Aces High Bulletin Board
General Forums => Hardware and Software => Topic started by: kevykev56 on July 31, 2004, 12:38:07 AM
-
This darn browser hijacker is killin me. I have tried CWshredder, AdAware, Hijack THis, About Buster, Spybot, and others. None of these will kill this Hijack. CWshreder will kill it for about 4-8 hours but it comes back.
Any suggestions on how to kill this annoying virus. Seems there should be some legal action to stop this kind of thing. Why arent these places we are hijacked to being prosecuted?
RHIN0
-
Stay off the porn sights.
-
Stay off the porn sights.
Impossible :D
But thats not the prob, Maybe where it came from to start with but not why it wont go away. I need some PC pennicilin
RHIN0
-
or some ad-aware / spybot
and a firewall AND full virus software running checking everything you visit on t3h intardnet.
yeah it slows down pr0n movie DL's but it is worth it.... imaging PC hetting completely hosed form some lamer virus, and youcant DL pr0n for a week while it's getting fixed??!??!?!?!?!?
nightmare i tell you nightmare
-
And stop using MS Internet Explorer, the biggest target in the universe for viruses
I use Mozilla, not a single virus
-
btw Microsoft released bunch of security fixes again this week, so visit windowsupdate y'all
-
Seraphim has a good point.
Useing Mozilla Firefox myself, and love the new email cliet "Thunderbird". Lets you "Train" your system to eliminate spam & junk mail, & let the good stuff come though.
-
Kev, if youre saying that every time you switch your home page to about:blank, and run a virus program and it comes up with a browser attack, tehres nothing to worry about.
I noticed that every tiem i do that, it comes up with a browser attack. Try setting your home page to default, then running another scan. More than not it will come up with no browser attack. nothing to worry about. :)
-
if youre saying that every time you switch your home page to about:blank, and run a virus program and it comes up with a browser attack
Negative this isnt whats happening.
I set my browser "IE" to "my.yahoo" used it forever, as my homepage. I surf for an hour or two then blammo ABOUT:BLANK becomes my default homepage. I can temporaly get rid of it by running CWshredder or ADaware or many other programs. I have increased my security settings as was recomended by another site to keep from getting re-directed. This hasnt seemed to help. To me its almost like getting slammed by a phone company " only it doesnt cost me any money". I am just tired of having to change my hompage every couple of hours. It also changes without looking at porn sites. I can be checking out just about anything from guitars to guns to aces high and it will about:blank me! any one that has had and fixed this problem help would be appreciated.
Thanks,
RHIN0
-
IF YOU DON"T KNOW WHAT YOU ARE DOING, PLEASE DO NOT ATTEMPT, YOU COULD HOSE YOUR SYSTEM. (disclaimer)
It sounds like you have coolweb,cwshredder isn't working becaue the company that make cwshredder gave up.
There are over 50 variations of coolweb. It installs in three parts, one on the startup, one in the registery, and a file you can't see unless you have your system set to show hidden files and system files.
One variation of coolweb is tied to the computerclock, and reinstalls when your computer hits a certain predefined time.
Run msconfig, and look at your startup tab, you will have to google every file under the command heading to see if it is Legitimate.
Also Cntl alt Del and open up task manager, you will also have to look under processes that are running to see if they are legit. An example is svchost.exe, which is a legitmate file, but scvhost.exe is not.
Write down the entire location of all rogue files.
This thing is a real pain in the a** to remove, because if you miss one file, the entire system will become reinfected.
After doing that and deleting and unchecking rogue files, a good program to use to assist is spybot s&d, you have to go to advance mode and under tools check the box that says browser pages, and change all redirects from
res:// etc... to a start page of your choise(sp), if not, when you restart IE, it will go to that res location and it will execute a java script and your toast again.
OK, after all of this, run adaware, and write down the location of where the files identified as coolweb are. Now don't let adaware delete them, go there yourself and manually delete them, if they don't delete, don't worry...yet.
Now, reboot, and go to safe mode. Run spybot, then adaware, go to the place to make sure the files really are gone, adaware usually will take care of the files in the registery, google the files adaware finds, there is a web site that will tell you which registery changes were made, but I can't remember the name right now.
One miss and you will have to do it all over again.
If you attempt this yourself, google coolweb removal, and read up ont it, I might be forgetting something.
The easy way is to get your important file, reformat, and reload. Then install your antivirus, update, adaware, spybot, and immunize your system with spybot s&d, then install spywareblaster by javacoolsoftware.(http://www.javacoolsoftware.com)
and get all operating system updates as soon as you can.
ALSO, check this first, there is something called vx2 that is pretty bad, install a plugin for adaware to remove this type of infection.
Like I said, this thing is a real pain, one miss and you have to do it all over again, read the hijackthis forums, they will help you spot rogue files.
Good luck!!
Oh yeah, don't use the msjava console, uninstall it and use the latest java console by SUN.
-
thanks 66 .. i got a friend with this and tried for the life of me to get rid of it....
missed 1 file looks like. did all you said, but by logically thinkinh through it LOL.
-
Hey 73!!
I had to do this for a radio station that was on the air, it took forever, because all of their commercials were done by their computer, so I had to time it so I could do the rebooting etc... during the satellite(sp) feed times.
Like I said, I might be forgetting something, so read up on it.
-
Another rogue file is fsg_4104.exe I just found it lurking on my system in the taskmanager and couldn't find out what it was. My wife had been doing some work and had downloaded some stuff apparently because it is part of the GAIN Network spyware crap.
-
Getting rid of About:Blank is a real pain in the ass. It is fair to say that I have earned more than a thousand dollars in June alone removing it from clients' systems.
You need to the LATEST version of the About:Blank removal tool from:
http://forums.spywareinfo.com/index.php?showtopic=18557
You need to follow its directions, including running it in SAFE MODE and eliminating things with HiJackTHIS.
THEN you can run Ad-Aware, CHShreddeder (the final version), and Spybot Search and Destroy.
Forums.spywareinfo.com is your best bet here.
Good luck.
-Llama
-
ADware 6.0 personal from lavasoft gets rid of the nasty browser hijackers, and other adware, and spyware. Just keep it updated. Its free
http://www.lavasoft.nu
-
SOmething else I just remembered...Most trojan horse laurnchers load in the following directory.
Enable hidden files and show system files.
My computer...C drive...Documents and Settings...Now go into each user one at a time and open local settings(it is a hidden file)
then temp. Now select all and delete.
And do this for each user, you'll be surprized what garbage is here.
If there are alot of users, a batch file would be easy to write for this task.
-
Originally posted by JB66
SOmething else I just remembered...Most trojan horse laurnchers load in the following directory.
Enable hidden files and show system files.
My computer...C drive...Documents and Settings...Now go into each user one at a time and open local settings(it is a hidden file)
then temp. Now select all and delete.
And do this for each user, you'll be surprized what garbage is here.
If there are alot of users, a batch file would be easy to write for this task.
Easier way, C: Documents and Settings : (each user) :jpg cache
Open both FILE and JAR folders, in thease folders you will find a file named 1.0. Empty thease folders. also in documents and settings, emptythe cookie folder. then run disk cleanup.
Not only does this clear the hijackers, it also delets any viruses that the AV denies access to.
After doing this run adware6.0
Problem solved.
Oh....one more thing.....stay off porn sites, unless you want more of the same stuff all over the Hdd
-
Disk cleanup clears the hidden temp folder without enableing the hidden files
-
Originally posted by kevykev56
This darn browser hijacker is killin me. I have tried CWshredder, AdAware, Hijack THis, About Buster, Spybot, and others. None of these will kill this Hijack. CWshreder will kill it for about 4-8 hours but it comes back.
Any suggestions on how to kill this annoying virus. Seems there should be some legal action to stop this kind of thing. Why arent these places we are hijacked to being prosecuted?
RHIN0
reinstall......... :(
i got this a month or so ago, it installs ALOT OF S**T that opens your pc up to the world so they can all shaft you up the backside...........:mad:
-
Originally posted by llama
Getting rid of About:Blank is a real pain in the ass. It is fair to say that I have earned more than a thousand dollars in June alone removing it from clients' systems.
You need to the LATEST version of the About:Blank removal tool from:
http://forums.spywareinfo.com/index.php?showtopic=18557
You need to follow its directions, including running it in SAFE MODE and eliminating things with HiJackTHIS.
THEN you can run Ad-Aware, CHShreddeder (the final version), and Spybot Search and Destroy.
Forums.spywareinfo.com is your best bet here.
Good luck.
-Llama
Isn't that the one that norton denies access and will find on the virus scan, but wont delete?
-
That's the one.
Adaware DOES NOT remove this either. Anyone who says so hasn't actually tried it.
-Llama
-
Originally posted by llama
That's the one.
Adaware DOES NOT remove this either. Anyone who says so hasn't actually tried it.
-Llama
yup, nothing i could find could remove what i had..... it wasnt "about:blank" but it was a virus that used the same methods of this one....
it was called something "backdoor.deft.13.c"
-
Had a client bring in a win 98 machine today...It had the about:blank coolweb varient on it. I must say that the tips given combined with what I already knew really helped out. It took about an hour and a half to get it cleared(I hope I found all of the "invisible" files). One of the issues was it was also slammed with viruses and trojan horse's and trojan laurnchers.
One thing that I have to fix Monday is the administrator rights are screwed up. I think that is from a viruse that I removed, so I created another user with admin rights, but after restarting, admin rights were hosed on the new user also. I re-ran Panda active scanner, and the client has Macaffee(which I hate because it dosen't work and is a resource hog), and no new viruses were detected. I then booted in safemode and did the same thing, and ran adaware, spybot s&d and cwshredder with nothing new being detected.
Well...the long and short of it, any ideas how to restore admin rights?
Thanks.