Try doing a search for a tool called CWSHREDDER
This might do the trick.
-----Original Message-----
From: Chris Barber [mailto:cmbarber@gmail.com]
Sent: Tuesday, January 03, 2006 3:01 PM
To: focus-virus@securityfocus.com
Subject: Hijacked Internet Explorer
I have a user on a home network that has an oddity I have not seen
before while using search engines. On the PC we have tried Yahoo,
Google, MSN, Lycos, not sure but we may have done a few other, but the
actions are all the same. We enter a search item, say ACE, and the
results come back of course ACE Hardware is in the list. When I mouse
over the link the URL displayed IE Status indicates the correct URL for
ACE Hardware. Now when I or he clicks on the link we go to some other
ads page, we click back and click the link a second time and get sent to
a second ad site. After clicking back a second time and then clicking
the link for the third time we get to the ACE Hardware site.
One note on this is that the URL we are directed to is not the same as
the link so I know it is not a DNS Hijack, but more of a redirect
This happens with any and every site we have looked for in the last week
or so. The "Anomaly" began shortly before Christmas.
The PC is currently running ZoneAlarm and no messages have indicated any
new software trying to gain access to the network. I have also run
AdAware SE, Spybot, and MS Anti-Spyware. Currently running on the PC is
Symantec AV with the latest updates, I have also run McAfee from a boot
Disk.
At this point I am thinking it may be some form of Browser Helper Object
or some registry hack, but I am out of ideas to further investigate,
clean and protect against this in the future.
Does anyone have any suggestions or ideas on what I could try next?
Thanks in advance for the help.
Chris.
