malware browser hijack RRS feed

  • Question

  • Folks we need some help out here in cyber space. My IE and Firefox have both been hijacked from time to time from an annoying url: http://scanner2.malware-scan.com/... This is really making me, and I feel sure others, become extremely frustrated with the web. I have reported this before, but obviously there has been no (successful) work done to eliminate the beast.


    Here's the description: I am riding the ether with my XP running all current updates along with my Windows Live OneCare visiting a presumable valid website: http://www.financialnews-us.com/?page=ushome&contentid=2347874782; when all of a sudden the browser is reduced to a frozen icon with a grey block message telling me to click now to download a malware and virus remover software.


    A. this is disconcerting that Windows Live OneCare has no defences against these cyber criminals.

    B. doubly disconcerting that I reported this at least a month ago and placed my faith in your (Microsoft's) collective talents to handle the problem.


    Please pass this along to the appropriate cyber cops in case this falls outside your domain.



    Wednesday, December 5, 2007 8:58 AM

All replies

  • Hi L2h,


    Unfortunately we are limited in what we can investigate without a sample of the malware that is directing your browser to the above links. Some options available to you are;


    1.        Run our online Live Safety Scanner





    2.        Contact our No Charge Support Service (1-866-727-2338), regional contact details are available at the below link;





    3.        If you have a file that you believe is causing the problem you can follow the guidelines in the below link;

    http://support.microsoft.com/kb/921161/en-us or submit the file via the Microsoft Malware Protection Center Portal- http://www.microsoft.com/security/portal.


    I hope this helps,





    Tuesday, December 18, 2007 9:31 PM
  • Hey, I have this same scanner2.malware problem. I opened IE7 and went to Microsoft Update and clicked the button to download updates and the install window popped up as it should, but it was a scanner2.malware install window directly overlaying the real update window-  so I actually officially installed this thing, though it doesn't appear as an installed program.
    I went to the onecare safety scan as advised. The scan stops and freezes on a file called seedsofdeception[1].jpg. Did this 3 times.  Yahoo Anti-spy scan also stops. I can run Firefox, but in IE7 I get endless warnings and download windows for "spywaresuites" and several other scanners.  It coordinates popups with the onecare site and makes it near impossible to start scan.  I can't find the file on my computer. Its in a documents and settings folder according to where the scan freezes. I cleared every temp file.  Shortly after booting up it also disables the links pn the desktop and start menu.

    any suggestions?
    Saturday, April 5, 2008 1:59 AM
  • For last few days we have a problem with browser hijacks. This is what happens:

    Let say you go to google.com, search for something, get results, and when you click on one of results you open valid url (so it is not typical redirect to different url), but content of the website is just a list of links. Here is a screenshot   link:


      It always looks like this screen shot but sometimes has php error messages/warnings on top of the page:


    Refreshing the page doesn't help, but after 10-15min if you refresh the page you can get to actual site. It does the same thing on all browsers. I tried it on firefox, IE 7, 8, Chrome, Safari, on XP and Win7.

    I tried removing the malware with AVG, Lavasoft Adaware, MS Security Essential, Spyware Terminator, Spybot, and few others. Most of them did not find anything, but Spyware Terminator removed few threats. After that I still had occasional hijacks, and then I restored system to 9-22-10 restore point. That fixed it and I did not see another hijacks till 4 days later.

    Now almost whole building has the same problem. Flushing DNS and deleting cookies get rid of the problem but only for another 3-4 hours, when it happens again.

    I noticed that iframe within redirected page always has a same source:

    Associated cookies are:


    Any help/advice highly appreciated!

    PS. I apologize if this post is not at right place, but I'm new here and this is the closest to the topic I could find.
    Tuesday, October 5, 2010 9:31 PM