Results 1 to 14 of 14
  1. #1
    Kung Fu Master Eathan's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,833
    Angry Arrrrgggg!!!!!
    Okay, sorry for the scream, but I have good cause...

    Friday I got hit with a driveby trojan installer. It attached itself to windows explorer (no task manager entries) and seemed to have a buddy app that hid in memory and reinstated whenever I got rid of it.

    The short list of crap it installed, and reinstalled, despite my yanking the network cable included every piece of spyware you've ever heard of (all those who say they don't distribute via driveby lie, lie, lie!), plus about 30-50 you've never heard of, at least 10 "toolbars", several dialers, a few desktop apps, 5 shortcuts, a few other trojan updaters, a couple windows messenger pop-up apps, a desktop hijacker, 20 or so trusted zones and a host of other garbage. All of my security settings were minimized or disabled, my homepage and default search were jacked and on and on and on...

    I've never had a virus, trojan or parasite I couldn't kill, but this one was relentless. I downloaded the latest of all the better apps (adaware, spybot, spysweeper, the new microsoft tool, hijackthis and a few specific apps like cwshredder and aboutbuster) on another machine, burned 'em to CD and went nuts. I ran in safe mode without networking (or even a cable), shut down windows explorer and ran everything from task manager, regedited 'til my fingers bled and finally ran a windows repair only after every scanner finally came back clean several times in a row each in both safe and normal mode and even with networking (normally they would open windows explorer and reinstall, but i totally removed explorer from my machine).

    After the windows repair they all came back...

    I reformatted and reinstalled the OS.

    So far the fresh install seems to have done it, but I wonder if maybe there's something hidden in the BIOS somewhere just waiting to pounce.

    Had to spend four hours on the phone with Microsoft after installing SP2 to get VPN working right again, but all in all, things are now... fixed (aside from sound).

    *fingers crossed*

    There you have it. That's why the scream. I hate parasites.
    Eathan Mertz

    Black Cat Mining - Gold Prospecting & Rockhounding Equipment

  2. #2
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    I've got 3 similarily infected systems sitting in cue for similar de-festation routines right in my living room. It's 5AM and I just finished one I started on at 10PM last night. Many of these new infections of BHO Adwhore applications were spurred upon the unsuspecting public by VALENTINE e-mail greeting cards. If anyone sends you a Valentine, or any similar event, e-mail card ...slap some sense into the duped perp the next time you see them.

    Every Greeting card wank site out there deserves a perminent DDos attack.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  3. #3
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Quote Originally Posted by ecomcity
    ...slap some sense into the duped perp the next time you see them.
    LART 'em you mean.

    Eathan, did you try the Microsoft Anti Spyware tool - it's pretty good.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  4. #4
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    I think you deserve much more than just an "Arrrgggg." I sure hope that your system is now clean and will keep my fingers crossed for you also.

  5. #5
    ABW Ambassador buy_online's Avatar
    Join Date
    January 18th, 2005
    Location
    Richmond, VA
    Posts
    3,234
    So you think this was a drive-by. Do you know that for sure, or was it an email attachement?

    Fred

  6. #6
    Kung Fu Master Eathan's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,833
    Ouch! 3 systems?!?! Ack! Good luck with that...

    Dynamoo, yep. Microsoft's tool got quite a few. Actually, each of the 5 or 6 tools I used got rid of a good chunk, with SpySweeper seeming to do the best, but one little app hiding in memory or wherever would keep restarting windows explorer that the installer was somehow piggy backing and it would install all the rest. I ran cleans constantly and switched between cleaner apps in an effort to keep it in check while I researched on another machine. It sucked...

    Thanks for the crossed fingers, Kellie. So far, so good. I'm feeling hopeful.

    Fred, it was definitely a drive by, 100% certain about that.

    I guess I was conceited enough to think I was too smart for 'em. Silly me...
    Eathan Mertz

    Black Cat Mining - Gold Prospecting & Rockhounding Equipment

  7. #7
    I like traffic lights
    Join Date
    January 18th, 2005
    Location
    Southern hemisphere - away from Fukushima
    Posts
    2,936
    It amazes me how people will spend 4 hours on the phone to tech support at MS trying to get their buggy, insecure software running, when you could just go to apple.com and order a decent system that comes with decent software.

    You clearly don't value your time very highly.

  8. #8
    Kung Fu Master Eathan's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,833
    That one big mouse button just scares me...
    Eathan Mertz

    Black Cat Mining - Gold Prospecting & Rockhounding Equipment

  9. #9
    ABW Ambassador buy_online's Avatar
    Join Date
    January 18th, 2005
    Location
    Richmond, VA
    Posts
    3,234
    Actually, it really boils down to smarter web browsing. IE may not be the best for smart browsing habits.

    Fred

  10. #10
    I like traffic lights
    Join Date
    January 18th, 2005
    Location
    Southern hemisphere - away from Fukushima
    Posts
    2,936
    I'm running a microsoft 3 button+scroll wireless USB mouse on my Mac. Seems to work perfectly well.

    Just pretty sad that Microsoft's best products are hardware.

  11. #11
    Kung Fu Master Eathan's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,833
    I'll never get into a Mac vs PC debate. I'm not really a fan of computers one way or the other, but this was the first time I've had to call MS tech support since '97 and they actually took care of me and didn't try to charge me a cent for the distraction. I was pleasantly surprised...
    Eathan Mertz

    Black Cat Mining - Gold Prospecting & Rockhounding Equipment

  12. #12
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Yeah, I had to ring Microsoft a month or two back and was pleasantly surprised. I *had* exhausted all other possibilities.

    Yes, Microsoft's keyboards and mice are absolutely the best in the business, no question. That's pretty faint praise though!

    I run XP SP2 at home with Office XP and PowerPoint 2003, but really that's about as far as Microsoft's influences get in software terms (apart from Age of Empires II I think). My firewall is ZoneAlarm Pro, mail client is Eudora and browser is Mozilla, so that keeps everything fairly secure. Also, I use Namo for web editing and PSP for graphics. The only problem I have is that I bought Panda Antivirus 2005 and that sucks so badly that I have to disable it every time I want to check my email.

    By far the easiest way to protect your PC is to ditch Internet Explorer though. Use Mozilla, Firefox or Opera and you'll be much less vulnerable to drive-by installs and other exploits. Sure, they're not perfect, but right at the moment it would be a smart move. It might be that IE7 will be a better browser when it comes out, so you could always switch back later.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  13. #13
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Be sure to run the online virus scan from www.trendmicro.com before spending much time on weeding out the BHO perps. Many Adwhores now team up with an actual virus to re-infect systems.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  14. #14
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    On the subject of which, Slashdot have this article about "Impossible to Clean Spyware" today.

    I've personally struggled with all sorts of crap on coworkers PCs, sometimes this has involved reformatting the disk and rebuilding from scratch. The safest thing is not to get infected in the first place.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  15. Newsletter Signup

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •