Hijacked Domains!

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • JohnSkliros
    New Member
    • Sep 2007
    • 5
    #1

    Hijacked Domains!

    Hello Everyone. I'm new to this forum (and to forums in general) so please be kind to me - I have a lot to learn.

    My immediate problem is that some of my domains appear to have been "hijacked". More specifically, when I type in the address (www.dendroco.c om is an example), I get a page offering vitamins and other junk. I am sure that this is due to some trickery having been introduced to my PC because friends don't get the same result.

    The domains in question don't have active web sites but they have been set up on 'Google Apps for Domains' (maybe a clue there). I did some sleuthing and the Firefox error console logs this:

    Warning: Expected declaration but found '100%'. Skipped to next declaration.
    Source File: http://www.dendroco.co m/css/w01/t101.css?def=Ak amai%3aHostingU RL%3dhttp%3a%2f %2fi.nuseek.com %7cBdyStyl%3aPa geBackgroundCol or%
    (plus several dozen characters related to the link which I haven't pasted)

    Any ideas or suggestions anyone? I would be most grateful ....
    Tags: None
    • pbmods
      Recognized Expert Expert
      • Apr 2007
      • 5821
      #2
      Heya, John.

      You might have a spyware problem. LavaSoft's free Ad-Aware does a fantastic job of removing spyware.

        Comment

        • JohnSkliros
          New Member
          • Sep 2007
          • 5
          #3
          Ah, yes. Forgive me: I neglected to mention that I have run numerous spyware / virus / trojan, etc., detection and removal programs, including Ad-Aware 2007, Spybot S&D, AVG anti-spyware, AVG rootkit, SpywareBlaster and Ad-Watch but to no avail.

            Comment

            • oddjob
              New Member
              • Aug 2007
              • 7
              #4
              I see you have already used several respected infection cleaners but, if you haven't run these already, then do so now .....

              Superantispywar e > http://www.superantispyware.com/

              TrojanHunter > http://www.misec.net/

              Download each, update them to the latest definitions, and have them run full scans on your entire systems on their default settings.

              Let them fix whatever they find.


              ComboFix >
              http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe


              Double click combofix.exe & follow the prompts.

              Note >> Do not mouseclick combofix's window while it's running. That may cause it to stall.

              When finished, it will produce a log for you. The report is called ComboFix.txt. Remember where that report is saved on your computer.

              Post that log in your next reply along with a HijackThis log AND an update on how the computer is operating now.


              OJ

                Comment

                • Nepomuk
                  Recognized Expert Specialist
                  • Aug 2007
                  • 3111
                  #5
                  Originally posted by JohnSkliros
                  Hello Everyone. I'm new to this forum (and to forums in general) so please be kind to me - I have a lot to learn.

                  My immediate problem is that some of my domains appear to have been "hijacked". More specifically, when I type in the address (www.dendroco.c om is an example), I get a page offering vitamins and other junk. I am sure that this is due to some trickery having been introduced to my PC because friends don't get the same result.

                  The domains in question don't have active web sites but they have been set up on 'Google Apps for Domains' (maybe a clue there). I did some sleuthing and the Firefox error console logs this:

                  Warning: Expected declaration but found '100%'. Skipped to next declaration.
                  Source File: http://www.dendroco.co m/css/w01/t101.css?def=Ak amai%3aHostingU RL%3dhttp%3a%2f %2fi.nuseek.com %7cBdyStyl%3aPa geBackgroundCol or%
                  (plus several dozen characters related to the link which I haven't pasted)

                  Any ideas or suggestions anyone? I would be most grateful ....
                  Have you checked that site with several Browsers or just with Firefox? (If not: do so!) Are you using a Proxy? (Check that, just to make sure.) Is that Proxy, if you're using one, trustworthy? (Private proxy or public proxy - if public, which one?) Is the site displayed correctly, when using this link? Do other computers use the same Internet line and if so, do they get the same page displayed?

                  Greetings,
                  Nepomuk

                    Comment

                    Previous template Next
                    Working...