URL 'infected' if http not typed ?



Andrew Kennard
07-09-2005, 10:04 PM
Hi all

A friend has a problem with his machine running WinME and IE6

Every time he types in a URL in the address bar some wierd extra domain name
stuff get inserted in front of it ?

eg type www.google.co.uk
and get http://freewebsites.com.www.google.co.uk or similar when enter is
pressed

If you type http:// first this does not happen

Any idea how this has got there ? is it some worm/virus trick ? how do you
get rid of it ?

Thanks in advance

Andrew Kennard

Don Varnau
07-09-2005, 10:04 PM
Hi,
This is symptomatic of a malware problem (adware, spyware, parasite,
hijacker, etc.)

Start by downloading and running CWShredder and Ad-aware.
See: http://mvps.org/winhelp2002/unwanted.htm
Also note the security tips and other important information on that page.

Additional information at:
The Parasite Fight http://www.aumha.org/a/quickfix.htm
More security tips at http://www.aumha.org/a/parasite.htm
Bugs, Glitches & Stuffups: http://www.mvps.org/inetexplorer/Darnit.htm
What you can do about spyware and other unwanted software:
http://www.microsoft.com/athome/security/spyware/spywarewhat.mspx

If unsuccessful with those programs, you may have to post a HijackThis log
for analysis. Start at
http://forum.aumha.org/viewtopic.php?t=4075 Then go to
http://www.aumha.org/a/quickfix.htm Work through the preliminary cleaning
steps then post a HijackThis log to the forum at
http://forum.aumha.org/viewforum.php?f=30

Be patient. It's a busy forum.

Hope this helps,
Don
[MS MVP- IE/OE]


"Andrew Kennard" <a.kennard[at]btinternet.com> wrote in message
news:u5R1lTHWFHA.1468@tk2msftngp13.phx.gbl...
> A friend has a problem with his machine running WinME and IE6
>
> Every time he types in a URL in the address bar some wierd extra domain
name
> stuff get inserted in front of it ?
>
> eg type www.google.co.uk
> and get http://freewebsites.com.www.google.co.uk or similar when enter is
> pressed
>
> If you type http:// first this does not happen
>
> Any idea how this has got there ? is it some worm/virus trick ? how do you
> get rid of it ?


URL 'infected' if http not typed ?