Old 03-05-2012, 18:22   #1
kgoerz
Quiet Professional
 
kgoerz's Avatar
 
Join Date: Sep 2005
Location: NC for now
Posts: 2,418
Windows ARRRG

Is there a way to keep your home page from being high jacked every time you download something new. Seems to happen a lot more often. Checked all my security settings and they are all on.
__________________
Sounds like a s#*t sandwhich, but I'll fight anyone, I'm in.
kgoerz is offline   Reply With Quote
Old 03-05-2012, 18:37   #2
Dusty
RIP Quiet Professional
 
Dusty's Avatar
 
Join Date: Jun 2009
Location: The Ozarks
Posts: 10,072
Got Norton?
__________________
"There you go, again." Ronald Reagan
Dusty is offline   Reply With Quote
Old 03-05-2012, 18:38   #3
Snaquebite
Area Commander
 
Snaquebite's Avatar
 
Join Date: May 2006
Location: Raeford, NC
Posts: 3,374
You've been hijacked...if you have a spyware or malware program run it to remove the hijacker file/program.

Edit to add:
http://www.microsoft.com/security/pc...hijacking.aspx
__________________
D-3129 Life

"If one day you decide to know yourself...you'll have to choose the warrior path...You'll reach the darkness of your spirit.... Then, if you overcome your fears....You will know who you are."

"De Oppresso Liber"

Last edited by Snaquebite; 03-05-2012 at 18:41.
Snaquebite is offline   Reply With Quote
Old 03-05-2012, 18:41   #4
kgoerz
Quiet Professional
 
kgoerz's Avatar
 
Join Date: Sep 2005
Location: NC for now
Posts: 2,418
Yes have Norton. It's not every time. Just one of those annoying things that happen. They ask permission to do it. But it's often in the super fine print no one reads. Wondering if there was an easy fix. I hate the way consumers do crap like this.
__________________
Sounds like a s#*t sandwhich, but I'll fight anyone, I'm in.
kgoerz is offline   Reply With Quote
Old 03-05-2012, 18:49   #5
Snaquebite
Area Commander
 
Snaquebite's Avatar
 
Join Date: May 2006
Location: Raeford, NC
Posts: 3,374
Well those porn sites are notorious for adding hijacker files to your computer
__________________
D-3129 Life

"If one day you decide to know yourself...you'll have to choose the warrior path...You'll reach the darkness of your spirit.... Then, if you overcome your fears....You will know who you are."

"De Oppresso Liber"
Snaquebite is offline   Reply With Quote
Old 03-05-2012, 18:52   #6
Kyobanim
Moderator
 
Kyobanim's Avatar
 
Join Date: Feb 2004
Location: Central Florida
Posts: 3,045
there should be a setting in your browser options to prompt you prior to installing something or changing your settings. if you're getting this from apps you're downloading, you just have to becareful and read all the options and windows befor clicking ok.
__________________
"Are you listening or just waiting to talk?"


Light travels faster than sound. This is why some people appear bright until you hear them speak.

"Fate rarely calls upon us at a moment of our choosing."
Optimus Prime
Kyobanim is offline   Reply With Quote
Old 03-05-2012, 22:19   #7
BOfH
Guerrilla Chief
 
Join Date: Jun 2011
Location: NYC Area
Posts: 828
QP kgoerz,
A few things to note:

1. Your anti-virus/anti-malware package is only as good as its last signature update, make sure it is up to date, and is configured to update automatically.
2. That said, AV/AM software catches anywhere from %20-%40 of all malicious software. If you download a file that you are suspicious of, but is not flagged by your A/V, try running it through Virustotal(www.virustotal.com).
3. Most malware these days is installed via vulnerabilities in popular and largely deployed software such as: Adobe Reader, Java, Adobe Flash and Shockwave players. Keep these applications and plugins up to date. Secunia PSI(http://secunia.com/vulnerability_scanning/personal/) can make that process a whole lot easier. Most importantly, make sure that your operating system is set to receive updates and install them automatically.
4. If you believe your machine has been compromised, it is best to rebuild it from scratch, backup whatever data that you need from the system, make a list of installed applications, and then format, reinstall the operating system and any necessary applications. Most malicious software will generally bundle other software, usually rootkits like TDL/TDSS 3/4, which are difficult, if not impossible to remove.
5. Consider running yourself and/or your children as a non-privileged user(Control Panel --> User Accounts --> Create a new user --> Remove the user from the Administrators group and add them to the users group) when browsing the internet . As annoying as they are, do not ignore the UAC/Elevation prompts, or turn them off, read what is trying to run, and Google if you don't recognize the application.

Thats all for now. My apologies in advance if this came off a bit patronizing, that was not my intention. In my line of work I do get these types of questions often, so this piece is a bit practiced.

v/r
BOfH
__________________
"Crime is an extension of business through illegal means, politics is an extension of crime through *legal* means."
BOfH is offline   Reply With Quote
Old 03-05-2012, 23:36   #8
CloseDanger
Guerrilla
 
Join Date: Dec 2008
Location: Sanford, NC
Posts: 160
What he said. But I have had great success with Spybot S&D
CloseDanger is offline   Reply With Quote
Old 03-06-2012, 05:21   #9
badshot
Guerrilla Chief
 
badshot's Avatar
 
Join Date: Apr 2010
Location: Southern Arizona
Posts: 590
Quote:
Originally Posted by kgoerz View Post
Yes have Norton. It's not every time. Just one of those annoying things that happen. They ask permission to do it. But it's often in the super fine print no one reads. Wondering if there was an easy fix. I hate the way consumers do crap like this.

Contrary to what some techs say, Google Chrome appears to cause less issues than IE or Firefox. The interface takes a little getting used to but in many environments its faster in most aspects. (ie. You can say yes more in less time!)

I can safely say before all the posts to the contrary, they build their stuff fundamentally better (ie. what you don't see), and have a better understanding of how things get from a to b over the wire. It also hasn't been reverse engineered as much as either of the other two. Meaning fewer less experienced losers can mess with it.
__________________
Δεν είμαι άξιος του σταυρού του Ιησού οπή, Andreas
Denial and inactivity prepare people well for roles of victim and corpse

Last edited by badshot; 03-06-2012 at 05:22. Reason: removed 't from can't
badshot is offline   Reply With Quote
Old 03-06-2012, 05:56   #10
JJ_BPK
Quiet Professional
 
JJ_BPK's Avatar
 
Join Date: Apr 2008
Location: 18 yrs upstate NY, 30 yrs South Florida, 20 yrs Conch Republic, now chasing G-Kids in NOVA & UK
Posts: 11,901
I have had several hi-jacks, along with in-laws & out-laws.

The common thread is not that they bypass your security,, but rather they ask you for permission to by-pass security by implying they want to install or show you something.

After they get in they are a bear to dump,, WITH ONE EXCEPTION...

I have our systems set to do a "System Restore" check point every day when the system is started.

Sooo,, As soon as I see a hi-jack. I restart the system in Safe Mode and restore the system to the last good check-point. Then run a complete system security scan.

To date this has been the easiest way to clean them out, although it may take a couple hours because of the deep scan...

My cuz had one last week, it was different. It hid all their data files & pictures using a DOS mode ATTRIBUTE command (Attrib *.jpg /s +h +s +r) . It looked like the system had been erased and they would need to start from scratch.

I got suspicious because only their data and JPG files were missing. No system libraries were touched.

Took a couple of hour, had to use a restore point that was three days old(not sure why).

BUT after I had the restore complete, I had to manually use WIN folder attributes to change the attributes back..

Luckily they had mucho pina-coladas, otherwise they would have been SOL...
__________________
Go raibh tú leathuair ar Neamh sula mbeadh a fhios ag an diabhal go bhfuil tú marbh

"May you be a half hour in heaven before the devil knows you’re dead"
JJ_BPK is offline   Reply With Quote
Old 03-06-2012, 13:01   #11
badshot
Guerrilla Chief
 
badshot's Avatar
 
Join Date: Apr 2010
Location: Southern Arizona
Posts: 590
Quote:
Originally Posted by JJ_BPK View Post
I have our systems set to do a "System Restore" check point every day when the system is started.
That's a smart point.

Thing is, many of those issues (malware, etc) purposely stay hidden for varied periods. Meaning: stay dormant. So the Check Point may save them while they are dormant, Restore may restore them, as you have discovered.

My father in-law used to be so bad at saying yes that I set his user ID to have little or no privileges and I was the only admin. He'd still be able to catch all sorts of things (wasn't supposed to) on Windows XP. The solution was he started from scratch every three months, user ID and all. A poor solution for most.

Personally I'll say no to everything (cat and being curious comes to mind). Even saying yes to sites like Trend Micro can end badly down the road. Did it twice, and paid for it bty.

Thing is in the past I've caught stuff and spent many hours fixing some of them (or starting from scratch) but its like crashing a good car, most are never exactly the same after an event and it usually hurts in more ways than one.
__________________
Δεν είμαι άξιος του σταυρού του Ιησού οπή, Andreas
Denial and inactivity prepare people well for roles of victim and corpse
badshot is offline   Reply With Quote
Old 03-07-2012, 00:40   #12
kgoerz
Quiet Professional
 
kgoerz's Avatar
 
Join Date: Sep 2005
Location: NC for now
Posts: 2,418
I learned a long time ago about backing up. When my last lap top died. I didn't lose one piece of data. Had the hard drive ghosted. So setting up the new lap top like I wanted. Took a few clicks and just the wait.
Ill take a look into my settings. It's just annoying as crap. What do they think. I'm just going to start using there web page as my new home page because it popped up one time.
But if it means keeping the internet free of government laws and interference. Ill put up with the petty stuff.
__________________
Sounds like a s#*t sandwhich, but I'll fight anyone, I'm in.
kgoerz is offline   Reply With Quote
Old 03-07-2012, 04:19   #13
fasteddie565
Quiet Professional
 
fasteddie565's Avatar
 
Join Date: May 2010
Location: Atlantas
Posts: 138
If you are installing legitimate software, there is probably a switch somewhere in the install process that says change my homepage as www.XXXX.com. Sometimes it is in the user agreement that none of us read. They are very sneaky strategically placing these radio buttons so no one notices them until you open your browser. If nothing else, it gives them a legitimate visit to the page and adds to their google headcount.
fasteddie565 is offline   Reply With Quote
Old 03-07-2012, 10:21   #14
BOfH
Guerrilla Chief
 
Join Date: Jun 2011
Location: NYC Area
Posts: 828
Quote:
Originally Posted by badshot View Post
That's a smart point.

Thing is, many of those issues (malware, etc) purposely stay hidden for varied periods. Meaning: stay dormant. So the Check Point may save them while they are dormant, Restore may restore them, as you have discovered.

My father in-law used to be so bad at saying yes that I set his user ID to have little or no privileges and I was the only admin. He'd still be able to catch all sorts of things (wasn't supposed to) on Windows XP. The solution was he started from scratch every three months, user ID and all. A poor solution for most.

Personally I'll say no to everything (cat and being curious comes to mind). Even saying yes to sites like Trend Micro can end badly down the road. Did it twice, and paid for it bty.

Thing is in the past I've caught stuff and spent many hours fixing some of them (or starting from scratch) but its like crashing a good car, most are never exactly the same after an event and it usually hurts in more ways than one.
System Restore is a great feature, case in point It's enterprise comparison would be the Shadow Copy feature, which has saved me more than once from restoring from tape.

Bear in mind that some malicious software, especially rootkits(like TDSS/TDL 3/4) hook the Master Boot Record(MBR) and a simple restore in time will not make them go away. Actually, to correct my previous advice, a format will not make them go away either. The MBR needs to be overwritten, DBAN[1] is good for that (as well as sanitizing that drive before you "hand me down" your laptop, and your *deleted* porn stash is accidentally undeleted )

Quote:
Originally Posted by kgoerz View Post
I learned a long time ago about backing up. When my last lap top died. I didn't lose one piece of data. Had the hard drive ghosted. So setting up the new lap top like I wanted. Took a few clicks and just the wait.
Ill take a look into my settings. It's just annoying as crap. What do they think. I'm just going to start using there web page as my new home page because it popped up one time.
But if it means keeping the internet free of government laws and interference. Ill put up with the petty stuff.
Nothing beats a good backup. I finally bit the bullet and went with a cloud backup solution, utilizing Amazon's S3[2] storage service and a client from Cloudberry software[3]. The thing that sold me on the client was support for client side encryption and compression, meaning that even if my Amazon account is compromised, the data is still secure; most online backup services utilize Amazon's SSE(Server Side Encryption) which means that the key is stored with Amazon and the backup provider, if they are compromised, so is your data. And at about $1/month for the 20GB(compressed) or so I back up, you can't beat it. Last but not least, pictures for insurance and scans of important documents are offsite, so in the event of a local disaster, I still have those for claims purposes.


[1]http://www.dban.org/
[2]http://aws.amazon.com/s3/
[3]http://www.cloudberrylab.com/amazon-s3-microsoft-azure-google-storage-online-backup.aspx
__________________
"Crime is an extension of business through illegal means, politics is an extension of crime through *legal* means."
BOfH is offline   Reply With Quote
Old 03-07-2012, 19:12   #15
badshot
Guerrilla Chief
 
badshot's Avatar
 
Join Date: Apr 2010
Location: Southern Arizona
Posts: 590
Quote:
Originally Posted by BOfH View Post
hook the Master Boot Record(MBR) and a simple restore in time will not make them go away
Absolutely, as well as many other hooks. A simple change of the jmp (for bios/asm geeks) instruction during the initialization could ruin your day.

If your Anti-Virus offers boot scans, use them.

Also make sure your browser's Plugin's (like Yahoo) are updated or disabled, some buttheads are exploiting outdated ones very recently. kgoerz your box comes to mind on this note.
__________________
Δεν είμαι άξιος του σταυρού του Ιησού οπή, Andreas
Denial and inactivity prepare people well for roles of victim and corpse
badshot is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump



All times are GMT -6. The time now is 07:39.



Copyright 2004-2022 by Professional Soldiers ®
Site Designed, Maintained, & Hosted by Hilliker Technologies