Hiya!
For a while, I've had something hijack internet explorer. I don't use IE a lot, but it happens. What happens is that it redirects it to a website on the server amaena.com, which makes a popup: "this is a security hole created by SERWAB virus, download this and that to be safe" or "you computer security is compromised etc." - whether I click OK or CANCEL it redirects me to a number of sites.
They are (note: dk. because they're danish versions of the scam - amaena.com also gives a /dk/ subfolder):
- dk.errorsafe.com
- dk.drivercleaner.com
- dk.winantivirus.com
- winantiviruspro.com
All are very professional looking sites that look as though selling some sort of security product - firewall, antivirus etc. I am not sure this is the same spyware as it advertises different things?? The workings seem the same.
I had PandaAntivirus for a while, and it frequently informed that it found "winfixer.exe" suspicious (I agree) and blocked it - but it happened repeatedly so it must have been able to work around it. I couldn't update Panda without paying so I ditched it - yeah I guess I'm a cheapskate. I don't know if this winfixer.exe is still my problem now.
So. I've always been pretty happy with Norton, and as my dad buys it every year, I grabbed his CD and installed that, but it didn't find anything suspicious. As the browser hijacks were getting exceedingly provoking, I contacted Norton, only to be asked to pay the $70 that others have mentioned, and had to insist that it was really out of my budget - and it is. I have backup CDs if all else fails but they are OLD and I will have to reinstall a lot. Norton Employee/phonemonkey tells me that certain spyware is able to disable security features in their antivirus so that Norton is unable to detect the infection, or so that Norton is disallowed to delete it because it's flagged as a system file. Question: why the... doesn't their online diagnosis scan check my Norton installation for security oopsies like that? He said it probably had keys in my Reg. base that would have to be removed - but of course didn't tell me what to look for, I know how to search and delete in there.
A friend recommended Avast! which to its credit has found a lot that Norton didn't dig up - but my problem persists.
I disabled scripts and active-X in internet explorer, blocked the sites, and set Firefox to be default browser, hoping that this would minimize the problem, but now I find that the spyware just finds your default browser - a.k.a. it now pops up on Firefox as well. Without the scripts disabled in IE, it can turn into a cascade of popup after popup, but luckily I've disabled automatic installing of stuff
Stuff installed: Avast! 4.7, ZoneLabs ZoneAlarm, Ad-Aware. All updated.
I'm concerned that my Warcraft account will be hacked - knowing several people on the server it has happened to now, and would of course be happy if I could use my computer for home banking, and just feel safe when I typed my credit card in somewhere
I'm sorry if this is very long, I guess I'm the talkative sort of person!
