Re: Help with CWS trojan

From: taff (taff_at_the-valleys.com)
Date: 06/22/04 

Date: Tue, 22 Jun 2004 21:24:57 +0100

On Tue, 22 Jun 2004 15:03:02 -0400, "Rob Conklin"
<robconklin@worldnet.att.net> wrote:

>I find that my system keeps getting infected with the Cool Web Search trojan
>malware. Specifically, the variant that hijacks the default HOME webpage,
>and redirects to the Cool Web Search site.
>
>I have downloaded and run (and run, and re-run, again and again) the
>CWShreader program, getting the latest updates of CWShreader, closing all
>explorer windows, closing all connections, rebooting, running CWShreader
>again, etc...very meticulously. CWShreader "seems" to get rid of it, but at
>some point I get reinfected again.
>
>I am running Windows XP Professional on computer (home usage) with a dial-up
>internet connection only. I have the latest Java virtual machine. I've
>seen instructions on getting rid of Microsoft's version, but get error(s)
>when attempting to follow them, suggestive somewhat that maybe I no longer
>have MS's java stuff, (which is where the vulnerability is sometimes said to
>exist), but I don't know if I have it or not (since there is no simple tool
>to install/uninstall it...)
>
>My questions:
>
>1. does Microsoft regard the vulnerability of Windows XP to infection with
>this to be a problem for which a specific security patch should be applied?
>Does a specific patch already exist? (If so, which one?)
>
>2. In simple, clear terms, what is the vulnerability in XP leading to
>infection with CWS?
>
>3. Is there any way (preferably quite simple) to make my system
>invulnerable to this infection?
>
>4. Is this infection thought to constitute a true "back door" onto one's
>system, allowing the theft of personal information (files on the computer).
>
>TIA for anyone who can help
>
>rconklin@worldnet.att.net
>

Download, install and update Spybot S&D. It has protection against
changes to both the registry and IE home page.

Taff..........

www.sounds-pa.com | www.thecomputerworkshop.com

Relevant Pages

  • Re: Warning. New Windows vulnerabilty.
    ... security center warning by putting a popup in systray that says your ... see how this new vulnerability will affect users, ... It is carried on Windows Metafile images and automatically ... >> currently recommend to reduce the hazard of infection may not work. ...
    (rec.audio.pro)
  • Re: Warning. New Windows vulnerabilty.
    ... >security center warning by putting a popup in systray that says your ... >see how this new vulnerability will affect users, ... It is carried on Windows Metafile images and automatically ... >>> currently recommend to reduce the hazard of infection may not work. ...
    (rec.audio.pro)
  • Re: Warning. New Windows vulnerabilty.
    ... > In short - wmf files can carry viruses. ... > Infection will occur if your email application allows a *preview* of a ... It is carried on Windows Metafile images and automatically ... > vulnerability seems to be in gdi32.dll. ...
    (rec.audio.pro)
  • Re: Zotob worm patch?
    ... The vulnerability could not be exploited remotely by ... > I know that many in this group support downloading Windows XP ... I download and install ONLY what is absolutely ... > about the Zotob worm, I.E., PnP and compromised Windows security. ...
    (microsoft.public.windowsxp.general)
  • Warning. New Windows vulnerabilty.
    ... In short - wmf files can carry viruses. ... Infection will occur if your email application allows a *preview* of a ... It is carried on Windows Metafile images and automatically ... Going back to the wmf vulnerability itself, ...
    (rec.audio.pro)