Re: IE default Page

Justin.Ross_at_signalsolutionsinc.com
Date: 07/16/04

  • Next message: Ed Wittmann: "RE: IE default Page"
    To: incidents@securityfocus.com
    Date: Fri, 16 Jul 2004 11:14:18 -0700
    
    

    My experience was that the fix (CWShredder) would not "take", until the
    machine was restarted after applying it. Applying fix, and then opening
    the browser just lead to reinfection. possibly because of a cached
    registry value/hive/key.

    Justin Ross
    MCP+I, MCSE, CCNA, CCSA, CCSE, CCSI
    Senior Network Security Engineer
    Signal Solutions Inc. - http://www.signalcorp.com
    101 Wilcox Dr.
    Sierra Vista, AZ 85635
    Phone: (520) 459-1354 x3095
    Cell: (520) 234-4080
    Fax: (520) 459-1428
    Email: Justin.Ross@signalsolutionsinc.com

    Try this out, I had one that was doing that and used the technique
    described by LoPhatPhuud in the web-forum topic linked below to remove it.
     The only difference was that my .dll and .cpy.dll files had a different
    base name. But it's easy enough to find as it's mentioned in the Guardian
    branch and should be the only .cpy.dll file in the system32 directory. It
    is set to hidden, system, and read-only, so you'll need to tell Windows to
    show it to you.

    http://forums.net-integration.net/index.php?showtopic=13744

    >Interesting bug going around, coolwebsearch, has anyone been successful
    in
    >removing this virus from a system? It looks like it recreates the DLL
    under
    >c:\windows\system32 and renames it after a few reboots. It's pretty
    annoying
    >and I haven't been able to fully contain it.
    >
    >Thoughts? Suggestions? I've used highjackthis, cwshredder and a few
    spyware
    >detectors, but nothing is really fixing the problem.
    >
    >Thanks,
    >
    >-Wes

    -- 
    Steven Bairstow
    Computer and Network Services - Abington College - Penn State University
    http://www.personal.psu.edu/~sab139              PGP Key ID = 0x0C81E13C
    "No trees were killed in the creation of this message.
    However, many electrons were terribly inconvenienced."
    

  • Next message: Ed Wittmann: "RE: IE default Page"

    Relevant Pages

    • Re: .DLL
      ... Spybot - http://www.safer-networking.org/ ... CWShredder - http://www.spywareinfo.com/~merijn/downloads.html ... MS-MVP Windows - Shell/User ... | I think my son deleated a DLL because when i restart ...
      (microsoft.public.windowsxp.perform_maintain)
    • Re: Startseite Internet Explorer
      ... Lasse CWShredder darüberlaufen. ... Eintrag von oben ist es meist. ... Eine DLL ohne Namen mit 4 ... Buchstaben und einer Größe von ca 32KB. ...
      (microsoft.public.de.german.windowsxp.sonstiges)
    • Re: Cannot see email contents
      ... I tried these things -- The DLL is registered and CWShredder says that my system is clean, but the problem is still there, ... but I only see the email headers. ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)