Home page logo
/

basics logo Security Basics mailing list archives

Re: Need help on Spyware
From: Michael Cecil <macecil () comcast net>
Date: Fri, 26 Mar 2004 21:18:43 -0600

At 06:43 AM 3/26/2004, H Carvey said:
>In-Reply-To: <OF59F2B19F.120D964A-ON48256E62.00040DCF () dci net>
>
>
>>      I'd encountered some problems with my PC, the Internet Explorer
>>always get redirected to a page called http://merdeka.hebat.com when I try
>>to browse. I've tried to scan with Ad-aware and Spybot and nothing was
>>found, on top of that I've also do a full system scan with 3 antivirus
>>software and the out come also tell me that my system is clean from virus.
>>What I suspect here is somehow the spyware change my registry and redirect
>>me to the page. Can someone help me ??
>
>Have you checked Browser Helper Objects, or the Registry keys that you
>suspect where changed?  Have you done a search of the Registry for "merdeka"?

Browser Helper Objects don't always get detected by spyware scanners. Use something like HighjackThis or BHODaemon to scan and repair this sort of thing. Then increase the security settings of IE or switch to Mozilla.

http://tomcoyote.com/hjt/hijackthis.zip
http://www.definitivesolutions.com/files/BHODemon10Setup.exe
--
Michael Cecil
macecil () comcast net
http://home.comcast.net/~macecil/howto/
http://home.comcast.net/~antiviruscd/


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault