Help for Hijacked Browsers and Blocked E-mail

By Ronald Pacchiano | Posted July 20, 2004

Over the last few weeks I've noticed something strange happening while browsing the Web. Whenever I visit a site that has an invalid or unavailable URL address, I seem to be getting redirected to a site called "Internet Optimizer powered by Yoogee.com." Normally an invalid address would just cause my browser to generate your basic 404 error message. This makes me think that my PC has been hacked or compromised in some way. I ran a virus scan on the system, but nothing was detected. Do you have any idea what could be causing this problem and how I could go about fixing it? Granted, it's not that big of an issue, but just knowing that it's happening gives me an uneasy feeling whenever I use my computer. I feel I'm like being watched. Help!

I understand how you feel. A browser hijacker is causing the problem you're experiencing. Specifically in this case one called Internet Optimizer. While most browser hijackers redirect you to a different home page or search page, Internet Optimizer is an error page hijacker, which explains why you see it only whenever you visit an invalid site. From my understanding, it's not a very malicious piece of adware, but it can definitely make you feel uncomfortable.

Fortunately, there are several options available to you for removing it. You'll find more detailed information on Internet Optimizer at Kephyr. Along with removal instructions, the site will show you what files Internet Optimizer uses and even give you tips on how to detect it.

Alternatively, you could also use a good spyware removal utility to cleanse your system. You can try Ad-Aware Version 6 from Lavasoft and the powerful Spybot Search and Destroy. I know that the Bazooka Adware and Spyware Scanner can also detect and remove Internet Optimizer. For the best results, please be sure to download the latest signature files for each of these apps before scanning your system.

While you are at it, it might be a good idea to run TrendMicro's HouseCall anti-virus software on your system. This is an excellent virus scanner that often finds things that other applications miss. Best of all it's free.

Here are two additional resources for information on spyware and adware:
Dealing with Unwanted Spyware and Parasites
Inside Spyware

I'm confident you'll have things back to normal soon. Good luck!

The other day I was trying to send an e-mail message from my home and almost immediately received an error message indicating that the message had been blocked by something called SORBS. I've never heard of SORBS before this and have no idea how it is even intercepting my e-mail. If I try to send the e-mail with the same account from my office, it works just fine. I have been using this particular e-mail account for several months from both locations without a problem.

At first I thought that this was a problem with my ISP, but I have three other e-mail accounts, all of which are hosted by the same vendor and they all work fine. So now I'm thinking it has something to do with that vendor. Yet if it is, then why isn't it affecting my other e-mails accounts, which are also hosted by them? I am at a loss to explain this except to think that it might be a virus. I'm not even sure who I should contact to help resolve this problem. Do you have any idea what could be causing this problem, and could you please give me a suggestion as to how I could go about resolving this situation? Thanks.

I haven't seen this happen very often, but with the proliferation of spam, I can't say I'm too surprised. For starters, I don't think you have a virus. SORBS stands for Spam and Open Relay Blocking System. This service was developed to fight spam by finding and maintaining a listing of Exploitable Servers. Many ISPs support something known as an open relay (sometimes called an insecure relay or a third-party relay). It's an SMTP e-mail server that allows the third-party relay of e-mail messages. By processing mail that is not from a local user, an open relay makes it possible for an unscrupulous sender to route large volumes of spam. Spammers are able to locate accessible third-party mail relay servers by using automated tools that are readily available on the Internet.

By relaying mail through several open relay mail servers at the same time, it is possible to flood the Internet with large amounts of junk mail in a very short period of time before being detected. This is where SORBS comes in. By maintaining a listing of open relay servers, SORBS can help reduce the proliferation of spam over the Web. More and more ISPs are now checking to see if a server is on the SORBS list as a spam generator before allowing it to relay messages over its network. This theoretically should reduce a ISPs vulnerability to spam.

The problem with the SORBS approach is that when it discovers that a server has been used for spamming purposes, it blocks it. While this prevents that server from delivering anymore spam, but it also blocks legitimate users on that server as well. Until the ISP corrects the problems that caused that server to be compromised in the first place, the server stays blocked and so does everyone else using it.

So now to answer your question: The reason your mail is being blocked is because most likely the server where your e-mail is being hosted has been identified as an exploitable server and as such has been added to the blocked list. This will affect all of the e-mail accounts on that server, not just yours. The reason your other e-mail accounts are still functioning is because they are probably being hosted on a different mail server.

Getting the situation resolved can be kind of tricky; not to mention time consuming. The delisting of a server is a manual process and can only be performed when the ISP contacts a SORBS admin to request removal. This can take time, so be patient.

I would start by contacting your e-mail provider's tech support people (888-511-HOST) and have them look into it since the problem is coming from one of their hosted e-mail accounts. They might already be aware of the situation and have corrective measures in place. Sometimes the ISP will have an alternate trusted relay server that you could use to pass your mail through while at home until the problem could be corrected. I know Time Warner Road Runner in NY would work if you replaced your mail server with SMTP-SERVER.NYC.RR.COM.

As a last ditch effort you could attempt to contact SORBS directly and try to get some help with them. Make sure you send the form to the DUHL queue. Who knows? By the time you get this response the problem might just clear itself up on its own without any additional effort on your part. Good Luck.

Adapted from PracticallyNetworked.com, part of the EarthWeb.com Network.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date