Avatar
Please consider registering
guest
sp_LogInOut Log Insp_Registration Register
Register | Lost password?
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
sp_Feed Topic RSSsp_topic_old
Constant redirects
Avatar
carbonterry2
Member
Members
May 5, 2011 - 12:51 am
Member Since: February 17, 2010
Forum Posts: 356
sp_UserOfflineSmall Offline

My friend is running XP SP3, FF 3.6.xx
We've run Mals, AVG, MSE etc.
When doing a search he clicks on a link he is redirected to a page titled "Jump" instead of what he had selected.
What am I missing?

Avatar
Jim Hillier
Admin
May 5, 2011 - 4:24 am
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

Hey CT - IMO this is definitely malware, most likely a persistent rogue cookie. I would suggest to keep trying with different scanners; try [url=http://www.superantispyware.com/:1ma0ox6v]SUPERAntiSpyware[/url:1ma0ox6v] and [url=http://www.microsoft.com/security/scanner/en-us/default.aspx:1ma0ox6v]Microsoft Safety Scanner[/url:1ma0ox6v].

What browser is being used by default?

Once we get that information we may be able to suggest using settings to ban cookies from certain sites.

Cheers....Jim

Avatar
carbonterry2
Member
Members
May 5, 2011 - 11:15 am
Member Since: February 17, 2010
Forum Posts: 356
sp_UserOfflineSmall Offline

Firefox 3.6.?? is the default browser.

Avatar
Jim Hillier
Admin
May 5, 2011 - 11:48 am
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

Okay CT - The difficult aspect of this is trying to identify which cookie(s) are to blame.

Open Firefox and go to [b:2undf4ak]Tools>Options[/b:2undf4ak] and then open the [b:2undf4ak]Privacy [/b:2undf4ak]tab.

Now you will see options for handling cookies. Click on the [b:2undf4ak]Show Cookies[/b:2undf4ak] button and review what is listed there.

There are a couple of things you can try:

Delete all cookies and then disable the options to [b:2undf4ak]Accept cookies from sites [/b:2undf4ak]and [b:2undf4ak]Accept third-party cookies[/b:2undf4ak]. See if that stops the 'jumping'. There will be side affects with those options disabled, not serious ones; log-on to 'member' sites will not be persistent so the user will need to log-on each visit. Other user-specific settings will be lost. But it should also let you know if a cookie (or cookies) are responsible.

*You can use the 'exceptions' feature to "allow" known safe cookies, and particularly those which are related to sites which require log-on (while still blocking all others).

Or, if you can identify the rogue cookie(s) you could leave those options enabled and just "Block" the rogue cookie(s) via the 'exceptions' feature.
[click on the[b:2undf4ak] Exceptions [/b:2undf4ak]button to access that feature]

Did you find anything with the other scanners?

Cheers....Jim

Avatar
carbonterry2
Member
Members
May 5, 2011 - 11:54 am
Member Since: February 17, 2010
Forum Posts: 356
sp_UserOfflineSmall Offline

Thanks Jim,
Using Mal's we found 3 trojans and deleted them.
I will try the cookie method later today.
Thanks for your time & expertise.

Avatar
Jim Hillier
Admin
May 5, 2011 - 11:59 am
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

You are most welcome CT.

Let us know how you get on please.

Avatar
carbonterry2
Member
Members
May 5, 2011 - 11:43 pm
Member Since: February 17, 2010
Forum Posts: 356
sp_UserOfflineSmall Offline

Tonight I ran Super Anti Spyware after deleting cookies thru the Tools/Options menu.
The computer had a bit under 2,000 warnings !!!!
I deleted those and all seems to be working OK now.
Thanks for the help.

TRW/CT

Avatar
Jim Hillier
Admin
May 6, 2011 - 5:49 am
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

SUPERAntiSpyware Does It Again!!!!!!

Great to hear all is now well CT. Thanks for letting us know.

Avatar
Flying Dutchman
Member
Members
May 6, 2011 - 4:53 pm
Member Since: September 2, 2010
Forum Posts: 278
sp_UserOfflineSmall Offline

Glad to hear you managed to solve the issues, carbonterry2.
Since your friend uses Firefox, he could install a cookie managing addon, that'll allow him to easily manage cookies from the status bar without having to go through Tools>Options>Privacy.

People often argue that Malwarbytes' is superior to SUPERAntiSpyware, but from my experience, the best practice is to keep them both as they seem to nicely complement eachother.

Jim, have you tried out Microsoft Safety Scanner? Opinion?

I am human

Avatar
Jim Hillier
Admin
May 6, 2011 - 5:38 pm
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

[quote:evn8glzp]People often argue that Malwarbytes' is superior to SUPERAntiSpyware, but from my experience, the best practice is to keep them both as they seem to nicely complement eachother.
[/quote:evn8glzp]Agree 100% FD. There is nothing to pick between them, both are excellent. SAS will often flag more items after MBAM has cleaned and MBAM will often flag more items after SAS has cleaned, so to argue over which is best is pretty silly. As with all such security products conventional wisdom applies; no single program is going to identify 100% all malware.......but these two come closer than most.

[quote:evn8glzp]have you tried out Microsoft Safety Scanner?[/quote:evn8glzp]
No, I haven't FD. Haven't actually been presented with an infected machine for some time......my 'clients' must be getting the message...finally!!! LOL

MS Safety Scanner does not operate in quite the same manner as the other two. Before using either SAS or MBAM all one need do is update the definition database (unless, of course, there has been a major program update in the meantime). However, MS Safety scanner expires every 10 days, after which time the user needs to download the full program all over again. The download is 70+ MB, so MS Safety Scanner is definitely a ....download on-demand only proposition.

Cheers.....Jim

Avatar
Flying Dutchman
Member
Members
May 6, 2011 - 6:17 pm
Member Since: September 2, 2010
Forum Posts: 278
sp_UserOfflineSmall Offline

Hi Jim,
[quote:3rzc5b9x]but these two come closer than most[/quote:3rzc5b9x]
I also have Hitman Pro (the quick scan is unbelievably ... quick ) due to the variety of scan engines it uses.

MS Safety Scanner sounds a lot like in the lines of Dr.Web CureIt! I always wondered about this type of scanners, does the scan engine update that often that you need to redownload the whole thing every time?

I think Malwarebytes', SUPERAntiSpyware and Hitman Pro are arsenal enough.
Of course, as Dave once said:
[quote:3rzc5b9x]The number 1 security tool you have available at any cost? The one between your ears![/quote:3rzc5b9x]

I am human

Avatar
Jim Hillier
Admin
May 6, 2011 - 7:36 pm
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

[quote:37p8lzbm]Of course, as Dave once said:

The number 1 security tool you have available at any cost? The one between your ears![/quote:37p8lzbm] Yes, Dave tends to use all my best material!!

[quote:37p8lzbm]I also have Hitman Pro[/quote:37p8lzbm]
But it is not free, at least not for removal....is it?

[quote:37p8lzbm]I always wondered about this type of scanners, does the scan engine update that often that you need to redownload the whole thing every time[/quote:37p8lzbm]
I believe it has something to do with portable versus installed (both Dr. Web & MS Safety Scanner are portable). Although, why the portable apps could not include a button link to manually download updates is beyond me.

Avatar
Flying Dutchman
Member
Members
May 6, 2011 - 7:49 pm
Member Since: September 2, 2010
Forum Posts: 278
sp_UserOfflineSmall Offline

[quote:3rue17fs]Yes, Dave tends to use all my best material!! [/quote:3rue17fs]
Copyright dispute?

[quote:3rue17fs][quote:3rue17fs]I also have Hitman Pro[/quote:3rue17fs]
But it is not free, at least not for removal....is it?[/quote:3rue17fs]
No, removal is not free. I regard it as a reliable "scanner", though it never came up with anything. If it would, I'd use another app for removal, preferably the one using the engine that caught the baddy in the first place.

[quote:3rue17fs]I believe it has something to do with portable versus installed.[/quote:3rue17fs]
You're probably right here, now that I think about it, even SUPERAntiSpyware portable needs to be downloaded each and every time. But, since I'm not a programer, can't say if and how difficult it would be to just update the defs.

I am human

Avatar
Jim Hillier
Admin
May 6, 2011 - 8:12 pm
Member Since: August 9, 2011
Forum Posts: 2709
sp_UserOfflineSmall Offline

[quote:18shybzp]since I'm not a programer, can't say if and how difficult it would be to just update the defs[/quote:18shybzp]
Me too, but I use Sumatra portable for simple PDF reading and whenever that starts it offers me updates (if/when there is one available). So I can only assume it would be feasible and not too difficult.

Avatar
Chad Johnson
Mod
Members
May 6, 2011 - 10:08 pm
Member Since: August 11, 2011
Forum Posts: 867
sp_UserOfflineSmall Offline

[quote="ozbloke":23o4yfss]
Me too, but I use Sumatra portable for simple PDF reading and whenever that starts it offers me updates (if/when there is one available). So I can only assume it would be feasible and not too difficult. [/quote:23o4yfss]

I'm not really a programmer, but I would imagine that the updates Sumatra is offering are just downloading replacement a replacement file as well. When you have an all in one portable file, it's very very difficult to update specific portions of it without simply replacing it.

Forum Timezone: America/Indiana/Indianapolis
Most Users Ever Online: 2303
Currently Online:
Guest(s) 98
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Chad Johnson: 867
Mindblower: 681
carbonterry2: 356
Flying Dutchman: 278
grr: 211
Member Stats:
Guest Posters: 11
Members: 3231
Moderators: 7
Admins: 3
Forum Stats:
Groups: 8
Forums: 20
Topics: 1956
Posts: 13572
Newest Members:
Toastmaster, smartwindows, instaproapk, mousetesteronline, keshamatt
Moderators: Carol Bratt: 67, dandl: 740, Jason Shuffield: 1, Jim Canfield: 8, Terry Hollett: 0, Stuart Berg: 0, John Durso: 0
Administrators: Jim Hillier: 2709, Richard Pedersen: 212, David Hartsock: 1117
Scroll to Top

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!