Whenever my computer is idle for awile ill come back and any internet windows I left open will all be open to an adult site, my homepage will be changed to that site, and I will get about 5 links to adult sites in my favorites.
Anyone have any idea how to get rid of this?

Ive tried
Ad Aware, and just about every other program like it
Going through ad/remove programs
Norton AntiVirus scanning both disks with it recently updated today
Searching the entire drive manually and didn't find anything

Any ideas or anyone else have that problem?

My sisters boyfriend got me this program called "evidence eliminator"... It takes along time to run (I left it on overnight) but it clears your computer of that crud. Then I downloaded Kazaa lite, and since the change I've been spyware free!

hit me up on aim, if you want the program

reformat your hard drive. that will get rid of it all but sadly it gets rid of EVERYTHING. so save what you want onto a cd.

Evidence eliminator, thats the damn program I get popups for all the time. I refuse to buy it on the princible that they have too many popups for there product.

Somthing else I forgot about, every once in a while it will go to a page
"if you can read this file youve been hacked correct this by..." then instructions to edit the registry. I'm not about to listen to instructions for removing a virus that came with the virus though.

I use both Ad-aware and Spybot Search and Destroy.
One gets what the other doesn't and vice-versa.

Tried spybot, ad aware, and another one I found on download.com with no luck.
I really don't want to reformat. I have 2 hard drives though, so I don't know which one this damn thing is on.

Ok this is what I get I don't want to post the link because if you cut the end off its a porn site. I get that randomly online, my home page set to the same porn site, and links put into my favorites to various sites.



If you see this page your hosts file has been hacked. Please use the instruction below to clean your machine.

You cannot reach the site you where trying to reach without following this procedure! - Please follow the steps provided in this document and make sure to download all patches for your computer from the Windows Update Site which can be found here:
http://windowsupdate.microsoft.com

1. Start regedit,
find HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run ,
delete starting of svchost.exe file,
reboot your computer,
delete file svchost.exe in windows directory.

2. Reboot windows and start in
SAFE MODE (F8 key on keyboard before windows starting),
delete file winlogon.exe in directory: C:\Documents and Settings\All Users\Start Menu\Programs\Startup

3. Clear your 'hosts' file.
How to edit your hosts file: locate it first, either by browsing to the directory (as shown above) or by hitting "Start - Search - select all files and folders - type in 'hosts' (without the quotation marks) and hit search. When the file is found, click with your right mouse button on the file and select 'Open With...' This will bring up a list of programs to edit the file with. Select Notepad from that list and click OK. - Remove all lines from the file and type in: 127.0.0.1 localhost. Now close the file and save your changes.
For Windows 95/98/Millenium machines: Locate the file hosts in your C:\Windows directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
127.0.0.1 localhost
For Windows 2000 machines: Locate the file hosts in your C:\Winnt\System32\Drivers\Etc directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
127.0.0.1 localhost
For Windows XP machines: Locate the file hosts in your C:\Windows\System32\Drivers\Etc directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
127.0.0.1 localhost

Might want to try a firewall, it may or may not help you, but its not a bad idea to have one anyway. I'd sugest Zone Alarm, its a free download and works great. Easy to manage program acess and open ports and stuff.

Originally posted by PyRo
Ok this is what I get I don't want to post the link because if you cut the end off its a porn site. I get that randomly online, my home page set to the same porn site, and links put into my favorites to various sites.



If you see this page your hosts file has been hacked. Please use the instruction below to clean your machine.

You cannot reach the site you where trying to reach without following this procedure! - Please follow the steps provided in this document and make sure to download all patches for your computer from the Windows Update Site which can be found here:
http://windowsupdate.microsoft.com

1. Start regedit,
find HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run ,
delete starting of svchost.exe file,
reboot your computer,
delete file svchost.exe in windows directory.



whoa slow down there.

svchost.exe is a core windows file. You don't just wnat to "delete" it. The hosts file has nothing to do with this file at all. Svchost.exe is a generic process for services that run from DLL libraries.

If you've got XP check here:

http://support.microsoft.com/?kbid=314056

for more info as to what it does.

But I wouldn't delete that file, Assuming your running windows XP, if you do a CTRL-ALT-DEL and view the Task lists, then click the processes tab at the top, then click the Image Name header to sort alphabetically, you'll see a whole bunch of svchost.exe processes running.


http://www.whatisthebinty.com/images/wiseass/svchost.png

the processes you see running are more then likely core windows .DLL files and other dll files that are used when you run other programs at startup..

edit: okay also DO NOT delete the winlogon.exe file, that too is a core file. Sounds like this person is trying to tell you how to ruin your computer. taken right from the MS site:

Winlogon
A component of the Windows operating system that provides interactive logon support. Winlogon is designed around an interactive logon model that consists of three components: the Winlogon executable, a Graphical Identification and Authentication dynamic-link library (DLL) referred to as the GINA, and any number of network providers.

In order to remain logged in and to allow you to log out again "securely" it has to continue running.

Winlogon has other functions such as providing authentication details to shared resources (network shares, NTFS files/folders).

As to the problem, I'd say check the hosts file like they suggest, but as far as I know neither of the winlogon and svchosts files are related to that file in any way. It's basically a text file that sets what IP points to what URL.

like the IP for www.yahoo.com is 216.109.118.78, put that IP in your browser and it'll take you there. The IP for www.google.com is 216.239.39.99, Now, if you modify your host file, and if you put the IP for google, but put the www.yahoo.com URL, like so:

216.239.39.99 www.yahoo.com

save the file, and reboot, when you type in yahoo.com, it'll take you to google..


Make sure there is only one thing in there, most people don't need to modify their hosts file, so spyware tends to toss stuff in there.

the only thing you should have is this:




# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost



thats the standard XP hosts file.

It sounds like your browser has been hijacked. you might want to try downloading a program called hijack this. http://download.com.com/3000-2144-10227352.html?tag=lst-0-5

Go there, run the program, and then post the results up here or talk to me on AIM and ill let you know if anything looks strange. Browser hijackings are not found through adware scanners or norton scans, only this program will help you with that.