Hijacked!

I wish I could help more then this; Your browser has definitely been hijacked. I'm surprised Spybot didn't already catch it, but there are other spyware removers out there that you can use. I might also suggest going to www.overclockers.com/forums/ and posting asking the same question there. The users there will be able to point you out much more better then I can, since the names of the programs elude my poor memory.

A few that come to mind are:
Hijackthis
Spybot S&D
Ad-Aware by Lavasoft
Malwarebytes

May also be able to clear the "hosts" file. This is often used to redirect a browser. Then rerun the "Immunize" from Spybot to add protection again.

They might have altered your internet proxy settings. You'll find them in your browser's Tools/Options menu.

Yep. Time to clean up your computer.

Another good spyware program is Superantispyware checker.

Run MalwareBytes, and Super-AntiSpyware to make sure your system is clean.

Also do an online scan with Trend Micro.

This has been an interesting week, belive me. I ran Malwarebytes, Spybot, McAfee several times on both my laptop and desktop (both infected). The thing that invaded me was insidious. It appeared to work for awhile, and once I'd go to poi-factory and click on a link it would redirect me to www.draw3d.com. The only site that was targeted was Poi-Factory, and the only site I was directed to was draw3d.

I finally had to use system restore and go back about a week or so, then run all the spy and virus stuff again. It appears to be working ok now, but it has done that in the past. Time will tell.

On another note, thank you wknight40; I sent my daughter info about the program you suggested "malwarebytes", she used it on my grand daughter's laptop she was getting ready to trash due to many, many problems. It solved them all and my grand daughter has a laptop to use again. Thanks for your help, and thanks to the rest of you for your help and suggestions.

So, it's snowing like hell here in Northern Virginia again, so let me surf the net (safely). Later, George

If you find you still have the problem, I have one other suggestion - running HijackThis and posting the results at bleepingcomputer.com. The folks over there do a good job helping users identify and remove malware. Here is the link to the complete set of instructions:

http://www.bleepingcomputer.com/forums/topic34773.html

Malwarebytes is a fantastic program for removing the nasty stuff that creeps into your computer, but give it a better chance to clean things out by restarting your Windows computer in "Safe Mode" so not as much it running. Safe mode can be accessed at boot time by tapping the F8 key before the Windows splash screen comes up. You will be given a set of options, choose safe mode with networking and then run Malwarebytes.

Someone or or several people have been posting phony discussions. The most recent seems to be "muddled,games,pleasure,modish"

All I can say, is be careful, about clicking on questionable links.

On Poi-factory?

We delete them as soon as we find them. They usually go up around 2 in the morning and we don't get them removed until we start work at 9:00 am.

Miss POI

Malwarebytes Anti Malware, and IObit Security 360 along with my antivirus and don't usually have any problems. You might also install CCleaner. This works well, too.

I have used geekpolice.net and geekstogo.com to have spyware removed from computers I was working on. Both sites are associated with bleeping computers.

So there is a good possibility that I did get this off poi-factory. I figured I must have since it was the only site I was directed away from. Have any disgruntled former members?

Be sure to run Super-Antispyware also. Works just like Malwarebytes but may catch stuff it doesn.

So you're upset at POI Factory because you clicked on an unknown link and got a virus???

Never said that. I'm a retired Intelligence Officer, once attacked I attempt to find the source, to prevent it from happening again, and caution others.

Get it straight where you are pointing the finger.

Link to a photo album was here. The malware was on the site that you went to after you left here.

another good program if you do a lot of web surfing , is cc cleaner. this program should be run last when your ready to shut down your computer for the night .helps keep the mess down from surfing.
mike

I use Fire Fox with NoScript, and AdBlock Plus. The NoScript prevents anything (javascript) loading without your permission, and the AdBlock Plus stops the ads on sites from doing a drive-by download. SpyWareBlaster is a good passive program as well.

Using a good hosts file in addition to all those makes for good security while browsing.

Hope the firefox users have seen the warning about the false update circulating for firefox. It contains malware.

Link please?

I only update it internally i.e, the program itself.

What false updates are you referring to? Firefox or the add-on updates? Can you provide a link to the article?

donicus and mrpkd have recommended CCleaner and I agree with them. The business software company where I work uses CCleaner, which is freeware, rather than designing custom software to help maintain their tens of thousands of PCs worldwide. This is only one tool of many that is needed to keep malware away.

dobs108

I use firefox with an add-on WOT "Web of Trust" that will warn you of risky sites. I only do any type of banking and on-line purchase on my Linux system. I don't trust any Microsoft Window system with credit card or banking information.

Been working on this for weeks since this thing returned. If you're interested you can follow the attempts for a fix at:

http://www.bleepingcomputer.com/forums/topic296303.html

May need an exorsism!

Read whole post from the link. Sounds very frustrating. Hopefully the guy can find a solution for you. Be sure to post your fix if you manage to find one.

But instead of chasing a ghost I would rather reformat the hard drives and reinstall everything, especially since you already have your data backed up.

Man, if I were to guess....

It sounds like your DNS server is poisoned, and/or the DNS server you connect to has been modified to a different one.

Unfortunately, to check/work those topics you'd have to be pretty knowledgeable about the router you are using. Keep going with the bleeping computer guys. They'll track it down.

Its possible that his hosts file in c:\windows\system32\drivers\etc\hosts was modified. If that is changed then anyone trying to go to site A will always be sent to a site B.

Here is a nice program I use called Advance System Care http://www.iobit.com/advancedwindowscareper.html .It does a good job plus has a lot of other nice features.It is free and you can also purchase the pro version if you want.

After several weeks of fighting this thing, I believe it is finally gone, thanks to Mole (in London) at bleepingcomputers.com. The thread was read by some 1000 people, worldwide, and was listed as a Hot Thread. My hat's off to Mole, I was fully expecting him (or her) to give up long ago, but he worked this thing out with much troubleshooting by web posts. Somehow, something modified the address for POI-factory, his comments are below:

"For some reason, and we're not quite sure what but it wasn't a malicious thing, the IP address for poi-factory was a digit out from the address that gets pinged. The number should be 21 at the end but as you can see the ping address shows 4.

QUOTE
Name: poi-factory.com
Address: 74.208.99.21

Pinging poi-factory.com [74.208.99.4] with 32 bytes of data:

As you may have guessed already, 74.208.99.4 is the IP address of 3ddraw.

Having cleaned out all the caches to avoid the return of the redirection it resolves correctly."

He wrote a small program to clean things out for me, then helped cleaning out Java and IE cache and temp files. So far, for the past few days, both my PC and Laptop are working fine and I can get back onto Poi-factory.

If you'd like to read the thread, it's at: http://www.bleepingcomputer.com/forums/topic296303.html

I agree with one of the posts above about using Firefox. While it's not bullet proof the combo of Firefox, NoScript and AdBlockPlus is pretty good for avoiding the more run of the mill exploits, locking down your hosts file can help too, though that's a pretty easy fix if someone does attack it. The more advanced attacks can be a real pain to fix and sometimes it's just easier to reformat and reinstall.

One other thing I'd recommend is to never, ever, just blindly follow the defaults on install screens and read every page and option before installing a program. Even Java updates now default to installing the Yahoo toolbar unless you tell it not to. A while back I had to reformat a computer on which the user had installed a MS Messenger add-on which came with the added bonus of a hijack called "LOP" as part of the install process. It was a bastard to try to remove so I just reformatted in the end. The author justified it by saying the user had the option not to install it but the default was to install and teenagers tend to just hit the default keys. My advice is always choose the "custom" or "advanced" install, and read the options for the components to be installed very carefully.

if you ping and it still redirects, your hosts file is the likeliest victim. go find it at c:\windows\system32\drivers\etc and edit the offending entry (entries). re-save it -- note: NO extension... it's simply "hosts" -- and then set it read-only.

btw if anyone wants *my* hosts file (over 30,000 lines long which blocks ads and malware sites), let me know. i am not peddling this, rather offering it as a favor to the community. it would be your responsibility to understand what the hosts file is and does, and then you'd also want to at least look through it a bit before you add it to your system. i have composed it over the course of several years by adding the URLs of malware sites that come to my attention; i have also allowed spybot to add its own blocklists.