News Daily 7/9newstoday.net hijacker or something?

I started getting this new tab that pops up out of nowhere. The website is 9newstoday.net and the title is News Daily 7. It’s a fake news website about how single moms can make $7k a month, etc.

I tried to google it, but I’m still really confused, because most things say it redirects your Google searches, and mine doesn’t do that (like I said it just makes a new tab at various times, nothing about Google), plus it says that to get rid of it, use Malwarebytes or SpyBot, and I did full scans with both of those, but it’s still happening. I also have Microsoft Security Essentials.

Does anyone happen to know what this is and what I can do about it? Or at least how dangerous it is? It’s not THAT much of a problem so far, but could it get worse?

you can make $7K a month? Wow! Tell me how that works, I need to get in on that!

Try downloading and running Malwarebytes. It should find it and fix it.

Thanks, but I already did Malwarebytes and it didn’t work.

I’m familiar with these guys. Do you see the tabs after visiting certain web sites? If so can you PM me a list of those sites please. It’s possible this isn’t anything on your machine.

Well it usually happens when I switch screen names on aol.com or send an email on there (yeah, I still have two AOL email addresses…) or when I first start my browser (Firefox, if that matters). I just got a message from Microsoft Security Essentials that I had a trojan too, but it took care of that.

Check your proxy settings both in Firefox and in your Control panel. They shouldn’t have anything in them for most users. They definitely should not have 127.0.0.1 in them at all.

Also, since you say you see them when you open your browser, try changing your home page to something else, and see if you still get them.

It did have 127.0.0.1 in it for Firefox, so I deleted it. I can’t figure out how to do it in the control panel though.

This seems impossible to fix! I think I might just need to do a system restore. That’s a huge pain, but I had to do it when I got a virus last summer, and worked at least, so I think it would work now too?

If that was in the proxy settings, then it means there is some bit of malware actually still resident on your machine - 127.0.0.1 is the ‘loopback’ network interface, meaning that Firefox is talking to something running locally, at least in the first instance.

It looks as though PCTools’ SpywareDoctor will fix it - according to this site, at least. Best to download it direct from the supplier (here)

Yeah, it’s definitely still on here. My computer has slowed down and I’m still getting the tabs.

I’m going to buy a new computer soon anyway though, so I don’t really want to pay for that software, which might not even work (since SpyBot and Malwarebytes didn’t). Wouldn’t it work to do a system restore?

There’s a trial version of Spyware Doctor, which I expect would do the trick. System Restore might work if you still have a clean restore point.

Okay, I did the Spyware Doctor, but after scanning it all then of course it wanted to tell me that they won’t actually remove the problems unless you pay. And they only found some things they classified as low threat anyway, so I don’t think they found the stupid 9newstoday thing. This is so annoying!

I already did try a system restore just from a few weeks ago, but that didn’t work. I think I’ll have to restore it to new condition, which is what I did before, but they also saved my files separately, so I wonder if the virus might still slip through that way? It didn’t last time, but this virus is a determined little bastard.

Maybe save your files inside a compressed archive - that way, you can scan it later without the possibility of accidentally executing anything.

Do you have an installed anti-malware program normally? Microsoft Security Essentials is quite good, although the efficacy of any such solution is dependent on the overall level of risk you expose yourself to (the sites you visit, whether you share removable/bootable media with other machines, the kind of content you download, whether you use an up to date browser and block ads, etc)

I’ve had this sort of thing happen before to someone else’s computer. It took a lot of trial and error to fix, including using an offline malware scanner.

So since it may involve a lot of back and forth, I’d recommend putting in a request at Bleeping Computer. They can walk you through the entire process to get rid nearly any malware.

I can handle things when I have access to the computer, but these guys are much better at walking you through things.

Yeah, I have Microsoft Security Essentials always going, use an up-to-date browser, block ads, and don’t download much questionable stuff. So I don’t know where this came from!

Anyway, I’m using Chrome instead of Firefox right now and so far it’s been working without a problem, but I know I still need to get this off my computer somehow. I may try Bleeping Computer. Thanks for the ideas, people!

Just as a heads up, I have this damn virus as well, and the usual scanners aren’t picking it up. I’m really frustrated. Please post if you find a solution.

I ended up doing a complete system restore. I searched and searched and didn’t find another solution (some computer message boards had some very long and complicated ideas, but I didn’t even know what they were talking about), so if you have a restore disc, I’d say that’s the way to go.

No restore disc, unfortunately.

I rolled back to a restore point from a little over a week ago and that seems to have done the trick. If I go for awhile without any further issues I’ll assume the problem is solved and make that darned restore disc.

I keep getting calls from my friends asking why I keep sending them e-mails with this bogus work from home ad. They hacked into my e-mail account and they are sending e-mails to all of my friends. Does any one out there know how I can get them to stop this? I called them and they claim they have no idea how this is happening.

Get a clean computer.
Change your email account passwords.

That’s assuming they’re actually USING your email account, rather than just spoofing your email.