Tech?:Did I get spyware from Google or somewhere else that affects my Google results?

finnman69 | 5/4/4 | finnman69

[finnman69]

I suspect I have some sort of hijack software that has change the way my searches on Google come up. Until very recently google searcehs were quick and I would get responses as normal.

Now it seems to freeze for a few seconds and the first page of responses are links to other ad or search services. Example for a google search for 'test' I get this on the 1st page:

100% Free Certifications and Elearning Certy.com offers Free certifications/tests in HTML, Java, ASP, C#, Project Management, English, XML, EJB

Diabetics! Health Break Through! At last..there's hope for Diabetes sufferers. Sportron Diabetic Pack is the answer for millions of Diabetics who want to enjoy a better quality of life. Find out Now!

Test Jobs View Test job listings and apply online.

GET PAID TO DOWNLOAD FREE SOFTWARE! Get paid to download Free Software. Make Money with your computer.

Better Trading with Technical Analysis We offer annotated charts with technical analysis showing trends in stock prices and improving your trading decisions. Our unique newsletter provides annotated charts on Dow Jones, Nasdaq.

The second and subsequent pages are normal result pages. Any suggestions what has infected me. I am running ad-aware and zone alarm and think I might have accidently let something in. I ran ad-aware again w/ the updated database.

I live for Google and this is highly annoying. Any suggestions?

[capt. norm]

Addendum: HijackThis is available as a free download at spychecker.com

[Califelephant]

bookmarking this thread

[FReepaholic]

>>...Live for sex instead. It is much more interesting in my experience....<<

Yeah, but whatcha gonna do for the rest of the 23 hours 55 minutes of the day???

[capt. norm]

It affected Mozilla (Firefox) on my machine, due to the fact that this little nasty thing is in the registry and affects all browsers in the machine.

[Revolting cat!]

Run Spybot as well. I had a nearly disastrous Trojan, spyware, hijacking infection last week that took me 3 1/2 days and countless reboots to combat and conquer using 2 spyware removal programs and three anti-virus products, the best of which finally cleaned it up and started acting like a virus afterwards grabbing 99% of the CPU cycles, so I had to remove it. Ad-aware alone and AVG which I had started out with and which should have protected me just wouldn't do it. And guess what? I didn't download anything for about a week prior to the infection, didn't open any e-mail attachments and didn't visit any porno sites.

[EggsAckley]

I had that happen and spent a lot of time tracking it down. It makes itself the default search page, and even displayed an icon on the tool bar.

[LibWhacker]

Hmmm . . . Give SpyBot a try, too. It'll just take a few minutes. I think SpyBot is slightly better. It's faster, and updating your spyware definitions is a lot easier, imo.

[TonyInOhio]

I suspect your cat:

[O.C. - Old Cracker]

Yes, I grab every FReepers IP address with some great hacker software I have that makes a mockery of Cisco security. Next, I place hidden files on your MBR that cannot be deleted by most users. After that I just sit back and collect millions in royalties from Donnie and Marie Osmond promotions that I bounce off your ISP's connection thousands of times an hour.

I'm sorry, but it's my right to be happy even if it inconveniences others, right?

[LibWhacker]

Just thought of something else . . . Google was touting a browser add-on a few weeks ago. Did you download that by any chance (it might slow things down)?

Back in the old days Alta-Vista had one that was kind of cool, but it slowed my searches to a crawl and I finally had to remove it.

[finnman69]

I FIXED IT! Thanks for reminding me about CWS.

I stand guilty of browsing porn and getting cyber syphllis.

It was a coolwebsearch bastard. This is the second one I have gotten and the second tim I had to use a shredder to get rid of it. The normal Ad-aware type programs don't kill it.

I zapped it with this program: http://www.spywareinfo.com/~merijn/files/CWShredder.exe

from this website: http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder



Nasty Malware Fouls PCs With Porn By Michelle Delio
Story location: http://www.wired.com/news/infostructure/0,1377,63280,00.html

02:00 AM Apr. 30, 2004 PT

Last Sunday, Maria DelGiorno gave up. She unplugged her laptop PC and carefully placed it underneath a statue of the Virgin Mary.

"It was the only thing I could think of doing," said the 67-year-old great-grandmother. "The computer was filled with filthy things. It was embarrassing. My grandchildren kept asking me why I was looking at so much pornography."

On Tuesday, DelGiorno's grandson retrieved the computer and examined it. With some help from a computer-savvy friend, Joe DelGiorno discovered that a browser-hijacking program called CoolWebSearch, also known as CWS, had turned his grandmother's mild-mannered computer into a XXX-rated adventure.

"She had dozens of bookmarks for really foul porn sites," said Joe DelGiorno. "And ads for porn were popping up every few minutes. Her homepage had been switched to some weird Web page. She was all upset and crying; she's a religious woman. She shouldn't have to deal with this garbage. If I find the people who did this to her I will make them suffer."

Judging by the many postings in newsgroups and on PC help sites, plenty of people would be happy to join Joe DelGiorno in his quest to find the programmers behind CWS, the latest and most malicious of several browser hijackers that are making some Internet users miserable.

Browser hijackers are malicious small programs that change browser settings, usually altering designated default start and search pages. But CWS is far uglier than other infamous browser hijackers such as Xupiter and Lop.

According to Merijn Bellekom, who has been tracking CWS and its many variants -- more than two dozen since CWS first appeared last summer -- CWS is "the most complex, invisible and devious hijacker" ever programmed.

CWS-infected computers are often plagued with a constant barrage of pornography pop-up ads. A hundred or more bookmarks, some for extremely hard-core pornography websites, are often added by CWS to Internet Explorer's Favorites folder.

Almost all versions of CWS significantly slow the performance of infected computers, and some can cause the system to freeze, crash or randomly reboot. CWS also collects and transfers personal information from the infected PC. A few versions of CWS can add websites to Internet Explorer's "trusted sites" zone, which allows those websites to install new programs on the infected PC without the computer owner's knowledge or permission. Several CWS variants are capable of automatically self-updating their programming code.

A few versions of CWS block a user's access to more than two dozen websites that offer advice on how to detect and delete spyware. Some CWS versions also disable firewall programs.

People who are familiar with computers will often check host processes information to find out what applications are running in the background on their computers. One version of CWS can be active in the system but does not appear in host processes, according to Bellekom and other sources.

Signs that one of CWS' two dozen variants is present in a computer include home and search pages that have been reset to one of the 80 or so domains that appear to have an affiliation with CoolWebSearch.com. Any URLs that are entered without "www" will be redirected to porn, search or other sites apparently affiliated with CoolWebSearch.com.

Some versions of CWS will also redirect users to off-brand search sites when they attempt to visit Google, Yahoo or other search sites, and a few produce pop-up ads intended to look like Google search results.

New versions of CWS are being released almost every week, and antivirus programs struggle to identify and block all the variants. Many users complain that their antivirus or anti-spyware programs did not detect CWS on infected machines.

Jon Erland Madsen, from Oslo, Norway, believes his machine was infected with CWS via one of two security holes in Microsoft's Java Virtual Machine.

CWS affects only PCs running the Windows operating system and Microsoft's Internet Explorer browser. If users haven't applied the patches that protect computers against security flaws in Java Virtual Machine, it appears that some versions of CWS can install themselves automatically, without users agreeing to install the software.

"If you some weeks ago suggested that I was infected with a Trojan that probably records my every keyboard stroke, although I never clicked an unknown attachment, I would take it as a sign of superstition, a bit like getting a chip implanted in your brain," said Madsen. "But this is exactly what has happened to me."

In other cases, users do install CWS themselves, believing it's a game or other desirable program or a plug-in necessary to view a website.

Most versions of CWS are extremely difficult to remove from infected computers. According to Madsen, none of the half-dozen well-known antivirus applications he tried was able to detect the variant of CWS that lurked on his machine. He used CWShredder, a program made by Bellekom, to remove it, but said CWS still comes back after every reboot.

CWShredder does appear to remove every known variant of CWS, and Bellekom updates the program on a weekly basis in order to handle the CWS variant du jour.

CoolWebSearch.com, which bills itself as the "search engine you trust," did not immediately reply to requests for comment.

But in a statement on its website, the company Cool Web Search claimed that it is not responsible for CWS, the hijacker.

In the statement, Cool Web Search said that it pays its "affiliates" for each visitor that is directed to a CoolWebSearch.com domain. According to Cool Web Search's statement, CWS may have been created by one or more of its affiliates in order to collect those fees.

Cool Web Search also chided those whose machines harbored CWS, saying in the statement that "more and more people, nowadays, neglect the security of their browser, and as a result, end up being victims of so called 'browser hijacks'."

"Right, blame the victim," said Joe DelGiorno. "The bottom line is that my grandmom's computer would have never gotten infected by (CWS) if these unethical creeps hadn't released the program in the first place."

[O.C. - Old Cracker]

My advice? Backup your documents, format your hard drive and MBR, reinstall your OS, include all the appropriate hardware drivers, install your licensed software (no games) and then get a copy of Ghost by Symantec. Make an image of your hard drive before you connect to the net and save the image to CD-R or DVD-R.

Check out Norton Internet Security. Nothing's foolproof, but that works fairly well.

[GretchenM]

It sounds like you do have spyware and it's directing your browser to a shadow page.

Download this freeware and install it, then run it often.

http://www.ada-ware.com/

[NewRomeTacitus]

I use Mozilla as an alternate for the bastards who manage to get past Popup Stopper with their java abuse, but find IE more useful when dealing with most favorites. I use all the other "condoms' the other posters list and found checking the "Protect My Home Page" option in Spybot to be invaluable, especially since that home page is Google itself.

[finnman69]

Thanks, I fixed it. But Adaware alone wont get rid of a CWS hijacker.

[finnman69]

FYI,

Another symptom of this hijack program was it was creating a new popup window.

[RS]

You may want to checkout winpatrol www.winpatrol.com
nice little free/buy program that keeps an eye on things and lets you get rid of them.

[FierceDraka]

Sounds like you've got the CWS spyware bot on your system.

There is information on the bug here (new window), and the fix can be found here (new window) along with links to other anti-spyware programs.

It's an insidious, nasty piece of spyware with many variants. So download what you need and snuff that bastidge!

Take It From A Tech!®

[Onelifetogive]

Thanks....

It fixed me.....

[Revolting cat!]

FIXED IT! Thanks for reminding me about CWS.

I stand guilty of browsing porn and getting cyber syphllis.

Congratulations! Now, on a count of three, everybody CLAP!