[kidd]

I had my computer hijacked also.

HiJack This! saved my butt.

Please see
http://tomcoyote.com/hjt/

They have a forum there staffed with experts.
Post your HiJack This! output (they tell you how to do it) - and you might have to go back and forth about 3-4 times. Its important (apparently) that you take certain actions after running anti-spyware programs.

But they will tell you exactly what to do to fix your computer. If you have something new, they will know it. Good Luck.

[FourtySeven]

I'd recommend what others have: System Restore to an earlier point.

[Malsua]

I suspect you have the peper trojan.

http://www.kephyr.com/spywarescanner/library/pepertrojan/index.phtml

or some varient. You can only kill it in safe made.

The instructions above aren't complete enough.

I've found recent investations that require you to remove the associated BHO using Hijack this, as well as removing the run entries either by editing the registry or using msconfig.

Then go into C:\windows\system32 (or whatever your system root is) and sort the files by date. Chances are you will find 6-8 files all recent dates with the hidden and system bits set.(which means you have to turn on show hidden files and folders in windows explorer options). These files will be randomly named and nonsensical.

So to recap, if you have this one.

1. Start in safe mode.
2. Make sure show hidden files and folders are ticked in folder options in the windows explorer (not to be confused with internet explorer)
3. Run Hijack this and delete all BHO's listed of unknown origin. Or just delete them all, you can always install stuff back.
4. Use msconfig or regedit to delete the run entries for anything oddball.

If you have peper or a varient, and you miss a step, it's right back again next time you reboot normally.

I've been seeing peper ALOT lately and this from people who don't surf anywhere odd. It comes in on a malicious script on a popup as far as I can tell. Once in, it drags in others. cydoor, gator, keenvalue, wintoolsA etc and worse.

-Mal

[reagandemo]

You might want to go to www.lavasoft.com and download their Ad-aware 6 program. This is great for deleting bots.

[SengirV]

Get a Mac - problem solved

[Glenn]

I hate it for you.

There really ought to be a law, I guess.

[b4its2late]

You've got FReepmail....

[etcetera]

If the homepage of IE was changed, go into Control Panel/Internet Options and change the default home page to blank.

[RJL]

This, since my browser was hijacked to a different home page (msn.com).

I ran into a problem using Lavasoft’s Ad-aware, it hijacked my browser to MSN.com. It took me a long time to figure out what was happening. Lavasoft says coming versions of Ad-aware won’t do this.

If your home page is set to “about blank“ you might run into the same problem I had.

It seems that some hacker is using “about blank” as a way to get around spyware removal programs. So when you run Lavasoft’s Ad-aware it shows a “possible browser hijack” when you have set your home page as “about blank”. If you allow Ad-aware to fix this, it resets your browser to the Windows default of MSN.com.

If this is the problem you are having, instead of allowing Ad-aware to fix the problem, select the “possible browser hijack” and mark it to be ignored.

If you are worried that your system is infected, first run Ad-aware with your home page set to MSN.com, if it runs clean, then change your home page to “about blank” and run Ad-aware again, then mark the “possible browser hijack” to ignore.

[Old Professer]

Bump to save.

[wildearp]

System Restore to an earlier time. I had a bad redirect virus and that was the only cure. I honestly don't know why I even pay for Norton. It seems useless.

[Thud]

Get Spyware Blaster from here:

http://www.javacoolsoftware.com/spywareblaster.html

It addresses misuse of ActiveX-based spyware and hijacking programs.

[Pontiac]

Bump

[isom35]

ping for later

[sneakers]

Bump for valuable information!

[TankerKC]

I see I'm not the only one having these types of problems. There have been several similar threads of late. Why are companies allowed to put this crap on our computers? It really is theft of processing time and power.

Of course, the market will fix this. Actually, it already has to a degree. There is big money now in combating these hijacking programs. But these leaches will continue to build this kind of malicious software. It is time to create and enforce laws to prevent these companies from doing this. Some of them are “in your face” about it. I had a problem with Ebates.com momoneymaker and got no satisfaction from the company. I finally was able to remove their malware, but it has reappeared twice. Incidentally, Dell, Priceline, and the GAP all advertise on the Ebates.com website. I sent them letters informing them that I would not use their products/services as long as they associated with criminals. I got no responses.

[ShadowAce]

Spyware? What's that? Never get it. Never will.

[Xenalyte]

When you search for something on MSN.com, does the first result page give you a bunch of shopping links?

If so, I fixed it by dumping my data onto a folder on a separate hard drive (auxiliary borrowed from Xena's Guy's PC), then running all antivirus and antispy programs on the folder. Then I Formatted C on my PC's drive, reinstalled XP clean, and moved my verified-clean folder back to my now-clean drive.

[Bloody Sam Roberts]

There is much good advice here so far so I won't add to the noise be simply repeating what's been said so far. You have some cleaning to do. Once done, do set up some sort of shielding for your PC.

SpyWareBlaster and The Proxomitron is an unbeatable combo.

Whether you are savvy or not, you should be using The Proxomitron. It will work out of the box and protect against such things as popups and homepage hijackers. Run the install program, put a shortcut to it in your startup folder, and then set it as an http proxy on port 8080. To do this for IE go to tools, internet options, connections. Then click settings if you have a dialup connection or click lan settings if you have cable. Either way, the rest is the same. Check the box that says use a proxy server and then click advanced. Under proxy address by HTTP, type in "localhost". Under port, type in 8080. OK your way out and surf free of popups, ads, and other obnoxious stuff.

You will have an icon in your system tray. If you want to bypass the program and see the page as it would appear normally, right click the icon and select bypass all filters and refresh the page.

Another thing. If you maintain the browser proxy settings as mentioned above and the Proxomitron is not running, you will not be able to connect to the internet. You will either have to reverse the proxy settings in the browser settings or start the Proxomitron.

Finally, this program is a stand-alone meaning it adds nothing to the registry or do such things as install dll's in the windows directory. This means if you don't like it all you have to do is not use it and if you want to uninstall it, just delete its program folder.

It's available here:
http://www.proxomitron.info/files/index.shtml

"Filthy, nasty spywareses... trying to ruin the Precious. We won't lets that happen, no. We'll shows them good!"

[Mannaggia l'America]

Just to add yet another thing to try:

Autostart Viewer

There are numerous ways that malicious programs can embed commands to have them start automatically. This lists them and sometimes helps.

I just recently helped my daughter's teacher clean off her computer, which her son was using to download music files. Between Adaware and Spybot S&D, it found almost 600 files/registry entries to delete - I've never seen a system so dirty.

Even after Adaware and Spybot cleaned them, there was still something executing at boot time that was automatically generating a .exe file and inserting it into the "Run" folder in the registry, which automatically runs (usually legitimate) programs at boot time. I had a heck of a time getting rid of that.

One other thing to be sure you are doing is updating Adaware and Spybot S&D before scanning. The downloads are usually out of date, so click the "Check for updates" button to be sure you have the latest spyware signatures before scanning.