Previous Thread
Next Thread
Print Thread
Rate Thread
#1126 08/19/04 02:50 PM
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
OP Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
Anyone have this nasty peices of malware/trojan? I can't kill it. I ran Lavasoft's ad-aware, spy bot search and destroy. And CWS shredder(an app made to kill it).

Someone with sucess in killing this evil evil evil program please advise me.

This thing has completely taken control of IE6.0. I can change the homepage but it just changes right back. The URL?

res://some_random_string.htm

Now I have located the web page on my system. It is burried in these DLL's this progy creates. I have opened them in notepad and wiped them clean. Only to have the progy download an update and make that a worthless effort.

I have found some of the registry entries but no doubt there are more. I have found 8 in various hives and places.

I have read I will need to boot into DOS and find the deeply hidden files to wipe them out.

This freaking thing downloads it's own updates without my knowing. It is indepth.

#1127 08/19/04 11:32 PM
Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
for the homepage thing, use my homepage locking script in windows; just set it to what you want, hit ok then lock it.

most likely the homepage thing is re-installing it, also nuke registry entries after you udpate and any processes associated.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#1128 08/19/04 11:47 PM
Joined: Jun 2004
Posts: 30
R
Junior Member
Offline
Junior Member
R
Joined: Jun 2004
Posts: 30
i had the same issue u are having now, until i Switched to Opera....(IE6 sucks in so many ways)
but what u can do is run Hijack This, Ad aware, and Spybot.. if those fail u can do it manually by searching the registy, but becareful


Programming it is like sex anyone can do it but only a few of us will ever master it and satisfy all parties envoled :-)
#1129 08/20/04 02:09 AM
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
OP Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
Quote:
Originally posted by Rican Havock:
i had the same issue u are having now, until i Switched to Opera....(IE6 sucks in so many ways)
but what u can do is run Hijack This, Ad aware, and Spybot.. if those fail u can do it manually by searching the registy, but becareful
I ran Ad aware, Spybot, never heard of hijack this.. I have the new ad aware too. Ad aware SE.

You still have the problem Rican Havock!!! This is no regular ad-ware scum. It is actually classified as a trojan. Updates for it are made weekly. It is thought to belong to some ad company in Russia. Do a search in google groups and you can see the power this thing has.

Giz I did lock the home page. It was unlocked and re-set. How is that for evil.

#1130 08/20/04 07:40 AM
Joined: Mar 2002
Posts: 524
D
Member
Offline
Member
D
Joined: Mar 2002
Posts: 524
Spanky, I had the same one man. It's the biggest pain in the [censored] ever. Your version appears to be slightly different, tho. The site you need is: http://www.spywareinfo.com/~merijn/
It appears Murphy's law is in full effect...the site is down at the moment. If it's not up by the time you see this, message me. I'll try and help as much as I can.

EDIT: There are tons of different versions of CWS. HijackThis is a program that lists all the registry/system/etc. settings that spyware normally affects. CWShredder is the one you really need. If your version has been identified, this baby will wipe it out. I also have the tool for removing the so-called "deeply hidden files," although you really need the tutorial to use it. You probably won't even need it.

#1131 08/20/04 12:26 PM
Joined: Sep 2002
Posts: 390
UGN Member
Offline
UGN Member
Joined: Sep 2002
Posts: 390
Spanky for real dude. I got so tired of the adware and browser hijackers for IE. I switched to mozilla firefox. It works much much better, and I don't have half the problems I had with IE. Of couse you still wanna get rid of what you already have, but Firefox man...Its something to think about, or check out atleast! smile


"The secret to creativity is knowing how to hide your sources."
-Albert Einstein

Tech Ninja Security
#1132 08/20/04 12:55 PM
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
OP Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
I have been using Fox fire since it was call phoenix fire bird.

I have Opera, Fox Fire, Netscape, Mozilla, Lynx, IE, and a few more less known browsers. I need IE For work related sites designed for it. I need IE because the idea of a trojan dancing around in a browser so inner woven into my OS creeps me out.

#1133 08/20/04 09:41 PM
Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
I hate firefox, but I love mozilla... I still hvae issues with firefox (firebird, phoenix, etc).


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#1134 08/20/04 10:41 PM
Joined: Mar 2002
Posts: 524
D
Member
Offline
Member
D
Joined: Mar 2002
Posts: 524
Spanky, did my post help? Did you get rid of it?

#1135 08/21/04 12:02 PM
Joined: Dec 2002
Posts: 3,255
Likes: 3
UGN Elite
OP Offline
UGN Elite
Joined: Dec 2002
Posts: 3,255
Likes: 3
Quote:
Originally posted by dashocker:
Spanky, I had the same one man. It's the biggest pain in the [censored] ever. Your version appears to be slightly different, tho. The site you need is: http://www.spywareinfo.com/~merijn/
It appears Murphy's law is in full effect...the site is down at the moment. If it's not up by the time you see this, message me. I'll try and help as much as I can.

EDIT: There are tons of different versions of CWS. HijackThis is a program that lists all the registry/system/etc. settings that spyware normally affects. CWShredder is the one you really need. If your version has been identified, this baby will wipe it out. I also have the tool for removing the so-called "deeply hidden files," although you really need the tutorial to use it. You probably won't even need it.
http://www.spywareinfo.com
will be ready soon!

I ran CWS shredder. Nothing! What ever [censored] child/version I have, it didn't wipe it out. It is kinda smart really.

It Auto-updates right, It also attacks the CWS shredder site. So it has the ability to stay 1 step ahead of the game. The file names are random numbers and letters. They change where they are placed from week to week. This thing is just wild.

I see the developer for CWS shredder has stoped making new versions. He says the depth CWS has now reached he can not keep up with it.


Check out this article on the register
http://www.theregister.co.uk/2004/06/29/cws_shredder/

#1136 11/10/04 04:06 PM
Joined: Nov 2004
Posts: 2
E
Junior Member
Offline
Junior Member
E
Joined: Nov 2004
Posts: 2
I have ran into this nice little program many times, the best piece of software I have found that deletes most of it is NOD32 it has CWShredder packaged with it. It is updated often and is very helpful for other virus/trojan removal.
http://www.nod32.com


Link Copied to Clipboard
Member Spotlight
Phatal
Phatal
Houston, TX
Posts: 298
Joined: April 2004
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Cyrez 1
Girlie 1
unreal 1
Crime 1
Powered by UBB.threads™ PHP Forum Software 7.7.5