a friend's computer has been hacked and in the end I will probably end up reformatting and re-installing the OS, but for now I need to get her access to select sites that have seemed to be blocked by the jerk that hacked her computer up. I have tried looking at the following: HOSTS LMHOSTS CMD -> ROUTE and have not found any instances where he has blocked access to msn.com and other sites she uses. Can someone please tell me where else you can block sites on a computer? Oh yeah and I checked IE > TOOLS > SECURITY > RESTRICTED SITES and it's not there either. Also when I ping MSN the reply is 127.0.0.1 so there is obviously a loop back that he created somewhere... Please help! Thanks.

Just thought I would add additional info in case it helped. I would really appreciate if anyone could follow up with any ideas at all. Somehow specific sites have been disabled on my friends computer out of someone's maliciousness. I am unable to get to www.msn.com or www.hotmail.com. Whenever I get try to ping these sites I get a returned IP of 127.0.0.1 (the local loop back) so I am wondering where they would have set this up. I have checked Windows Hosts, Lmhosts and Services file in c:\windows\system32\drivers\etc to see if they blocked these sites specifically but nothing is there. Also I have checked the CMD -> Route command to see if they set up a bogus persistent route and again..nothing I have verified that there are no firewall/routing rules that would prevent access. I also combed through GPEDIT to see if they set up any security policies on specific URLs and again nothing configured. I also went through all the Security/Content/Sites settings in IE and set everything back to default. no dice :( so I am wondering if there is a reghack they made somewhere or some other way that they were able to prevent access to these specific sites and everything else works. Also to note, other computers on the network are able to access the sites that this pc is unable to which is another verification that it is not a firewall/routing issue (or at least not a global one). Any good ideas out there? Please let me know. Thanks in advance!!!! - Michael

All that takes is a hidden DLL linked into WinSock chain, much like the CoolWebSearch browser hijacker does. You could get around this by installing a different browser. Or you could run programs like AboutBuster.exe and CWShredder.exe (download on a different system and copy to diskette) and see if they find this browser hijacker. While you were looking for HOSTS file, did you check for a hidden copy?

Michael, One of the first things you should do is to try running netstat in command prompt. Netstat is a utility that will show you all open ports on your computer and your current connections.If indeed you have determined that you have been hacked,and if the hacker is careless?you can find his/hers ip address using the netstat command. Here is a list of the netstat commands that can provide you with excellent clues to who the hacker is,but remember that if you do find the ip address it may not belong to the hacker or it may be traced back to a to benign networks which were merely unwitting hosts to remote-triggered Trojans located on their servers..... # -a displays all connections and listening ports # -e displays Ethernet statistics # -n displays addresses and port numbers in numerical form # -o displays the owning process ID associated with each connection # -p proto shows connections for the protocol specified (TCP, UDP, etc.) # -r displays the routing table # -s displays statistics broken down by protocol # interval redisplays selected statistics at the assigned interval Also check the pc for add on users that might have been created by the hacker and make sure that all pc users are legit,and if not?remove the user(s) Furthermore,enter task manager to view all running processes and run a google search to find info on the running(s) file to investigate suspicous running processes. Also,enter regedit and under hkey_local_machine click on Microsoft,then click on WINDOWS,then click on CURRENT VERSION,Then click on the RUN folder and view and investigate the running files,and if you find a suspicious file?delete it. Its hard to determine on my side what damage has been done by the hacker,or how long it has been active in the pc,and what it has accomplished in the pc.Your best bet might be to low level formatt the Hdd(s)if all else fails. If you find that the pc has been comprimized by the hacker,a good practise would be to change all users passwords after the Hdd has been formatted,or if you were able to save the pc,and if you were able to completely remove the hacker.You may also want to install an excellent hardware and software firewall,and also a good Av,and anti trojan and make sure that your windows updates are always up to date. I hope this helps!!

Joe what do you mean by "careless"? In the hacking world the Hackers "IP Address" doesnt mean alot anymore.They will first hack an easy victims computer then hack from there therefore showing you only the victims IP Address.You would need more proof and evidence that would make me believe it was a hacker. 31337

Thank you all for the information. I am not famillliar with the dll/winsock route that Jack mentioned above and I will have to checkout the suggested Exe's to see if that finds anything. Yes I did look for a hidden HOSTS file as well... not there either. I am familiar with Netstat and while there is probably not much I will be able to do with the IP address (as it's not likely to be the culprits) it will provide a good start to see what ports are compromized. I believe that the securit6y breach to the computer has been resident for a few weeks now and I have found evidence of a Key Logger (MSGATE 0.1) and am in the process of removing it. Again this is a friends computer and if she would let me get away with it I would have this thing reformatted in a heart beat, but she is concerned that she won't have the ability to restore some of the apps she uses :-/. Thanks again