My friend is running XP SP3, FF 3.6.xx
We've run Mals, AVG, MSE etc.
When doing a search he clicks on a link he is redirected to a page titled "Jump" instead of what he had selected.
What am I missing?
Hey CT - IMO this is definitely malware, most likely a persistent rogue cookie. I would suggest to keep trying with different scanners; try [url=http://www.superantispyware.com/:1ma0ox6v]SUPERAntiSpyware[/url:1ma0ox6v] and [url=http://www.microsoft.com/security/scanner/en-us/default.aspx:1ma0ox6v]Microsoft Safety Scanner[/url:1ma0ox6v].
What browser is being used by default?
Once we get that information we may be able to suggest using settings to ban cookies from certain sites.
Cheers....Jim
Firefox 3.6.?? is the default browser.
Okay CT - The difficult aspect of this is trying to identify which cookie(s) are to blame.
Open Firefox and go to [b:2undf4ak]Tools>Options[/b:2undf4ak] and then open the [b:2undf4ak]Privacy [/b:2undf4ak]tab.
Now you will see options for handling cookies. Click on the [b:2undf4ak]Show Cookies[/b:2undf4ak] button and review what is listed there.
There are a couple of things you can try:
Delete all cookies and then disable the options to [b:2undf4ak]Accept cookies from sites [/b:2undf4ak]and [b:2undf4ak]Accept third-party cookies[/b:2undf4ak]. See if that stops the 'jumping'. There will be side affects with those options disabled, not serious ones; log-on to 'member' sites will not be persistent so the user will need to log-on each visit. Other user-specific settings will be lost. But it should also let you know if a cookie (or cookies) are responsible.
*You can use the 'exceptions' feature to "allow" known safe cookies, and particularly those which are related to sites which require log-on (while still blocking all others).
Or, if you can identify the rogue cookie(s) you could leave those options enabled and just "Block" the rogue cookie(s) via the 'exceptions' feature.
[click on the[b:2undf4ak] Exceptions [/b:2undf4ak]button to access that feature]
Did you find anything with the other scanners?
Cheers....Jim
Thanks Jim,
Using Mal's we found 3 trojans and deleted them.
I will try the cookie method later today.
Thanks for your time & expertise.
You are most welcome CT.
Let us know how you get on please.
Tonight I ran Super Anti Spyware after deleting cookies thru the Tools/Options menu.
The computer had a bit under 2,000 warnings !!!!
I deleted those and all seems to be working OK now.
Thanks for the help.
TRW/CT
SUPERAntiSpyware Does It Again!!!!!!
Great to hear all is now well CT. Thanks for letting us know.
Glad to hear you managed to solve the issues, carbonterry2.
Since your friend uses Firefox, he could install a cookie managing addon, that'll allow him to easily manage cookies from the status bar without having to go through Tools>Options>Privacy.
People often argue that Malwarbytes' is superior to SUPERAntiSpyware, but from my experience, the best practice is to keep them both as they seem to nicely complement eachother.
Jim, have you tried out Microsoft Safety Scanner? Opinion?
I am human
[quote:evn8glzp]People often argue that Malwarbytes' is superior to SUPERAntiSpyware, but from my experience, the best practice is to keep them both as they seem to nicely complement eachother.
[/quote:evn8glzp]Agree 100% FD. There is nothing to pick between them, both are excellent. SAS will often flag more items after MBAM has cleaned and MBAM will often flag more items after SAS has cleaned, so to argue over which is best is pretty silly. As with all such security products conventional wisdom applies; no single program is going to identify 100% all malware.......but these two come closer than most.
[quote:evn8glzp]have you tried out Microsoft Safety Scanner?[/quote:evn8glzp]
No, I haven't FD. Haven't actually been presented with an infected machine for some time......my 'clients' must be getting the message...finally!!! LOL
MS Safety Scanner does not operate in quite the same manner as the other two. Before using either SAS or MBAM all one need do is update the definition database (unless, of course, there has been a major program update in the meantime). However, MS Safety scanner expires every 10 days, after which time the user needs to download the full program all over again. The download is 70+ MB, so MS Safety Scanner is definitely a ....download on-demand only proposition.
Cheers.....Jim
Hi Jim,
[quote:3rzc5b9x]but these two come closer than most[/quote:3rzc5b9x]
I also have Hitman Pro (the quick scan is unbelievably ... quick ) due to the variety of scan engines it uses.
MS Safety Scanner sounds a lot like in the lines of Dr.Web CureIt! I always wondered about this type of scanners, does the scan engine update that often that you need to redownload the whole thing every time?
I think Malwarebytes', SUPERAntiSpyware and Hitman Pro are arsenal enough.
Of course, as Dave once said:
[quote:3rzc5b9x]The number 1 security tool you have available at any cost? The one between your ears![/quote:3rzc5b9x]
I am human
[quote:37p8lzbm]Of course, as Dave once said:
The number 1 security tool you have available at any cost? The one between your ears![/quote:37p8lzbm] Yes, Dave tends to use all my best material!!
[quote:37p8lzbm]I also have Hitman Pro[/quote:37p8lzbm]
But it is not free, at least not for removal....is it?
[quote:37p8lzbm]I always wondered about this type of scanners, does the scan engine update that often that you need to redownload the whole thing every time[/quote:37p8lzbm]
I believe it has something to do with portable versus installed (both Dr. Web & MS Safety Scanner are portable). Although, why the portable apps could not include a button link to manually download updates is beyond me.
[quote:3rue17fs]Yes, Dave tends to use all my best material!! [/quote:3rue17fs]
Copyright dispute?
[quote:3rue17fs][quote:3rue17fs]I also have Hitman Pro[/quote:3rue17fs]
But it is not free, at least not for removal....is it?[/quote:3rue17fs]
No, removal is not free. I regard it as a reliable "scanner", though it never came up with anything. If it would, I'd use another app for removal, preferably the one using the engine that caught the baddy in the first place.
[quote:3rue17fs]I believe it has something to do with portable versus installed.[/quote:3rue17fs]
You're probably right here, now that I think about it, even SUPERAntiSpyware portable needs to be downloaded each and every time. But, since I'm not a programer, can't say if and how difficult it would be to just update the defs.
I am human
[quote:18shybzp]since I'm not a programer, can't say if and how difficult it would be to just update the defs[/quote:18shybzp]
Me too, but I use Sumatra portable for simple PDF reading and whenever that starts it offers me updates (if/when there is one available). So I can only assume it would be feasible and not too difficult.
[quote="ozbloke":23o4yfss]
Me too, but I use Sumatra portable for simple PDF reading and whenever that starts it offers me updates (if/when there is one available). So I can only assume it would be feasible and not too difficult. [/quote:23o4yfss]
I'm not really a programmer, but I would imagine that the updates Sumatra is offering are just downloading replacement a replacement file as well. When you have an all in one portable file, it's very very difficult to update specific portions of it without simply replacing it.
1 Guest(s)
