• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
shaunw

Urgent! Your website has been hacked

22 posts in this topic

SpywareInfo.com will drop the StartPage-DU onto the computer of anyone visiting

the site using ie with default security. This is a version of the aboutblank hijack.

It will only download it once a day so obviously it is cookie driven. I have tested

this several times.

1. Open i.e with no hijack

2. Visit your site

3. Now I have the hijack

4. Remove it using hijackthis or McAfee

5. Visit your site again several times no hijack

6. Advance the date on my machine by one day and visit your site.

7. Hijack is back.

You need to do something about this a.s.a.p

 

:techsupport:

 

:grrr:

Share this post


Link to post
Share on other sites

seems like you're the only one with the problem, I tested it, plenty of other people concur. Did you just get infected somewhere else. SWI has NOT been hacked

Share this post


Link to post
Share on other sites
SpywareInfo.com will drop the StartPage-DU onto the computer of anyone visiting

the site using ie with default security. This is a version of the aboutblank hijack.

It will only download it once a day so obviously it is cookie driven. I have tested

this several times.

I tried it too. I did not get hijacked. I even turned off my firewall and all of my antivirus software and enabled all cookies through IE. I agree with Gwy.

 

nic

Share this post


Link to post
Share on other sites
SpywareInfo.com will drop the StartPage-DU onto the computer of anyone visiting

the site using ie with default security. This is a version of the aboutblank hijack.

It will only download it once a day so obviously it is cookie driven. I have tested

this several times.

My HijackThis log is telling me otherwhise, and I visit this site AT LEAST once a day.

Share this post


Link to post
Share on other sites

Despite what other people have found I have just repeated the test by

moving the date forward on my PC and opening ie and going straight to

this site. Now I have the infection again just by visiting this site. I am

using Windows XP home edition with SP1 and some other patches.

I am behind a hardware firewall but with on demand virus scanning

disabled. I am only using this browser to visit this site i.e.there is no

possibility that some other site is involved. Could the other people who

have replied to this post tell me what the specs of their machines are

i.e browser and OS etc.

 

:techsupport:

Share this post


Link to post
Share on other sites

xp pro sp1 i tried what you said (lowered all my IE security settings to the lowest and allowed everything, disbled anti-virus, took down firewall, disable immnizations, everything). nothing happened, i have swi set as my homepage. you have become infected some other way. swi has not been hacked.

Share this post


Link to post
Share on other sites

Spywareinfo.com is in my Trusted Zone and nothing like this has ever happened. (Admittedly I do have SpywareBlaster installed, to block any bad ActiveX.)

 

It's quite puzzling to imagine how you could be experiencing this. One posssibilty is that you're being redirected to a counterfeit look-alike page. We haven't heard of a counterfeit for this site - counterfeit Google and MSN are known, though.

Share this post


Link to post
Share on other sites

Well if I were going to a counterfeit site it would have to take me there first and

then after infecting my machine switch me to the real site so that I can reply to

your posting. And why will this only happen once in every 24 hours. I assume a

cookie has to expire or something. I will try the test again using a different

computer.

 

:techsupport:

Share this post


Link to post
Share on other sites

You have this infection simply because you are already infected. Period. SWI is not the cause of your infection, rather your own security, or lack of, that is causing it. I am suggesting a downloaded active X control from some other site is making a random connection to it's own updater to re-infect you and not, as you insinuate, coming from SWI.

 

Please feel free to post a log for help to clear this infection up. Once it is clear, you may want to re-evaluate this collosal slur you have tried to brand us with.

Share this post


Link to post
Share on other sites

Mr bones I am just reporting what I have found. I am not blaming anyone or

assuming that I know why this is happening. I don't need any help to get rid

of this. I have been a computer programmer for the past 25 years so I can sort

out minor problems like this easily. Nor is it due to my lack of security. Perhaps

you blame all the people who ask for help in the malwear removal forum for

causing their own problems. Not a very helpful attitude I think.

There is nothing random about this and a visit to this site and only this site +

advancing the clock by 1 day is necessary to reinfect my machine. If I don't visit

the site it doesn't happen. Sites do get hacked and no one should assume that it

can never happen to them. At the very least you should keep an open mind. I

will try to pin the problem down further.

 

:techsupport:

Share this post


Link to post
Share on other sites

It seems clear that your connection to SWI is intercepted and the hijack done before (or after) you get here. A BHO could do that, and recently there have been a lot of hidden BHO's found on hijacked PC's..

Share this post


Link to post
Share on other sites

For the moment I have failed to pin down the problem.

I would like to thank gwyrox732 and cnm for their help. I now have two

hypotheses about the problem but first I would like to repeat the info

about the setup I am using.

 

1. Hardware firewall

2.Windows XP home with SP1 and some later security patches installed.

3.Internet explorer with SP1 and the latest security patches installed.

4.On demand virus scanning disabled.

5.Default security i.e medium in the 'Internet Zone'.

6.If I set the security to high in the 'Internet zone' then I can't recreate the

problem. But this means that many sites will not be displayed properly and

would probably not be acceptable for most users.

 

Here are the two ideas I have about the problem.

 

a) spywareinfo.com really has been hacked and will download the aboutblank

hijack to some PCs. But only once per day.

 

b) There is something on my PC (call it X) which will wait until I visit the spyware

info.com site and will then install the aboutblank trojan on my PC. Believe me,

I have repeatedly tested this and the visit to spywareinfo.com really is necessary

 

What is there in favour of a). Well setting security to high, in the ie internet zone,

prevents the installation of the hijack.

 

What is there in favour of b). No one else has been able to reproduce the problem

even when they set security to low and turn off on demand virus scanning.

 

But in the end both a) and b) are equally disturbing. Suppose a) is true then it

means the site has been hacked.

Suppose b) is true then it means that there are versions of the aboutblank hijack

which cannot be removed by highjackthis or McAfee viruscan or by the advice you

give in your forums. If X really exists then you don't know how to remove it and

it might explain why so many people in the malware forum complain that their

browser hijack keeps returning.

 

Finally I would like to repeat that I have no interest in proving that either a) or

b) is true. I appreciate the help that the volunteers on this site are trying to

provide. I know that if I never visit this site again I will won't get re-infected.

 

:techsupport:

Share this post


Link to post
Share on other sites
...there are versions of the aboutblank hijack

which cannot be removed by highjackthis or McAfee viruscan

This is true. There are special tools for seeing the app_init DLLs, for instance. Post your log in the Malware Removal forum, and if Shadowwar or freeatlast or some other knowledgeable Expert comes to your aid it will be removed. :)

Share this post


Link to post
Share on other sites

Ok I finally managed to pin it down and there are various ways to defeat it which

may be useful for other variations. But its not related to this site so I eat humble

pie, crow etc. etc.

1. I noticed that the reinfection only happened every 24 hours. Other people seem

to have infections which re-occur after 2 or 4 hours etc. So try the following.

I set my system clock to the year 2020. Ran ie got the infection again. Cleaned

it using hijackthis and retested. The tests show that I will be free of the reinfection

until 01/01/2021 and by that time either this computer will have died or the

server to which I am hijacked will have died. So if you have an infection which

you can clear but which reloads after a few hours or a day or a week try the above

solution. However its not ideal because it doesn't clear out the file which is trying to

reload the trojan and it won't help with hijacks which don't use a system timer.

2. Ran Pandasoft anti virus software and it identified a dll and an exploit and

claimed to have deleted it but the fact that it kept finding it again seemed to show

that it couldn't do the job. Oviously the dll is locked in some way.

3. Downloaded Find&Fix and used it to move and delete the dll. Retested, all clear

at least until 2030 etc. etc.

 

Finally some final thoughts for the pious people who think that you can only get

infected if you visit porn websites etc and therefore you deserve to die. You know

who you are, don't you?

Yesterday Microsoft put out a security fix to ie which removed some of its functions.

This will break some computer programs which depend on these published

functions and was an admission by Microsoft that there are holes in ie and outlook

and media player which it cannot fix. These holes will allow trojans to attack your

machine even if you have a firewall and on demand virus scanning. Most users

don't even know what a firewall or on demand virus scanning is. So what chance

do they have?

 

Finally much of the advice on this site is unrealistic. I know that saying this will

iritate many of the people who try to help but I'm going to offer alternative advice.

If your browser is hijacked do this.

1. Goto Mozilla.org

2. Download the Mozilla browser and install it. (13 Mb download). It is free.

3. Use this until your hijack is resolved or until you decide that you can't be

bothered with ie anymore. Many of the hijack problems with ie could be simply

resolved if you could uninstall ie and reinstall it. But you can't. Its part of the

operating system. You can make it invisible but you can't uninstall it. This stupid

decision by Bill Gates is responsible for many of the problems that ie users are

having today. Browser hijacks are rampant and people spend hours on sites such

as this trying to resolve them and failing. Life is too short.

 

 

:techsupport:

Share this post


Link to post
Share on other sites

Yes, shaunw, we do recommend FireFox/Mozilla/etc to vicitims after their problems are resolved. Most of us use them ourselves all the time. But it is advised that you clear the problems on your computer before you make the switch for the following reasons:

 

1)Some infections can cause major slow-downs

2)Many infections clutter up the system

3)Leavng dangerous files on your computer isn't good

4)Perhaps one of your problems is a dialer? Just a simple browser switch doesn't fix that.

Share this post


Link to post
Share on other sites

Well I accept what you say about rogue diallers and extreme slowdowns having to be

removed first but most of the people with problems on this site do not seem to have

either of these and most of their distress comes from the fact that they cannot use the

internet and the clear up process is slow. Sometimes I feel that for most of the people

posting problems on this site it would be quicker for them to backup the data files they

really need and reformat and start again. But I suppose that might be beyond the skills

of the average user.

What concerns me most is the present state of Internet Explorer and the fact that the

truth about this is not getting through to people. Having a good firewall, and up to date

anti virus package and applying all the microsoft fixes will not save you.

There is a hole in ie that Microsoft tried to fix last weekend but the fix doesn't work.

A simple script on a website could delete the contents of your harddisk or download

a key logger that records your passwords, credit card details etc. and sends them

back to a hacker. The scripts for this exploit are freely available. Many of the hijacks

reported on this site may have used this exploit. The only safe way to use ie is with

scripting disabled.

 

 

 

:techsupport:

Share this post


Link to post
Share on other sites

Firefox is recommended over and over here.

Mike feels that no one in their right mind will browse with IE.

Share this post


Link to post
Share on other sites

Hmm.. I should do that switch also then I guess.. Never tried any other browser and now my home computer seems not to be mine anymore... I'll post hijackthis log later this week, first I want to make sure not to add problems on the big pile needingless.

Share this post


Link to post
Share on other sites
Well I accept what you say about rogue diallers and extreme slowdowns having to be

removed first but most of the people with problems on this site do not seem to have

either of these and most of their distress comes from the fact that they cannot use the

internet and the clear up process is slow. Sometimes I feel that for most of the people

posting problems on this site it would be quicker for them to backup the data files they

really need and reformat and start again. But I suppose that might be beyond the skills

of the average user.

What concerns me most is the present state of Internet Explorer and the fact that the

truth about this is not getting through to people. Having a good firewall, and up to date

anti virus package and applying all the microsoft fixes will not save you.

There is a hole in ie that Microsoft tried to fix last weekend but the fix doesn't work.

A simple script on a website could delete the contents of your harddisk or download

a key logger that records your passwords, credit card details etc. and sends them

back to a hacker. The scripts for this exploit are freely available. Many of the hijacks

reported on this site may have used this exploit. The only safe way to use ie is with

scripting disabled.

 

 

 

:techsupport:

Well the only problem that I have swiching between browsers is that IE is a connected program to many Windows features, and there are quite a bit of them that need to use that Such as Desktop Properties, Outlook Express, Microsoft Outlook, and Microsoft Front page need to use IE as an add on for it features, from what you are say is, if everyone needs to Swich to Firefox, it would mean a full uninstallated IE from Windows wich in bad terms sets the Explore back to it early coding that if you click on a folder, it opens a new window, so called the 3.X version of the Explorer, and that is the reason to my slight complaint to this, and plus it would land many programs and services disabled so that it would be unable to use Filesharing programs, and Chat Rooms because of the missing IE compounet(sp?), but that is my point about this some of you need to think about it before fully uninstalling IE and deleting the files to it, it won't be the same anymore, plus Firefox is still a bit buggy and it would probbly crash Windows if I were to run, plus Windows update will no longer work eaither.

 

So please read and think about it.

Share this post


Link to post
Share on other sites

Hardly.

 

Have you tried Firefox?

 

The shell, explorer.exe, would _not_ revert to a progman.exe-ish Windows 3.11-ish state. While it uses IE for Web content, it is a more than capable file navigator on its own. It does not rely on IE for that.

 

Active Desktop relies on IE because the Windows developers didn't think ahead and make Windows like Linux - native JPG/GIF and transparent text support is in Linux because KDE and Gnome were coded well, unlike Explorer.

 

IE cannot be uninstalled from a system without specialized tools. Firefox is not one of them. Even if you removed IE, it would not disable filesharing programs, chat rooms, or other programs in general unless they were coded to depend only on IE instead of their own interfaces, which would alienate Linux and Mac users.

 

Outlook works without IE; I know because I use that at my office and I browse with nothing but Firefox.

 

Frontpage works without IE; in fact, it works excellently with Firefox, but I still prefer Dreamweaver.

 

Windows Update doesn't cease functioning; the Windows Update shortcut in the Start Menu forces IE to open to Windows Update and Windows Update only.

 

In short, IE stays resident on your system even if you choose another browser as your primary and use that only - why else would you still have to download all those IE patches from Windows Update?

 

I ask you to name one system-critical service that would be stopped were IE to be removed. I give you an answer now: none.

 

Firefox only has two major bugs, and one was patched this afternoon involving a shell: extension handler, which it passes off to the Windows shell. The other one is a slight lag issue with Adobe Acrobat Reader 6 and PDF files.

Share this post


Link to post
Share on other sites

After reading this thread, I would like to add my .02 (FWIW being a brand new member and all)

 

shaun, it sounds like your system is lacking critical updates at the very least.

 

Programmer or not, you are not invincible nor are you immune to having a vulnerable system.

Share this post


Link to post
Share on other sites

I was refered to this thread by Screwfix.co.uk (a UK supplier of building materials) after I queried the fact that I had received the c2.lop cookie after accessing their home page. They deny any responsibility. A couple of friends have tried accessing their page - one got the cookie, the other didn't. We can spot any difference in our security setup.

 

I have been surfing various sites over the last 2 days and not got any cookies as a result. But as soon as I go to the Screwfix home page, I get it again.

 

Given their assurance that they do not employ any form of tracking cookie (which I accept - it is a very reputable company) why am I getting C2.lop and why only when I access Screwfix's home page?

 

Incidentally, it doesn't make any difference whether I browse it with IE or Firefox.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0