Problems d/loading w/IE

Discussion in 'Port Explorer' started by beetlejuice, Jun 15, 2003.

Thread Status:
Not open for further replies.
  1. beetlejuice

    beetlejuice Registered Member

    Joined:
    Oct 12, 2002
    Posts:
    8,523
    Last week my wife was surfing. The next day SpywareGuard caught a "home page" change to "rocketsearch.com". Whether she checked yes for a homepage change, I don't know but I doubt it. I undid the change. I checked my IE settings and everything was the same as before. Now the last 2 times that I've tried to download the new versions of PE (1.680,1.70), I get a HTTP 403(forbidden) error on the download page telling me that the credentials I have supplied are not sufficiant to view this page. And this is after successfully logging in to the download page. This occurs using the (Check for new version of PE under Help/Check For) in PE. No problem d/loading new port domain databases though. This seems to be an IE problem since I can get around it by downloading using the links on the Wilders pages going through AOL. I also ran the IE 5.5 repair program and I still can't d/l PE through IE. I am having no problems going anywhere else with IE. Any help would be appreciated. I am in the process of running AT/AV scans to see if I got something from rocketsearch. I will repost with results. Does anyone kmow if rocketsearch changes the homepage without your consent?
    W98SE
    IE5.5
    beetlejuice
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Sounds like a browser hijack. Did you run any of Javacool's tools or Ad-aware or spybotS&D ?
    I get the d/l with IE all time without any problems.
    Can you get to the other pages on the DCS sites and d/l pages without any problems over there?
     
  3. beetlejuice

    beetlejuice Registered Member

    Joined:
    Oct 12, 2002
    Posts:
    8,523
    Hi Jooske. Well after doing some intensive scanning (with everything I've got) and finding nothing, in a fit of desperation I ran GoBack and the problem has been solved. What happened, I don't know. I did notice 1 exe file that I don't have after running GoBack. I believe it was called Ska.exe. Don't know what it was or how it got there, but it's gone now and everything is working fine. Browser Hijack? maybe.
    beetlejuice
     
  4. linney

    linney Registered Member

    Joined:
    Feb 17, 2002
    Posts:
    174
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I saw that URL name connected to various sources like JS_Noclose.E and others, which try to force you to set your homepage to the site in the body of the trojan, they might open a hidden and a minized windows behind your browser displaying advertisements etc.
    You might like to hunt for your HOSTS file (not hosts.sam) and add 127.0.0.1 www.rocketsearch.com
    From the descriptions that Noclose would not be destructive, just try to get the windows closed and that's it, unless there are other variants.

    Ska should be unrelated to this, btw, so good to be rid of that too.
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi,

    I've seen lots of involuntary home page changes, but rocketsearch was not one of them. Maybe they have started only recently.
    I'll keep an eye out.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.