Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: IE 8 hijack

13 Feb 2010   #1
DreemWarrior

Windows 7 ultimate X64
 
 
IE 8 hijack

OK boys and girls. It seems that I've been jacked. But not really a quality job in my book. I started noticing little quirks in IE 8 (x86) yesterday.Little flickers here and there. As well as the navigation bar having had switched the refresh/stop buttons to the opposite side, "IE" warnings(see screen shots), etc.
So being the super snoop I am, I just HAD to go digging. I'm almost certain I found the culprit, or at least the gen. location anyway.
If you'll notice:
Mysterious VCD in My Computer,(located under appdata), along with MONTHS of what would seem to me RAR files...

But the best part is the browser at what was SUPPOSED to be 'MS Store' (not) * see bottom of screen shot*

Mbam-clean
SAS-random tracking cookies
Avast-clean
Sad part is, I was in the process building a USB 'tool kit' today.
Do these things just SMELL a predator coming and attack or what? lol
Anyway, just wondering if anyone else has seen these symptoms?
Crazy stuff I tell ya...


My System SpecsSystem Spec
.
13 Feb 2010   #2
Kari

 

That Windows Marketplace website seems to be genuine although changed a bit. Here's what they tell:
Quote:
What is changing on Windows Marketplace?

Windows Marketplace has transitioned from an ecommerce site to a reference site. You will find links to sites such as Microsoft Store, Windows Vista® Compatibility Center, and other destinations with cool and compatible software, hardware and devices that support Microsoft® platforms.
I get the same misshaped MS-logo, but all the links go where they should go, and when you try to buy something from there it takes you to the real thing, an https MS-store.

MagicDISK is part of MagicISO application. When installed, it creates a virtual CD/DVD drive (default K) where you can mount disk images to be used and accessed as if they were CD's / DVD's. Your image shows MagicDISK installed and no disk images mounted to this virtual drive K.

I have no idea what that mysterious LOCA folder can be.

The IE error dialog is a known bug in IE: FIX: Using VB with Modal Form Fails in Internet Explorer

Kari


Attached Images
IE 8 hijack-winmarketplace.png 
My System SpecsSystem Spec
13 Feb 2010   #3
DreemWarrior

Windows 7 ultimate X64
 
 

Quote   Quote: Originally Posted by Kari View Post
That Windows Marketplace website seems to be genuine although changed a bit. Here's what they tell:
Quote:
What is changing on Windows Marketplace?

Windows Marketplace has transitioned from an ecommerce site to a reference site. You will find links to sites such as Microsoft Store, Windows Vista® Compatibility Center, and other destinations with cool and compatible software, hardware and devices that support Microsoft® platforms.
I get the same misshaped MS-logo, but all the links go where they should go, and when you try to buy something from there it takes you to the real thing, an https MS-store.

MagicDISK is part of MagicISO application. When installed, it creates a virtual CD/DVD drive (default K) where you can mount disk images to be used and accessed as if they were CD's / DVD's. Your image shows MagicDISK installed and no disk images mounted to this virtual drive K.

I have no idea what that mysterious LOCA folder can be.

The IE error dialog is a known bug in IE: FIX: Using VB with Modal Form Fails in Internet Explorer

Kari

Hi Kari,
well thats good to know about the MS site at least. And my first time seeing that error bug, so thanks for the heads up. Yeah, the K drive I knew was a VCD, just didnt know where it came from at the time, and I jumped the gun. Well sort of...Since posting this, I started looking deep in my system, and heres what I found:

I had downloaded Slysoft's 'AnyDVD as well as CloneDVD 2, which I ASSUMED was Slysoft as well. Far from the case. Made by Elaborate Bytes, it came packaged together with a program called CloneDrive,(along with a TON of tracking cookies) which has the exact icon as CloneDVD2. It associated itself every .ISO,BIN, Cue, ect and when I uninstalled the program, it deleted all original backup files and left copys with its own extension, which obviouusly are of no use. Thing is, already doing its thing when I found it.It had stopped Taskmgr cold. Luckily I have a little nasty file of my own on flash that killed it long enough to get SAS on it.
But, alls well that ends well.
Thanks
.
My System SpecsSystem Spec
.

Reply

 IE 8 hijack




Thread Tools




Similar help and support threads
Thread Forum
browser hijack.
i have this issues:mad::mad:. every time i click on the Google search result URL it go to the other website:mad:. i already try to use the Malwarebytes Anti-Malware, Rkill , and tdsskiller to scan and remove but it still there. this is the website it direct me to--> (click dot...
System Security
Browser Hijack
Each time we use Google/Bing Engine search, and click on site, we are redirected to other sites, and at the moment it's "bidvertiser....". I have spent the past week and hours on the phone with our antivirus technical support (Trend), and microsoft technical support, and all to no avail. ...
System Security
Hijack this log
Hi i Was Told to do a hijack this scan to see what was causing my ie pop up problem eventhough im using fire fox. judt wondering if any of you can tell me what needs deleting and fixing. Heres My Log Logfile of HijackThis v1.99.1 Scan saved at 16:32:47, on 29/11/2010 Platform:...
Browsers & Mail
Yaa! DLL Hijack Auditor: For Microsoft DLL hijack vulnerability
Not sure if anyone has posted on this tool (or similar tools) yet, but security Exploded makes incredible tools, especially Anti Rootkit tools and Root kit detection tools, so I was happy to learn about this: rmhsCBMIJnA
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:25.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App