Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Hijacked! New Browser Exploits Plague Web
various sites | 07-09-04 | The Heavy Equipment Guy

Posted on 07/09/2004 5:27:22 AM PDT by backhoe

There is a new plague of viruses, trojans, and exploits hammering web users... and no one easy solution.

Be advised, I will add the most useful information I have found so far in the first reply, which I am doing for the sake of simple formatting ease.

First off, here's the most current info and links- follow and read all of it:


 
 
 Web Sites Still Infected
 
There are new, nastier browser hijackers flooding the web- the best help is here, but be warned, you have to do most yourself and learn to use some new tools. The old anti-virus software does not work on this new series of bugs:
http://forums.spywareinfo.com/index.php?s=d3c1a671159df31c9420ae4d671f1cd2&showforum=18
 
Microsoft Plugs IE; Warns All Browsers At Risk (Test Your Browser Here)
 
Freepers how do I get rid of this spyware crap that is on my computer?
Worm and Virus Wars- the August Edition
 
 

 

In my comments that follow is the first block of information, in the reply is the second, more detailed:


TOPICS: Extended News; Miscellaneous
KEYWORDS: getamac; internetexploiter; lookoutexpress; lowqualitycrap; microsoft; patch; securityflaw; trojan; virus; windows; worm
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-96 last
To: All
+_+_+_+_+_+_+_+_+_+_+_+_+
How did i get infected in the first place?
Cwshredder
HijackThis
Search and Destroy
Show Hidden Files and Folders
Safe Mode Boot
Trendmicro Online Virus Scanner
Kazaa Begone uninstaller
Replacing MS Java with Sun java to protect against CWS exploits

Things you need(all FREE)
****Anti-Virus----AVG----Avast
****Firewall----Kerio(Direct Download)----Zone Alarm
****Misc.----IE Spyads----SpywareBlaster----Spyware Guard
+_+_+_+_+_+_+_+_+_+_+_+_+
81 posted on 07/14/2004 12:45:29 AM PDT by backhoe (1990's? Decade of Frauds. 2000's? Decade of Lunatics...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: All

FindNFix is back

http://freeatlast100.100free.com


82 posted on 07/14/2004 12:46:54 AM PDT by backhoe
[ Post Reply | Private Reply | To 81 | View Replies]

To: All

A tool has been made by Option^Explicit and freeatlast to find and remove it.

Please download VX2Finder from this link, and save it to your Desktop.

http://www.downloads.subratam.org/VX2Finder.exe


83 posted on 07/14/2004 12:52:43 AM PDT by backhoe
[ Post Reply | Private Reply | To 1 | View Replies]

To: backhoe

marker bump


84 posted on 07/14/2004 12:56:50 AM PDT by eyespysomething (Virtue is learned at a mother's knee...and vices at other joints.)
[ Post Reply | Private Reply | To 81 | View Replies]

To: Izzy Dunne
You have a false sense of security . MACS are exploited at similar rates to PC's.

There are around 40 Mac-specific viruses and related threats.

++Mac users with Word 6 or versions of Word/Excel supporting Visual Basic for Applications, however, are vulnerable to infection by macro viruses which are specific to these applications. Indeed, these viruses can, potentially, infect other files on any hardware platform supporting these versions of these applications. I don't know of a macro virus with a Mac-specific payload that actually works at present, but such a payload is entirely possible. ++Office 98 applications are in principle vulnerable to most of the threats to which Office 97 applications are vulnerable. I'll return to this subject when and if time allows. [DH]


Viruses and the Mac FAQ
85 posted on 07/14/2004 1:00:48 AM PDT by John Lenin
[ Post Reply | Private Reply | To 13 | View Replies]

To: backhoe

Seems to be a lot of work for an iffy OS. Why not just go to ebay and pick up something in the VAXen category. Failing that, you might be able to pick up an ultra-sparc station fairly inexpensively. Any windows programs are automatically unusable. So you only have to worry about the very tiny fraction of either Sun virii or the practically nonexistant VMS virii. In either case, such virii can be easily encapsulated to only bother one account - as long as that account doesn't have access (directly or indirectly) to root privs.


86 posted on 07/14/2004 1:20:38 AM PDT by Frumious Bandersnatch
[ Post Reply | Private Reply | To 1 | View Replies]

To: eyespysomething

87 posted on 07/14/2004 2:06:29 AM PDT by backhoe (Just an old Keyboard Cowboy, ridin' the Trackball into the Sunset...)
[ Post Reply | Private Reply | To 84 | View Replies]

To: John Lenin
Did you read the document you linked to?

Perhaps you didn't notice that a FREQUENTLY ASKED QUESTIONS document that was last updated OVER FOUR AND A HALF YEARS AGO makes MY point, not yours.

Perhaps you didn't notice that some of the viruses affect DOS and WINDOWS when run on a Mac (Virtual PC, SoftWindows, etc).

Also, my sentence was incomplete, in the interest of brevity. For completeness, I should have said:
I like my Mac, not least because I don't have to let Microsoft crap near it.

The fact that your document explains WORD viruses and EXCEL viruses and OFFICE viruses makes MY point, not yours.

88 posted on 07/14/2004 3:12:07 AM PDT by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 85 | View Replies]

To: All
 Update 1: Microsoft Releases Virus Removal Tool
 


89 posted on 07/14/2004 8:39:40 AM PDT by backhoe (-30-)
[ Post Reply | Private Reply | To 1 | View Replies]

To: All
Ad-Aware ... Spybot ... Peper Uninstaller ... HijackThis... CWShredder ... Spyware Blaster ... IE Spyad ... Free online Virus scan ... AVG AntiVirus ... LSPfix ... How to Show Hidden Files ... How to boot into Safe Mode ... How did I get infected in the first place?


Things you need(all FREE)
Anti-Virus
AVG Avast
Firewall
Kerio(Direct Download) Zone Alarm
Misc.
IE Spyads SpywareBlaster Spyware Guard
Windows Update
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

90 posted on 07/18/2004 9:56:06 AM PDT by backhoe
[ Post Reply | Private Reply | To 1 | View Replies]

To: backhoe

The problem is that the entire "open source" movement has made it impossible for Microsoft to make its source code inaccessible AND avoid anti-trust suits...

This problem will not go away...


91 posted on 07/18/2004 10:05:07 AM PDT by Basilides
[ Post Reply | Private Reply | To 90 | View Replies]

To: Calpernia

Ping/computer helps............


92 posted on 07/19/2004 11:57:55 PM PDT by nw_arizona_granny (You could do a general Google search for: jihad internet today)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Vigilantcitizen
Another great reason to bring back public flogging. Virus writers.

Exactly! While I was doing a full reload for a client on her WindowsXP system, she asked why there wasn't a law against writing viruses. I told her that it was very difficult to track these people down. But what we really need is an exception to the law. When these people do get tracked down, the exception to laws against assault and battery need to be enacted. These creeps need to be clubbed like baby seals!

Mark

93 posted on 07/20/2004 12:35:47 AM PDT by MarkL (A werewolf?? Werewolf?? .... "There.... Wolf!")
[ Post Reply | Private Reply | To 3 | View Replies]

To: All

A summary for really difficult "about" removal... source:
http://forums.spywareinfo.com/index.php?showtopic=16332&st=45




I’ve been struggling with this about:blank problem unsuccessfully for the past three weeks. Yesterday, my updated Norton Antivirus 2003, as you have described, finally flagged this problem as a “Backdoor Trojan” - over and over and over again. Although it identified the culprit file (in my case, wina.dll), it could not locate the file when I proceeded to run a system scan. I could not see the file either.
Following is how I eliminated the file and so far (keeping my fingers crossed) is how I expunged about:blank from my system.
First, I’m running Windows 2000. Second, everything that follows is taken from other members’ contributions. What follows is reasonably accurate and I haven’t hosed my system but it might be best if one of the Site Experts helps you through this.
In short, I went to the registry and killed the key that launches the culprit, wina.dll, then I changed security permissions for system32 files to uncover/control the file, wina.dll, renamed the file and deleted it. Then I used HijackThis to clean a few more random BHO’s and also CWShredder to clean out some more junk. Of course, I use SpyBot and Ad-aware regularly in addition to Surf Secret.
It appears that the AppInit_DLLs registry key launches the 57,344 B, wina.dll.
Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs. I removed this key by first renaming the Windows folder to Windows2 and then deleted AppInit_DLLs. If you don’t rename it, it will continue to reappear (Try deleting the key before renaming it, press F5, and you will see AppInit_DLLs return.). After I deleted AppInit_DLLs, I renamed the Windows2 folder back to Windows.
Now to delete wina.dll, I went to Start-Settings-Control Panel-Administrative Tools-Local Security Policy-Security Settings-Local Policies-Security Options and changed the Recovery Console options (2) to enable from disable. I then went to my system32 folder and changed the file permissions to allow Full Control for Administrators to Modify, Read & Execute, List Folder Contents, Read and Write. I removed all controls from file Creator Owner. I then rebooted in Safe Mode and the file, wina.dll, appeared under system32. I had to first rename the file to wina.junk and then I deleted it and emptied the Recycle Bin.
I then used AboutBuster and HijackThis to clean up remaining remnants of this very annoying problem; also used CWShredder.
About:Blank has now been totally gone for the past two days. Good luck and thanks to the many contributors to this fantastic site.
wapj


94 posted on 07/20/2004 1:41:19 AM PDT by backhoe (Just an old Keyboard Cowboy, ridin' the Trackball into the Sunset...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Larry Lucido
^^//THISISANANTIVIRUSFREEHOUSEHOLD/WEMEANYOUNOHARM/PLEASEDONTHURTUSORCONTAMINATEOURCOMPUTER/THANKYOU ^^

That is FUNNY on a couple of levels and on a couple of Continents. "Gun Control is a tight pattern on the 100 yard target"
95 posted on 11/26/2004 1:14:11 PM PST by TexasTransplant (When you are over the hill, you pick up speed)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Izzy Dunne

Yup, love ALL 4 of my Macs!!


96 posted on 11/26/2004 1:17:03 PM PST by MrLee
[ Post Reply | Private Reply | To 13 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-96 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson