox as well. Thanks to all for the links, recommendations and information.

 

[snooper]

... I owe you all the sex act of your choice, except for Gauche, for whom I hope a manly handshake
will suffice.

Can I settle for a manly handshake also, please?

 

[gauchecritic]

So thanks to all. I owe you all the sex act of your choice, except for Gauche, for whom I hope a manly handshake
will suffice.

---Zoot: regular again ...

Depends on what it is of mine that you're going to be shaking with your hand Mab.

Gauche

 

[Guest]

Gawd I wish I hadn't checked back into this thread. The thought of Gauche and Mab. shaking anything together but hands has blackened my day.

Perdita

 

[Alex De Kok]

It imported all my favorites, although in alphabetical order, rather than in the weird idiosyncratic way I had them organized.

Not a problem. Click on 'Bookmarks', click on 'Manage Bookmarks' and then drag 'em around to suit yourself, put them in folders, move them between folders, or whatever.

Now can anyone suggest anything for a site that absolutely insists on me using IE, except actually using the bl***y thing?

Alex