Hijacked! New Browser Exploits Plague Web

various sites | 07-09-04 | The Heavy Equipment Guy

[backhoe]

+_+_+_+_+_+_+_+_+_+_+_+_+
How did i get infected in the first place?
Cwshredder
HijackThis
Search and Destroy
Show Hidden Files and Folders
Safe Mode Boot
Trendmicro Online Virus Scanner
Kazaa Begone uninstaller
Replacing MS Java with Sun java to protect against CWS exploits

Things you need(all FREE)
****Anti-Virus----AVG----Avast
****Firewall----Kerio(Direct Download)----Zone Alarm
****Misc.----IE Spyads----SpywareBlaster----Spyware Guard
+_+_+_+_+_+_+_+_+_+_+_+_+

[backhoe]

FindNFix is back

http://freeatlast100.100free.com

[backhoe]

A tool has been made by Option^Explicit and freeatlast to find and remove it.

Please download VX2Finder from this link, and save it to your Desktop.

http://www.downloads.subratam.org/VX2Finder.exe

[eyespysomething]

marker bump

[John Lenin]

You have a false sense of security . MACS are exploited at similar rates to PC's.

There are around 40 Mac-specific viruses and related threats.

++Mac users with Word 6 or versions of Word/Excel supporting Visual Basic for Applications, however, are vulnerable to infection by macro viruses which are specific to these applications. Indeed, these viruses can, potentially, infect other files on any hardware platform supporting these versions of these applications. I don't know of a macro virus with a Mac-specific payload that actually works at present, but such a payload is entirely possible. ++Office 98 applications are in principle vulnerable to most of the threats to which Office 97 applications are vulnerable. I'll return to this subject when and if time allows. [DH]

Viruses and the Mac FAQ

[Frumious Bandersnatch]

Seems to be a lot of work for an iffy OS. Why not just go to ebay and pick up something in the VAXen category. Failing that, you might be able to pick up an ultra-sparc station fairly inexpensively. Any windows programs are automatically unusable. So you only have to worry about the very tiny fraction of either Sun virii or the practically nonexistant VMS virii. In either case, such virii can be easily encapsulated to only bother one account - as long as that account doesn't have access (directly or indirectly) to root privs.

[backhoe]

[Izzy Dunne]

Did you read the document you linked to?

Perhaps you didn't notice that a FREQUENTLY ASKED QUESTIONS document that was last updated OVER FOUR AND A HALF YEARS AGO makes MY point, not yours.

Perhaps you didn't notice that some of the viruses affect DOS and WINDOWS when run on a Mac (Virtual PC, SoftWindows, etc).

Also, my sentence was incomplete, in the interest of brevity. For completeness, I should have said:
I like my Mac, not least because I don't have to let Microsoft crap near it.

The fact that your document explains WORD viruses and EXCEL viruses and OFFICE viruses makes MY point, not yours.

[backhoe]

 Update 1: Microsoft Releases Virus Removal Tool

 

---

[backhoe]

Ad-Aware ... Spybot ... Peper Uninstaller ... HijackThis... CWShredder ... Spyware Blaster ... IE Spyad ... Free online Virus scan ... AVG AntiVirus ... LSPfix ... How to Show Hidden Files ... How to boot into Safe Mode ... How did I get infected in the first place?

---

Things you need(all FREE)
Anti-Virus
AVG Avast
Firewall
Kerio(Direct Download) Zone Alarm
Misc.
IE Spyads SpywareBlaster Spyware Guard
Windows Update
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

[Basilides]

The problem is that the entire "open source" movement has made it impossible for Microsoft to make its source code inaccessible AND avoid anti-trust suits...

This problem will not go away...

[nw_arizona_granny]

Ping/computer helps............

[MarkL]

Another great reason to bring back public flogging. Virus writers.

Exactly! While I was doing a full reload for a client on her WindowsXP system, she asked why there wasn't a law against writing viruses. I told her that it was very difficult to track these people down. But what we really need is an exception to the law. When these people do get tracked down, the exception to laws against assault and battery need to be enacted. These creeps need to be clubbed like baby seals!

Mark

[backhoe]

A summary for really difficult "about" removal... source:
http://forums.spywareinfo.com/index.php?showtopic=16332&st=45

---

I’ve been struggling with this about:blank problem unsuccessfully for the past three weeks. Yesterday, my updated Norton Antivirus 2003, as you have described, finally flagged this problem as a “Backdoor Trojan” - over and over and over again. Although it identified the culprit file (in my case, wina.dll), it could not locate the file when I proceeded to run a system scan. I could not see the file either.
Following is how I eliminated the file and so far (keeping my fingers crossed) is how I expunged about:blank from my system.
First, I’m running Windows 2000. Second, everything that follows is taken from other members’ contributions. What follows is reasonably accurate and I haven’t hosed my system but it might be best if one of the Site Experts helps you through this.
In short, I went to the registry and killed the key that launches the culprit, wina.dll, then I changed security permissions for system32 files to uncover/control the file, wina.dll, renamed the file and deleted it. Then I used HijackThis to clean a few more random BHO’s and also CWShredder to clean out some more junk. Of course, I use SpyBot and Ad-aware regularly in addition to Surf Secret.
It appears that the AppInit_DLLs registry key launches the 57,344 B, wina.dll.
Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs. I removed this key by first renaming the Windows folder to Windows2 and then deleted AppInit_DLLs. If you don’t rename it, it will continue to reappear (Try deleting the key before renaming it, press F5, and you will see AppInit_DLLs return.). After I deleted AppInit_DLLs, I renamed the Windows2 folder back to Windows.
Now to delete wina.dll, I went to Start-Settings-Control Panel-Administrative Tools-Local Security Policy-Security Settings-Local Policies-Security Options and changed the Recovery Console options (2) to enable from disable. I then went to my system32 folder and changed the file permissions to allow Full Control for Administrators to Modify, Read & Execute, List Folder Contents, Read and Write. I removed all controls from file Creator Owner. I then rebooted in Safe Mode and the file, wina.dll, appeared under system32. I had to first rename the file to wina.junk and then I deleted it and emptied the Recycle Bin.
I then used AboutBuster and HijackThis to clean up remaining remnants of this very annoying problem; also used CWShredder.
About:Blank has now been totally gone for the past two days. Good luck and thanks to the many contributors to this fantastic site.
wapj

[TexasTransplant]

^^//THISISANANTIVIRUSFREEHOUSEHOLD/WEMEANYOUNOHARM/PLEASEDONTHURTUSORCONTAMINATEOURCOMPUTER/THANKYOU ^^

That is FUNNY on a couple of levels and on a couple of Continents. "Gun Control is a tight pattern on the 100 yard target"

[MrLee]

Yup, love ALL 4 of my Macs!!