|
2005-02-18, 05:03 AM | #1 |
Ahhh ... sweet pity. Where would my love life be without it?
Join Date: Feb 2005
Location: British Columbia, Canada
Posts: 208
|
Removing Trojan Search Hijacker
Just got hit by a trojan or somethin. Installed ICQ and instantly got hit with a bunch of viruses, trojans, and dialers. Norton blocked most of them but 1 got thru. My home page for Internet Explorer has been hijacked by some stupid fake search page which also loads once and a while on a page i am surfin on. Fuckers!
How the hell do i get this thing out of my regisrty? Can anyone Help me? Bye Bye ICQ. stickin to e-mail. |
2005-02-18, 05:17 AM | #2 |
No matter how good you are at something, there's always about a million people better than you
Join Date: Apr 2004
Location: Greenguy County, NY
Posts: 236
|
What nortons did`nt get avg might. Also you could install and try "spybot", "adaware" and then "hijack this" for more intensive scanning. All free and found with an easy google search.
|
2005-02-18, 05:22 AM | #3 |
Hello, is this President Clinton? Good! I figured if anyone knew where to get some tang it would be you
Join Date: Feb 2005
Location: England
Posts: 442
|
What's the URL of the new home page?
In support of Robbo's comment - the boards are full of people that have been let down by Norton, but in this case it seems that the transport is via ICQ vulnerabilities. |
2005-02-18, 05:39 AM | #4 |
Ahhh ... sweet pity. Where would my love life be without it?
Join Date: Feb 2005
Location: British Columbia, Canada
Posts: 208
|
Norton Notified me as they came in thru ICQ
Allowed me to blockem. Did a scan and it found a bunch of dialers did the remove but two werent able to be removed by norton but told me path on registry. Deleted it from registry but it came back.
Hunted deeper into registry and found a duplicate copy elsewere. Zapped it and now so far so good. Still need to shut machine down and restart to be sure. Fingers are crossed. Cant remember URL now. If it comes back i will post. |
2005-02-18, 05:59 AM | #5 |
Ahhh ... sweet pity. Where would my love life be without it?
Join Date: Feb 2005
Location: British Columbia, Canada
Posts: 208
|
Its Back
Shut down machine and its back. Arrrg!!
Why do these guys bother with this kind of shit. How many people actually use their crappy search thing and end up buyin the crap spyware removal stuff there peddling by infecting you with spyware first. The amount of work involved in designing these sysytems to continually get around security systems, adblockers, adn antispyware could be put towards much better ventures. Idiots!!!! Hope no one on this board is involved in this kind of crap. I have been infected in the past by similar ones i've caught from surfin porn. Keep your sites clean and you will always make more money than by constantly hitting people with popups or viral crap. When surfers encounter this shit they WILL NOT COME BACK AGAIN! as im sure most of you know. Sorry for the rant. |
2005-02-18, 06:44 AM | #6 | |
Eighteen 'til I Die
|
Quote:
|
|
2005-02-18, 07:08 AM | #7 |
Hello, is this President Clinton? Good! I figured if anyone knew where to get some tang it would be you
Join Date: Feb 2005
Location: England
Posts: 442
|
They install routines to change affiliate link codes - Affiliate Link Theft is becoming big business, and I seem to remember a company that did this was traded for multiple millions recently.
They also create a lot of traffic which gets sold to people trying to boost ailing tgps. The fact that Norton picked up incoming files isn't really important. A virus installer sitting in your temp directory is harmless and pretty common these days. It only becomes a problem when it gets triggered. Anti-virus programs like avg detect trigger activation, and thus have a better success rate than the AV programs that just rely on scanning files for virus signatures. It's because of the detectors that are placed on trigger points by AV programs that you should never install more than one. They can interfere with each other and make both less effective. |
2005-02-18, 07:16 AM | #8 |
Nothing funnier than the ridiculous faces you people make mid-coitus
|
If it's coolwwwsearch or something like it..it is a MF to get rid of. I got hit in Sept from a submitter and it took me until Dec to get rid of it.
Robbo's suggestions are the ones that did it for me. I used Spybot S&D with hijack this. The Spybot forum is very helpful too. If you post your results from hijack this they can tell you exactly what/where its coming from. Another point is using IE. There is so much crap that is just targeted for it. I use Mozilla/Netscape for everything except a final check of my sites before submitting. I hear there is a new MyDoom out as well. In the immortal words of Deadwood: Cocksuckers!!! Good luck with this. |
2005-02-18, 07:26 AM | #9 |
Hello, is this President Clinton? Good! I figured if anyone knew where to get some tang it would be you
Join Date: Feb 2005
Location: England
Posts: 442
|
CWshredder used to be good for getting rid of cool web search, but CWS has a team of very competent programmers, and one guy at uni couldn't keep up with the pace of change. His site has got some good tips and links for getting rid of the latest version though.
It's now got so bad that I surf with active-x and j/script disabled. |
2005-02-18, 11:39 AM | #10 |
No matter how good you are at something, there's always about a million people better than you
Join Date: Apr 2004
Location: Greenguy County, NY
Posts: 236
|
Cwshredder is good for some things too. That`s on the hijack this site btw. I did a good foray into removing these things a while back when I took on three infectde systems at once. Learned alot and have`nt had any problems since. All the afformentioned tools plus the sp2 updates seem to have made a difference. I also run firewalls. I did notice some new activity when I last fired up icq though but did`nt have anything try to latch on or install. I`ll take that as a sign i`m doing something right...for now.
Sometimes I think terrorists are behind alot of this crap. They have to be the only ones desperate and stupid enough! |
2005-02-18, 11:48 AM | #11 |
I Love Turkish Delight, they're very moreish.
Join Date: Nov 2004
Location: UK
Posts: 578
|
System Restore
I got hit by a virus that just took over my desktop. Replaced it with a black screen with a spyware warning. I used System Restore, going back 24 hours, and it worked.
Cheers japamor |
2005-02-18, 12:09 PM | #12 | |
You tried your best and you failed miserably. The lesson is 'never try'
Join Date: Oct 2004
Posts: 166
|
Quote:
Also, there is a registery key called LEGACY, if fact, several of them. Backup your registry and delete all the keys that have LEGACY in them. Those keys put other spywary/trojan keys back that have been deleted. Also, look in the root of C:\ and look for any zero length files. Foreach one of those do a search on the web, you will get tons of info on how/where to delete the trojans and spyware that created those files. For those that dont know, Adaware changed versions and its name to Adaware-SE. Download that to update your def files. |
|
2005-02-18, 12:43 PM | #13 | |
"Without evil there can be no good, so it must be good to be evil sometimes" ~ Satan
Join Date: Aug 2004
Location: Motor City, baby, where carjacking was invented! Now GIMME THOSE SHOES!
Posts: 2,385
|
Quote:
|
|
2005-02-18, 03:15 PM | #14 |
If there is nobody out there, that's a lot of real estate going to waste!
Join Date: Dec 2003
Posts: 2,177
|
CWS is a very good tool for getting rid of those trojans.
Seems one sponsor is maybe promoting this BS, while another one has posted that anyone caught using them for traffic is canned. I know I asked over a year ago on one of the sponsors boards if they had any plans to implement any TOS regarding all this "new technology" stuff. They just pointed to their canned email spam TOS. |
2005-02-18, 03:18 PM | #15 |
Subversive filth of the hedonistic decadent West
Join Date: Mar 2003
Location: Southeast Florida
Posts: 27,936
|
Microsoft Warns of Impossible to Clean Spyware
"The Inquirer has a story that the next generation of Windows spyware and exploits are starting to make use of "kernel rootkits". A paper at Microsoft Research has details on a prototype detection tool. Computerworld has more details, as well." From the article: "Newer rootkits can intercept system calls that are passed to the kernel and filter out queries generated by the software. This makes them invisible to administrators and to detection tools..." http://www.computerworld.com/securit...,99843,00.html http://www.theinquirer.net/?article=21326 http://research.microsoft.com/resear...0Report&id=775 I'm soooooooo happy that I don't use Windows |
2005-02-18, 03:50 PM | #16 | |
What can I do - I was born this way LOL
Join Date: Oct 2003
Location: ohio
Posts: 3,086
|
Quote:
|
|
2005-02-18, 04:47 PM | #17 |
Aw, Dad, you've done a lot of great things, but you're a very old man, and old people are useless
|
There has been a lot of anti-spyware software mentioned, you could try www.webroot.com and download the trial spysweeper, which generally finds additionals that the ones above miss. You may also want to check www.diamondcs.com.au which is for the TDS3 and also a trial which may do the trick.
|
2005-02-18, 05:22 PM | #18 |
WHO IS FONZY!?! Don't they teach you anything at school?
|
Justwanted to thank everyone who posted in this thread, I saw a lot of helpful advice. One of my friends likes to come sleep over here a couple of nights a week and he gets on my PC late at night, on sites like Black Hoochie Mamas.com and has downloaded all kinds of shitware I was having trouble with.
I downloaded Microsoft's new beta AntiSpy program.. It cleared a lot of stuff off, including a Windows XP DLL file, now my ICQ and some other programs no longer function. Thanks, Bill....destroying your own operating sustem.... xSoft or whatever is free download and found a lot of junk but won't remove it til you register/pay. Adaware did a good job. My yahoo Toolbar Anti-spy is disabled by some spyware. Insidious bastards... Thanks again for all the good tips in this thread, tho James |
2005-02-18, 06:04 PM | #19 |
Ahhh ... sweet pity. Where would my love life be without it?
Join Date: Feb 2005
Location: British Columbia, Canada
Posts: 208
|
Gone now for most part
I found some more stuff in registry and zapped it. Now its not coming back. But every time i reboot my machine Norton tells me about 1 or 2 viruses it finds. Seems something is still here triggering them. I also must have a dialer cause i get a little window saying dialer failed. Im on a cable connection so the dialer cant find a phone line to get out with.
Was not CoolWebSearch something different. Had CWS before and had to backup all my important stuff then reinstall windows to get rid of it. Thanks for the input guys n gals Last edited by Stever; 2005-02-18 at 06:08 PM.. |
2005-02-20, 07:27 PM | #20 |
Don't let a programmer design your front-end pages!
Join Date: Aug 2003
Location: currently on the road in CA
Posts: 781
|
Sorry to come to the party a little late, but yesterday I didn't spend much time at the 'puter...
I had the same problem late last year, and I too blamed it on ICQ (though was never able to proof it!) - in my case a large number of these trojans installed themselves as *.cab files (self-extracting compressed files) which my AVG antivirus was not able to delete! Read the logs of your virus-removal, check each and every directory if there are any *.zip or *.cab files of the same (or similar name) and hand-delete them! Otherwise it will come back!!! I had one Trojan last night which must have come through Firefox, and the same thing: AVG removed it, but the zip file stayed behind... Plus: ever since I'm having some trouble with my svhost file being corrupted, so each night I have to delete a number of files in the c:\windows\prefetch directory or my internet connection won't work the next day... Bloody nuisance! More in this thread - and try some "housecall" sites like http://housecall.trendmicro.com/ Good Luck!
__________________
Have a nice day! |
2005-02-20, 07:34 PM | #21 |
Don't let a programmer design your front-end pages!
Join Date: Aug 2003
Location: currently on the road in CA
Posts: 781
|
Google quite often gives you detailed (and good) results re. specific virus and trojan removal tips if you enter the entire malware name in the search field! Try it enclosed in quotation marks...
And everybody recommends HiJackThis as a diagnostic tool - I personally found it of limited use (since 'my' trojan was brand new at the time).
__________________
Have a nice day! |
2005-02-21, 03:05 AM | #22 |
Ahhh ... sweet pity. Where would my love life be without it?
Join Date: Feb 2005
Location: British Columbia, Canada
Posts: 208
|
Im Back online
Had to reinstall windows to reformat drive and clean it all out. Spybot could'nt remove it. Was not too painfull. But have to wait till tommorow to contact my Host server to get paths to my email. Didin't write them down. doh!
|
2005-02-21, 03:28 AM | #23 |
Took the hint.
|
Adaware, hijack this, the microsoft thing, etc... all good tools. You really should surf with Firefox rather than IE.
There is a bunch more good tools... most important is to make sure you are getting all the windows updates. Alex |
2005-02-21, 05:13 AM | #24 |
Hello, is this President Clinton? Good! I figured if anyone knew where to get some tang it would be you
Join Date: Feb 2005
Location: England
Posts: 442
|
Viruses and trojans aren't the same thing, and you can't expect one piece of software to guard against everything. For example, no AV program will protect you against downloading the Google spybar, or running the AOL CD. Running actiive-x routines is the same as running an installer program from your CD, so take care and check before you run any active-x (Flash relies on active-x btw).
Malware is now so diverse that you need to research the specific problem and find the best method for removal. Again, no one product will do everything, and you need to be sure that the removal tool you are running won't install its own spyware and modify your settings. Microsoft is constantly adding new backdoors and adding "vulnerabilities" for it's own purposes - you need to check on these as well if you want to stay secure. Similary the big net corps have auto-updating spyware so that they can vary and increase their advertising revenue at your expense. |
2005-02-21, 01:32 PM | #25 |
Wheither you think you can or you think you can't, Your right.
|
I am by no means a microsoft fan, but I have to admit their new anti-spyware tool, really helped me. Cleaned up everything, even a difficult home page/browser hijacking. Before that I used ad aware, bazzoka, spybot and pest patrol, none of them even found the ones I had.
The MS one took about 7 scans, but got everything back to normal. And the last time I got zapped by a ton of crap, I could not even do a system restore, even going back a month or more. ronnie |
|
|