Results 1 to 10 of 11

Thread: Unknown hijacking: Not detected by Spyboy

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Aug 2011
    Posts
    4

    Default Unknown hijacking: Not detected by Spyboy

    First, a bit of background on myself before you assume anything about me. I have worked in computer repair and spyware removal for about 10 years now. I'm normally very good at rooting out everything. My chosen tools are spybot, hijackthis, regedit, and good ol' fashioned cmd. I have never run across a problem with these tools that I could not ferret out.

    Until now.

    I have been struggling for the last 2 weeks with some form of hijacker that periodically sends me to an advertising website: delivery.jemacpv.com. Apparently this software/hack is trying to make money off of me. Well I won't have it, and have already added this as an override to my hosts file. If you can't remove the heart, cut off their huevos.

    Now, all hijackthis logs show absolutely nothing out of the ordinary. Spybot S&D shows nothing at all except the standard tracking cookies. Rkill.com comes up empty. Procmon... well let's just say that even after swimming through all the data that I could track from iexplore.exe, nothing seems amiss. As far as the computer is concerned, I asked to go to the website. I haven't installed any software recently and if any was installed unknowningly it left seemingly no trace. The only thing I can think of is that somehow someone is spoofing my DNS.

    I would suggest that spybot update their innoculations to add delivery.jemacpv.com to their list of blocked sites. There is nothing redeming about the site, and it is only seemingly an advertising portal. And not even the decent kind of advertising, but the "You Have Won!" and "Work From Home!" popup type. Most unsavory.

    I realize this is my one and only post on this forum, so I may not be trusted or be posting this in the wrong area, but rest assured when I tell you there is something out there that is confounding even me, and the only thing that I have found to do is to block it in my hosts file. It's still in there somewhere, but now I get a 404 instead of Popup Ads. At least the hijacker is no longer making money off me.
    Last edited by Jeoshua; 2011-08-07 at 16:33.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •