Unwanted Browser add-on masquerading as Google Results

Forum Moderators: open

Message Too Old, No Replies

Unwanted Browser add-on masquerading as Google Results

This company is spreading a browser add-on that masks google results

rustyzipper

12:37 am on Feb 12, 2003 (gmt 0)

Not sure how this got installed in my browser (IE), but every time I do a search on Google, MSN, Yahoo, etc. A left frame pops up showing "Enhanced Results" that appear really to be some scammer trying to rack up CPC affiliate $$. Looks like they're signed on with Ah-ha and Kanoodle as far as I can tell.

In viewing the source you can see that this add-on is coming from Popunder.info.

Has anyone else run into this? I notified Ah-Ha about this today. I imagine Google & others will get word & not be too pleased.

Here's an example:
popunder.info/cgi-bin/SSF/sbsearch.pl?se=google.com&search=vintage+clothing&cost=1&limit=10

jdMorgan

1:13 am on Feb 12, 2003 (gmt 0)

rusty,

I've searched here on WebmasterWorld and I can't find the relevant thread, but here's something to check out...

A growing scumware exploit is to use an ActiveX control to modify the victim's hosts file - on Win9x it's at c:\windows\hosts or close by - and add an entry which redirects requests for well-known Web sites to a different Web site. This is possible because the hosts file is, in effect, a local dns lookup for your computer.

Check your hosts file with a plain-text editor and see if you spot entries for google.com, msn.com, and yahoo.com with IP addresses which do not belong to those companies. If so, delete them. On Win9x, the file hosts.sam is a sample file you can use to restore your hosts file to default configuration if it has been hacked. (In most cases, the average Windoze user's hosts file is empty or contains only comments.) Once you've fixed it, set its permissions to read-only.

Of course, this might not be the problem at all, but its a relatively recent exploit that's been discussed here on WebmasterWorld.

Also, download LavaSoft's AdAware and SpyBot Search & Destroy freeware, and see if you have any other critters on your system that need killin'.

HTH,
Jim

GoogleGuy

7:22 am on Feb 13, 2003 (gmt 0)

Try the Spybot Search and Destroy forums, too. They've run across this junk and are starting to pick it apart. Also, you'll want to make sure you apply patches to your IE and up the security level if you can..

WebWalla

12:27 pm on Feb 13, 2003 (gmt 0)

It's from eboom/Inetspeak - the latest version of Ad-Aware will get rid of it.

Laisha

6:54 pm on Feb 16, 2003 (gmt 0)

It's from eboom/Inetspeak - the latest version of Ad-Aware will get rid of it.

Adaware will not get rid of it. We had to manually remove it this morning, but it indeed worked. Details: [webmasterworld.com...]

Yidaki

7:36 pm on Feb 16, 2003 (gmt 0)

Yidaki's dancing on his desc ... he's got a mac, wohow ... :))

WebWalla

11:06 pm on Feb 16, 2003 (gmt 0)

Well Ad-Aware worked for me - I did no manual removal at all. Unfortunately I don't know what entry had to be removed - I just blitzed everything and it worked.