Hmmm, I think I was hijacked by something that has put a little critter on my hard drive, as every time I connect to the internet via Internet Explorer on my Desktop I get pop-ups advertising porn or viagra or search engines. If I go via the "Start" button and "Favourites" I don't get the pop-ups, but every few minutes my hard drive starts grumbling and I get a box flash up saying "Malicious script detected - embedding. Stop script? Recommended". I click "Yes" and it stops, but a few minutes later the same thing happens. I have Adaware and Spybot (thanks to the advice on this forum) and they have cleared everything out, supposedly, and I've upped the security to maximum, including blocking the website that keeps trying to appear, psi-locate.com but it hasn't stopped it. The 4 websites that I look at are Biante, eBay, Hotmail and my uni, and I know they're all pukka, so I don't know where this has come from (other than Kazaa that my mate uses) or what to do about it! It's getting annoying......

Actually, I hadn't thought about the fact that the website would come up as a link - DON'T CLICK ON IT WHATEVER YOU DO!!!!! I don't know who they are but they're really cheesing me off.

Nick,

Could have come from anywhere, email, a search you did, website etc...

I once did an innocent search for a recipe, and one of the links bounced me to about 20 porn sites...one of these sites loaded a script on my computer that took me about a week to find...

Look in your start-up menu to see if anything loads that shouldn't when you turn your computer on...or it could be in the netscape/internet explorer (or whatever browser you use) directory. Once you find it, right click on it and it will either have properties that tell you where it has embedded the files, or edit the program (don't open it) using notepad and scroll through the mumbo-jumbo looking for where it looks for the embedded files. Do this for each file before deleting to ensure you get everything...

Another ploy is to delete absolutely everything in the "temporary internet files" directory (if using Internet Explorer) or the "cache" directory if using netscape. With netscape, it can help to delete any file that has today's date (i.e. it is probably tracking where you surf)...Netscape re-makes these files as it needs them...Do these deletions using Windows explorer. The downside of this is all of your automatic log-ins will be lost...

Cheers

Originally posted by lcfp2297
Nick,
I once did an innocent search for a recipe, and one of the links bounced me to about 20 porn sites...
Cheers

Hey Leigh,
What were the ingredients for that recipe? Must have been pretty good.

regards
Damian

Thanks Leigh! I will print off your advice and try to understand it! The bit about the Temporary Internet Files I get, because I've deleted everything in there and still this thing plagues me. There seems to be a thing called blondes.rompl.com that keeps trying to appear as well (and I'm not even a fan of blondes!)
I would love to look in the Explorer Directory, if only I knew where that was......I'm sure a hammer would be most effective, but I'll see if any of my mates can guide me through your advice. As I write, I can hear my hard drive chuntering away to itself and it won't let me defrag or use Spybot at the moment, so something well stuck in there.

Nick,

From your response, I think you are using Internet Explorer...

It stores its files in

"c:\win**\Temporary Internet Files"

(the win** can be win, windows, winnt depending on how it was installed and what operating system is used)

Delete everything in that directory...

Try searching the harddrive for "blondes" or "rompl"...you never know, sometimes this can work...

Cheers

i had a similar problem when i used to use kazaa, dont touch it people... anyway, get 'ad-aware' a free download recommended... it removed most problems.

alternatively it may be set to start when your computer boots up, so do what Leigh said and find scripts in your startup directory that shouldn't be there... i found about 20!!]

good luck

nick maybe you need to try this
shoot the messenger (http://grc.com/stm/shootthemessenger.htm)
i've run all the tests from this site here (http://grc.com/freepopular.htm)

Could someone tell me how to look in my startup directory? When I go to "Settings" I see that my computer is set up to start with Windows/Secure or some such, but whenever I try to change that it reverts back again. I did find with Spybot that I could look for "alien" startups but I can't find the feature any more that allows me to do that.......I'm stuck! Last night the computer went quiet for a while and I thought I'd fixed it, but just before I was going to shut down it started to try and download stuff with every legit page I accessed. In the end, as neither SpyBot or Adaware were working, I had to pull the plug. Goodness knows what state the thing'll be in when I go home tonight!

A9X, I'll give your thing a go as well - it does look as though that might be the problem! But as well as blocking the hole I need to kill whatever is already on there and inviting all and sundry in to my hard drive! I thought my computer was secure, as it's my wife's and used to access secure documentation at Oxford Uni. Also, the Uni monitors all internet traffic and they detect porn use, so theoretically nothing of that nature should be able to get onto my system. I'd like to get hold of the spotty geek who devised this sort of file. He's now at the top of my hate list, just above boy racers!

Depends on how your computer is configured on where the "startup" folder is...

The easy way to find it is to click on the "start" button, go to "settings" then "Taskbar and Start menu..." This will bring up another window. Click on the "Advanced" tab, then the "Advanced" button. A Windows Explorer window will pop-up with the "Start Menu" folder highlighted. Open the "Programs" folder in the "Start Menu" folder. The "startup" folder should be in the "Programs" folder.

Also, if you are running user profiles, do a search for a "startup" folder anywhere else on your harddrive as there can be a secondary folder with your preferences...

(jeez, just looked through what I typed...that looks complicated, but isn't really;))

Cheers

Well it seems I don't have "Taskbar and Startup Menu" under "Settings", same as I don't have a "Restart in DOS Mode" option either. The hijacker has filled my hard drive with junk that is riddled through everything, so it looks as though I'm going to have to wipe my hard drive and reload everything. It's annoying enough, but my wife had sent me 10 video messages that when I clicked on them yesterday had all been replaced with porn videos. Some people might like that, but I'm furious. And it now stats loading porn from the depths of my hard drive even when the computer isn't connected to the net. It seems that whatever it is first arrived pretending to be a "joke" in an attachment to an email that seemed to be from a mate, but obviously wasn't. Once it was on it seems to have quietly called in stuff like search engines, adverts for drugs, porn, and they in turn have brought stuff in, until my computer is just stuffed with it and isn't working properly.

Nick, I had the same sort of problem after downloading music from Kazaa. My home page got changed and I got pop up windows every 5 seconds. I took it to my computer wiz mate who did all the searches in the Start menu, internet files, properties etc etc....but because they were so well imbedded he said it would take weeks to find them all. I had to bite the bullit and got my whole computer reformatted. You will lose all the files/programs on your hardrive. For me it wasn't a major problem I had all the original programs on disc. May not be an easy decision for you.

I have a friend who also had the same sort of problem after visiting and downloading stuff from Kazaa.

Anyway, Good Luck.

Nitro.

Nitro, I have resigned myself to wiping everything. I would have missed losing my absent wife's video messages, if they hadn't been replaced with what looked like a naked transvestite bouncing up and down on a bed. Because the computer was my wife's and she used it for her work for the Home Office regarding dangerous criminals, I couldn't take it to PC World anyway! Got a message from a friend today saying that her computer has been hijacked by someone using it to host a porn website! No idea how that's done, but she's also having to wipe her computer and get a new ID. So it's obviously common, despite Sophos, Norton et al.

Originally posted by Nick Short
Nitro, I have resigned myself to wiping everything.

Nick,

One thing you could try if you haven't wiped everything yet is good old google.

Say the hijack is taking you to toranas.com, try a search like "toranas.com hijack" and see what comes up. My PC has been hijacked a couple of times, also the one at work, and every time google has found a forum where someone is being told how to get rid of the exact same hijack.

Hope that helps ...

Hi Chairman - gave that a go, because one of the redirects seems to be to this blondes.rompl.com, and all I got was a discussion forum where someone asked about it and got a rude reply about changing threads! And I think whatever got onto my hard drive has since managed to call in so many things that it will be a nightmare to clear. Even while connected to Google doing this search I would be getting extra "presents" on my computer! So I think a wipe will be the best thing, and doublecheck why the supposedly foolproof anti-porn/trojan/virus/ spam filter didn't work. I did adjust it to allow cookies so I could access sites like this, so maybe that was the trouble. Whatever happens, I will have to destroy the hard drive when I finish with the computer anyway, in case confidential info about murderers etc is still on there in any form...