Spyware, AdWare, Browser Hijackers, oh my!

Since I’ve been asked to help provide some information for Chthon through DarkRen’s page on Xupiter HERE, I decided to write my own entry on this. Doing tech support through phone and e-mail, we get lots of various questions and are often blamed for their service providing pop-up advertisements and porn displayed on their computers.

Frequently there are fly-by installations of programs, I’m sure that if anyone has gone to the Freeopendiary page, you’ve been requested to install Gator. Gator is a spyware program that can wreak havoc to browsing and connection speeds. There are also various little seemingly harmless programs that people use, one in particular is Comet Cursor. Information on Comet Cursor, which is a spyware program, can be found HERE.

Then there’s the purple gorilla or yellow parrot known as Bonzi Buddy, which is also a spyware program. More information on this is HERE.

For information on what Spyware is, please review these articles:

Adware, Spyware and other unwanted “malware” – and how to remove them.

and

Is it freeware or… Is it Spyware?.

Next there are browser hijacker programs, there are many of them out there. These can cause porn to display when you first open your browser, redirect you to questionable sites that you would not wish your children to view.

Try setting your home page and when you reboot it goes back to one you don’t want there? You’ve been hit by a browser hijacker program. My mom had one of these installed and I removed it last month when DarkRen was visiting. She had various spyware programs installed, though she only uses AOL and doesn’t know how to surf the web. I’ve dealt with a lot of people hit with Xupiter the last few months and was rather surprised to see it on her system. Xupiter, GoHip.com, Lop.com and Xrenoder are just a few browser hijackers out there, which are AdWare/Spyware programs. Information on these can be found HERE and HERE.

The second article referenced above refers to a program called Hijack This, this program scans the locations in your computer system that may be modified by browser hijackers and fixes any problems found. I personally used SpybotS&D to remove the program on my mothers’ computer, though she was then upset that a game she had was removed. I’ll have to look into that when I go to visit her. It could be where the spyware came from in the first place. Though I tried explaining how bad a browser hijacker could be, with porn, et al., she didn’t quite comprehend it. I guess she wouldn’t have understood it until she wanted to go to her own favorite places.

I’ve found some articles on some specific browser hijackers. For information on lop.com specifically, please look HERE.

for information on Downloadware or DW.exe, please look HERE.

Microsoft has issued KB articles regarding GoHip and Outlook Express problems that can be found by reviewing this link: OLEXP: Outlook Express E-mail Signature Line Adds a Gohip.com Tag.

Microsoft has also released information on how to remove GoHip at the following link: How to Remove the GoHip.com Browser Enhancement

Gohip also has their own removal page that can be found HERE.

If you downloaded software from a GoHip site, then in the Terms and Conditions for downloading, you would be authorizing them to install their own software. Often this happens so quickly you would not even realize that it was happening.

Gohip.com has placed a file in your Windows directory that sets your autosignature, changes your search page, and sets your home page. This executable is called winstartup.exe.

To stop this from happening, remove the file from the C:windows directory and also uncheck it from the Startup tab in MSCONFIG. (In MSCONFIG it may show up as c:windowswinsta~1.exe)

For information on what MSCONFIG is and how to run it, please review the link HERE.

Additionally, one page that I use constantly is a full listing of programs in MSCONFIG that is updated frequently. This list can be found HERE.

These browser hijacker sites may claim to have an uninstall program, but I have rarely heard of them working properly. I tend not to trust a program that is that underhanded, from providing clean uninstallers. There are many people who get so frustrated with the browser hijackers, with the corruption they do to operating systems, that people will format their hard drive and reinstall in order to remove them. They do not know enough about how to search online to find information that might quickly remedy the errors they are receiving.

Hope this helps anyone who has had their browser do odd things or if they have a lot of pop-up advertisements. Clearing cache and cookies can also help immensely.

Log in to write a note

Bless you! I had my own dealings with Xupiter. I thought I would NEVER be rid of it! I went into my regedit & embarked on a journey into madness. *lol* Thank you SO much for this information!!

January 31, 2003

This is a great collection of useful information. Thanks for putting it together 🙂 Hugs,

February 5, 2003

Radical! Thanks.

I downloaded some stupid thing off the Nabisco website and it will not uninstall from My Program box,lol Although I took it off My computer.

May 25, 2003

Mmm. I’m going to have to pick your brain on this…which one is it that has the incredibly annoying pop-up ad messenger windows? *bowing humbly and paying homage* 😉 RYN: Thanks for visiting, and the kind wishes for Ma Signal are greatly appreciated. So far she’s doing well.

June 5, 2003

I appriciate the help. This link is now bookmarked on my system. Thanks.