Re: mysearchweb/lop.com etc - having got rid of them how to keep them out?

From: Chuck (none_at_example.net)
Date: 08/18/04

• Next message: Chuck: "Re: possible spyware problem, please help!"
• Previous message: Robert Moir: "Re: ANTI-VIRUS SW FOR 2003"
• In reply to: Steve: "mysearchweb/lop.com etc - having got rid of them how to keep them out?"
• Next in thread: Kent W. England [MVP]: "Re: mysearchweb/lop.com etc - having got rid of them how to keep them out?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 18 Aug 2004 16:35:15 -0500

On Wed, 18 Aug 2004 20:12:03 +0100, "Steve" <steve.withnell@btinternet.com>
wrote:

>Thanks to helpful advice from Malke and others I can now do a decent job of
>cleaning up the malware of the machine.
>
>However, after a day or two, back they come - I don't browse what might be
>considered to be "dodgy" sites.
>
>I've tried by a process of elimination to identify which of my popular
>websites might be causing the problem and I think www.ebay.co.uk might be a
>culprit. Pop up ads appear as part of the ebay homepage (integral to,
>rather than independant of) and certain of these cause the mywebsearch to
>re-appear, or so it seems.
>
>I tried S&D "immunize" but that has protected the browser.
>
>I'd be grateful for ideas and info on how to prevent the attack in the first
>place, rather than do a cleanup job afterwards.
>
>I'm running an external firewall (in the ADSL router) and NIS2004 on an XP
>SP1 setup. NIS is uptodate.
>
>Best Regards
>
>Steve

Steve,

Please start by posting a link to the forum discussions where you had your
HijackThis log analysed.

Remember AdAware, CoolWebShredder, HijackThis, and Spybot S&D are detection /
removal tools.

Improve your chances for the future.

Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/

Block Internet Explorer ActiveX scripting from hostile websites (Restricted
Zone).
<https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd under Popular
Downloads on the left)

Block known dangerous scripts from installing.
<http://www.javacoolsoftware.com/spywareblaster.html>

Block known spyware from installing.
<http://www.javacoolsoftware.com/spywareguard.html>

Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/

Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).

Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <http://www.accs-net.com/hosts/get_hosts.html>
Hostess <http://accs-net.com/hostess/>

Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.

Use common sense. Yours. Don't install software based upon advice from unknown
sources. Don't install free software, without researching it carefully. Don't
open email unless you know who it's from, and how and why it was sent.

Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
various web pages that discuss security problems. Check the logs from the other
layers regularly, look for things that don't belong, and take action when
necessary.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

---

• Next message: Chuck: "Re: possible spyware problem, please help!"
• Previous message: Robert Moir: "Re: ANTI-VIRUS SW FOR 2003"
• In reply to: Steve: "mysearchweb/lop.com etc - having got rid of them how to keep them out?"
• Next in thread: Kent W. England [MVP]: "Re: mysearchweb/lop.com etc - having got rid of them how to keep them out?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Am I imagining there are more popups recently? ... Block possibly dangerous websites with a Hosts file. ... an account with administrative authority, ... Don't install free software, without researching it carefully. ... (microsoft.public.windowsxp.perform_maintain) Re: where are the newsgroups??? ... All other websites are fine. ... >If you have any other thoughts on what is happening to the DNS, ... Spyware Info: ... Block possibly dangerous websites with a Hosts file. ... (microsoft.public.windowsxp.network_web) Re: Browser Back Button ... AdAware, CWShredder, and Spybot S&D have install routines - run them. ... Spyware Warrior: ... Block Internet Explorer ActiveX scripting from dangerous websites (Restricted ... Block possibly dangerous websites with a Hosts file. ... (microsoft.public.windowsxp.network_web) Re: strange characters in ping results ... >>I have a Windows XP home workstation that cannot browse the Internet. ... > If removal of any spyware affects your ability to access the internet ... > Block known dangerous scripts from installing. ... > Block possibly dangerous websites with a Hosts file. ... (microsoft.public.windowsxp.network_web) Re: Cannot access some websites after virus cleaning ... -was using DNSAccelerator so my host file was full of websites (and perhaps ... -deactivated my dnsaccelerator and deleted everything in the hosts file ... I can access some websites like Lenovo, FreeCall, Free, my router, my bank, ... The problem is also similar with IE7 and I cannot access Windows Update. ... (microsoft.public.windowsxp.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)