|
|
|
|||||||
 |
|
|
Thread Tools | Rate Thread | Display Modes |
|
#1
04-12-2004, 11:05 PM
|
||||
|
||||
|
Trojan warning
Alright, everyone needs to stay away from anything called CoolWebSearch, or anything with a name close to that, such as coolsearch.biz. It's a trojan/hijacker that bad websites install without telling you. I just spent 2 days trying to get rid of that s.hit, and I think I've finally gotten it. Hopefully. My only loss was that Windows Media Player had to be deleted.
CWS is a pain. There are over 30 varities of it, and new versions are coming out faster than with any other piece of malware (at least that's what I heard). Ad-aware doesn't pick it up, and neither does SpyBot, or virus scans. If you happen to get it, you need to first run CWShredder, which is a program designed to help remove all known versions of it. Some versions of CWS cause CWShredder to shut down, but the latest version of CWShredder can counter that. Anyway, while looking through my registry and other places, I also found the following trojans: a.exe optimize.exe (not optimizer.exe, which is something different) Bridge Hopefully I've gotten them all removed. I also had help from Hijack This. So, if you ever open IE and your homepage has been replaced by "cool search dot biz" or something like that, just be aware that you're probably in for annoying crap. Note: I wrote cool search dot biz so it wouldn't appear as a URL, and so no one would click on it. CWS Chronicles <-- article about how much CWS sucks (by the author of CWShredder), and also links to CWShredder and other info if you need it. Good luck.
__________________
Corporate Life Sucks! "If you like metal you're my friend" -- Manowar "I am the cosmic storms, I am the tiny worms" -- Dimmu Borgir <BombScare> i beat the internet <BombScare> the end guy is hard. 
|
|
#3
04-13-2004, 05:06 AM
|
||||
|
||||
|
dude, you gotta stop clicking all over the place like your system is a big click fest!
you need to create some message rules in your email client so you are not getting the spam attachments that send you these malicious programs. you need to be more wary of free software and the people who manufacture it. rule of thumb, if it sounds to good to be true, then it is. There is no free lunch. also, ease off on the porn sites man. get a magazine or something, it's safer. And don't put your email address all over the internet where the bots can harvest it and send you even more spam and malicious code! cheers
__________________
我不知道。我不能读中国。 - Don't bother demanding respect. You'll get less. Earn respect through what you do, you get more.
|
|
#4
04-13-2004, 06:12 AM
|
||||
|
||||
|
My biggest thing is someone keeps hacking into my Netzero account, and sending viruses to people. I've changed the password 3 times in the last 2 weeks, and it still keeps hapening.
I contacted Netzero again this morning, we will see what happenes.
__________________
Those that are the most sucessful are also the biggest failures. The difference between them and the rest of the failures is they keep getting up over and over again, until they finally succeed. For the Women:  +  =  & a 
|
|
#5
04-13-2004, 06:18 AM
|
||||
|
||||
|
KL,
sounds like you have a key logger hidden on your hard drive.
__________________
He most honors my style who learns under it to destroy the teacher. -- Walt Whitman Quote:
|
|
#6
04-13-2004, 06:30 AM
|
||||
|
||||
|
actually mk, i have never used av software and i don't intend to.
if you know even a little about it, you don't need it. I am of the opinion that the av comps are the ones who are the worst offenders and proliferators of viruses. why would they do this? well, to stay in business and keep getting gajillions of dollars off of people who think it's ok to open every dang attachment they get simply becausethey think it's from some one they know. people prey on stupid people. THat is the number one mark of the marketer. They believe that most people are dumb and frankly they are correct and through their lack opf ethics and morals and the entrenchment of capitalist ideals, they don't have a problem with shearing the sheep. Bottom line is. Be careful. The only safe computer is the one that is totally OFF a network. most people would be completely stunned at how simple the process of hacking is. A little information is a dangerous thing. Knowledge is power and don't think for one minute that someone out there has the goods on you and you gave it to them through your computer and what you keep on it. lol, suckers, HaX04z 400L J00
__________________
我不知道。我不能读中国。 - Don't bother demanding respect. You'll get less. Earn respect through what you do, you get more.
|
|
#7
04-13-2004, 10:27 AM
|
|||
|
|||
|
Quote:
The simple act of opening e-mail can be troublesome these day. avoiding MSIE and its "features" can save you a lot of griefs. http://www.theinquirer.net/?article=14908 Hotmail, Yahoo flummoxed by Filter flaw Allows the bad guys in By INQUIRER staff: Wednesday 24 March 2004, 08:10 FILTERS IN Yahoo Mail and Hotmail allows hackers to steal passwords, access mail and generally cause all sorts of naughtiness, it is alleged. Computer security firm GreyMagic discovered the glitch at the beginning of the month and released an advisory about it yesterday. According to a GreyMagic rep, Yahoo and Hotmail screen all HTML content as it pours through a pipeline into its servers in a bid to stop damaging scripts scarring the processes. GreyMagic techies, apparently, have worked out a way to bypass such filters. The cross-site scripting flaw uses an Achilles' Heel in a site's security to send potentially harmful commands flying around all over the place. GreyMagic said it had used Internet Explorer "features" to demonstrate the defect. µ
|
|
#8
04-13-2004, 05:57 PM
|
|||||
|
|||||
|
Quote:
Or is it?  Quote:
Quote:
Quote:
Quote:
I mean. Hah. Porn sites? What's that? I never put my email address on a website. If I do, it's like userXXname@doXXmain.com and then I tell people to remove the X's.
__________________
Corporate Life Sucks! "If you like metal you're my friend" -- Manowar "I am the cosmic storms, I am the tiny worms" -- Dimmu Borgir <BombScare> i beat the internet <BombScare> the end guy is hard.
|
|
#9
04-13-2004, 07:20 PM
|
||||
|
||||
|
I don't think that AV companies are the ones who write the viruses in the first place. Can you imagine the legal implications of doing something like that? Especially for a major company like Norton or Mcafee. There are enough idiots out there who write viruses to keep them in business for a long time.
AV products don't work that well anyway. I've tried them all so far and none have detected or prevented the dozens of spywear/adware that got installed on my system. They only seem to catch email viruses/trojans, which are easy to avoid anyway. If your dumb enough to open an attachment with an extension like .exe.pif.scr.vbe then you shouldn't be on the internet in the first place. Spyware that gets installed on your system by simply viewing a website is the major problem these days. Most common offendors are serial/crack sites and some porn sites. This happens due to security issues in Micro$oft's IE. I've formatted my computer and istalled all the patches and now it seems to be ok. Haven't been getting any more spyware lately, but I'm sure those l33t h3x0r$ will come up with something new. A firewall such as TPF can be a pretty good defense against spyware. Most of the time it won't stop it from being installed but it will alert you when it tries to open a socket for communication over the internet at which point you can deny it access and take the necessary steps to remove it. Firewalls are only as good as the people running them though, and for most they're just a hassle and often get turned off or disabled for convenience. Not much can be done against ignorance. Another good defence, which I posted in another thread, is to have a separate user account with limited privilages (i.e. not an admin or power user account). With this account you would only have write access to files in users My Documents and Shared Files folders. Any virus/trojan/spyware would inherit the same user rights and would not be able to install itself in your system files or registry since it doesn't have access. You could use this account whenever your using the internet/email/kazaa and login as admin when you're offline to install/manage your system. I'm not sure how strongly Windows XP enforces this policy but if it's even half decent, it should work. It's the principle behind all *nix distros. Edit: ****, sorry for long post. i get carried away with these things.
|
|
#10
04-13-2004, 07:54 PM
|
||||
|
||||
|
Trojan warning:
The ribs go on the OUTSIDE! Ask me no questions, just trust me on this one.
__________________
All my fight strategy is based on deliberately injuring my opponents. - Crippled Avenger "It is the same in all wars; the soldiers do the fighting, the journalists do the shouting, and no true patriot ever get near a front-line trench, except on the briefest of propoganda visits...Perhaps when the next great war comes we may see that sight unprecendented in all history, a jingo with a bullet-hole in him." First you get good, then you get fast, then you get good and fast.
|
|
#11
04-13-2004, 10:10 PM
|
||||
|
||||
|
Quote:
Anyway, I've done a bit more research and found out about the runas command which allows to to run an application as any user regardless of who you are logged in as. This has great potential. You can have your normal Admin account (say: admin) which you always login as and also create a 'Limited' account (say: lim)which HAS a password (do not leave blank). This way you can login to windows as always and have full access rights with the admin account. However, when you want to surf the net, check mail or start any other potentially unsecure apps, you can use the runas command to start that app with the Limited user account (so that it can't cause any harm to your system). For example, you're logged in as admin and want to go on the inernet to browse for some porn which could be potentially dangerous for reasons other than going blind. What you do is you go to Start->Run and type: runas /env /u:username iexplore Replace username with the limited user account (in this case, lim). A DOS shell will popup asking for the password (can't be blank). Type the password, press enter and iexplore comes up. Try navigating to your C:\ drive and deleting some files. You will notice that it won't let you, since the user running iexplore doesn't have access rights. When a trojan/spyware tries to install itself on your system it will have the same problem. You are now VIRUS IMMUNE! This might be a good solution but it's still a bit of a hassle going through all that. It would be better to create a shortcut which you could simply double click and it would open iexplore in 'safe mode'. Problem with this is that the runas command needs the user to input the password interactivelly, i.e. you can't pass it as a commandline argument. Hence you would have to enter the password every time you start the app. Fortunately I found a solution to this. There is an application on the internet called Runas Proffesional which you can use as a replacement for the builtin runas command. http://www.mast-computer.com/c_9-l_en.html Using this application you can create a RAP file with the application path, username and password which when double-clicked will simply run the target app in 'safe mode' as required. Change the icon of the RAP file, place it on your desktop, call it IExplore and you won't be able to tell the difference from before. You should have a very high level of protection now. Any virus/trojan/whatever will only be able to delete/modify files in the users My Documents and Shared Documents folders. Nothing else. I have to do a bit more research to find out how application spawned processes behave (i.e. you run IE in 'safe mode', but then you click on Outlook. Is Outlook also running in 'safe mode'?). Also need to find out if there are any loopholes allowing a trojan to bypass the user restrictions impossed on it (maybe running as a 'system' process). If Windows is even half decent, this method would make your computer immune to a lot of viruses. Just make RAP shortcuts for IExplore, Outlook, Kazaa, MSN and whatever. I've only tested this with IExplore so far. Some pre winXP apps might not run properly under a non-admin user. However, IE and Outlook should be safe.
|
|
#12
04-13-2004, 10:40 PM
|
||||
|
||||
|
Quote:
Also, many common users will create passwords based on things like address, maiden name, pet's name, etc. Things that you can commonly find info about at their desk, in their garbage can, etc. you can start putting together possible password lists merely by snooping around their area and finding out a little about them. I used to run l0pht crack on a regular basis, just to see how long it took to crack the passwords. It was shocking how weak they were. lol, when I was in college, there was a guy in a web development class. his final project was to create a website about the topic of his choice - he chose hackers. (his teacher gave him an F because she hated hackers, wtf?) Anyway, I found his site and figured it would be cool to hack a site about hackers. So I got it and changed it up a bit, then sent him an email letting him know to strengthen his password.
__________________
i'm nobody...i'm nobody. i'm a tramp, a bum, a hobo... a boxcar and a jug of wine... but i'm a straight razor if you get to close to me. -Charles Manson I will punch, kick, choke, throw or joint manipulate any nationality equally without predjudice. - Shonie Carter
|
|
#13
04-14-2004, 04:46 AM
|
||||
|
||||
|
Quote:
__________________
Quote:
|
|
#14
04-14-2004, 05:34 AM
|
||||
|
||||
|
Really??
How do I keep these goons from doing this then?
__________________
Those that are the most sucessful are also the biggest failures. The difference between them and the rest of the failures is they keep getting up over and over again, until they finally succeed. For the Women: + = & a
|
|
#15
04-14-2004, 06:20 AM
|
||||
|
||||
|
Quote:
b) introduce them to a little place called "outside" c) nothing
__________________
我不知道。我不能读中国。 - Don't bother demanding respect. You'll get less. Earn respect through what you do, you get more.
|
|
| Thread Tools | |
| Display Modes | Rate This Thread |
|
|
Linear Mode
