Lucky Emperor redirects

[Firecrest21]

Please help......

Whenever I pass the log in page of my William Hill (willhill.co.uk)betting account I get redirected to the Lucky Emperor gambling site. I have downloaded Stopzilla, Microsoft Anti-spyware and Webroot Spy sweeper. These have scanned my pc countless times and have removed all kinds of threats. However, this redirect seems to be embedded somwhere and very stubborn. I have contacted William Hill and Lucky Emperor who both say they know nothing about this problem. I have contacted my ISP in case the problem was on their server but they also know nothing. I'm sure the problem lies somewhere in my pc. I am quite pc literate but this one has be baffled, Please can anyone help!!!!????

Many thanks,

Firecrest.

 

[aquias]

If you have the Microsoft Antispyware client follow these instructions...

1. Open MS antispyware
2. Advanced Tools
3. System Explorer
4. Left hand side menu, Windows hosts file.
5. There should only be one entry in this file it should be...

Localhost 127.0.0.0

6. If you have any other entries highlight them (left click) and on the right hand side of the menu use the "Block Entries" button.

Let us know if this helps

 

[Firecrest21]

Aquias,

Thanks for the reply, very interesting, never used MS Anti-spy that way before. I have tried what you said and I got a whole load of dodgy addresses listed , as well as the local host. All had destination address of 127.0.0.1

The trouble is that I left clicked to highlight the address and then clicked on block host, but they seemed to remain on this list with the status showing no data. I also tried to permanently remove host, but again there was no effect. I'm using Microsoft AntiSpyware - Beta 1. Given this is a beta release there may be limited functionality and the block \ remove may not be enabled, I'm not sure. Is there any other version of MS AntiSpyware that you know of??? I also tried a reboot following the first attempt at block \ remove but no success. I'd really appreciate some more assistance if you can give it.

Many thanks,

Firecrest.

 

[erikhertzel]

You can also search for the HOSTS file on your PC and take them out that way, run MS Antispyware and Hijack This for cleanup. You may also try Spybot S&D.

Also this is the only version of MS Antispyware that is out there at this point. So, you have full functionality with the product.

Erik

 

[aquias]

dohp, I was off on the local address my apologies. The correct localhost address is 127.0.0.1.

Now, the rest of the items in the host file are suspect. I was hoping that the MS spyware product would be able to block these for you as it provides an easy to restore point of access.

If you're running Windows XP then follow these steps...

1. Open Windows Explorer
2. Browse out to C:\Windows\system32\drivers\etc
3. Open the HOSTS file using wordpad
4. Highlight everything except the 127.0.0.1 address (all the additional entries should be listed beneath the above address).
5. "Cut" those lines out and paste them into a new document. Save it with a name you'll recall, then save the updated HOSTS file and reboot.

Try surfing again. Once this is taken care you should be okay. To be safe, I would also follow Erik's advice and download hijack this and post the log file up here for review. If your hosts file was badly infected it is likely that there are other browser hijackers hiding out as well.

 

[Firecrest21]

Aquias and Erik,

Many thanks for your help. I did use HijackThis and checked for removal all of those items that didn't seem right.

PROBLEM NOW SOLVED - AT LAST.

Once again thanks for the help.......

Firecrest!