• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Highjacked Proxy Server?

RSLancastr

www.StopSylvia.com
RSLancastr
Joined
Sep 7, 2001
Messages
17,135
Location
Salem, Oregon
Here at work today, web access has been pretty spotty, due to a problem they seem to be having with a proxy server.

Somehow it has been compromised, and when a web page is requested, your browser is pointed to a site which sells viagra.

The site address at the top of the browser still reads whatever you were looking for (www.pepsi.com, etc), but it always loads the med site page.

The tech support people are working on it, but I had never heard of this level of spybot-type behavior before.

Could be worse - could be some porn site it redirects you to.
 
Is it similar to a browser hijacker?

I have CnsMin on my system and it refuses to die.

Manual or automated removal by just about every spyware tool (that claim to remove it) just fails.

I have learnt to live with it, but you have prompted me to have another go.
 
Proxy Hijack

Yeah, can be done. Not hard, if proxy server had default admin still enables. God I hate computer people...I was one.

A proxy server saves regularly hit sites in a file for quick connection. Much like the lmhost file on your individual computers can hold this information.

If your folks could not fix this in 10 minutes, FIRE THEM. Not sure what u are using as proxy server or amount of users u have on work network so can't give specifics.

Just for kicks, do a search on your computer for lnhost file. Open it, if it is blank then your computer is safe. They may have cranked your proxy, have them check that on proxy. If there is anything in it, delete it all and save as empty file. This will take care of problem on your computer.

P.S. This is a fun scam to do to a friends computer that you have access to. First, ping a site you find funny and not offensive to the trickee. Then ping the address of a site they normally go to. In the lmhost file, put the ip address of the site they like to go to first. Then put in a space and then the ip address of the bogus site and save. Every time they try to go to their favorite site, they will be directed to your installed bogus site. The browser address bar will read the original site. As much fun as a hand buzzer.
 
UNG

IIS that comes with Windows Server 2000 installs SOO insecure. I didn't get anyone hijacking ours, but about 2 days after it was up I was listed as an proxy relay server on the sites that list them for spammers... Ung.

Easier to block at the firewall than to figure out M$'s method of securing it :P

As for removing browser Hijacks, search around there are a few forums that will help you out.

Try: Spyware Warriors

SSR
 
You must log in or register to reply here.

Back
Top Bottom