Re: = HELP! pup.exe and over.exe =
From: Mike Burgess (winhelp2002_at_spamthis.com)
Date: 03/02/04
- Next message: Not Good: "RE: How to get a license to kill (a virus)?"
- Previous message: Darol: "Re: Need help!"
- In reply to: Mcbamm: "Re: = HELP! pup.exe and over.exe ="
- Next in thread: nlightend: "Re: = HELP! pup.exe and over.exe ="
- Reply: nlightend: "Re: = HELP! pup.exe and over.exe ="
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 1 Mar 2004 20:39:40 -0500
Mcbamm,
> this thing has hijacked my "notepad.exe"
Sounds like Coolwebsearch
<quote>
CWS.Googlems.3: A mutation of this variant exists that hijacks IE to
idgsearch.com, installs a BHO named 'Microsoft SearchWord' using the
filename Word10.dll in the location C:\Documents And
Settings\[username]\Application Data\Microsoft\Office. This version can also
be loaded by a fake Notepad.exe file in the Windows system folder. The fake
file has an icon different from the default notepad one.
</quote>
How to remove Coolwebsearch and affiliates
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch
Note: this type hijack indicates an unpatched machine, that is lacking
in "Defense". Please visit Windows Update to avoid these exploits.
-- "default-homepage-network.com" uses a ActiveX\HTA exploit on unpatched machines to infect the user. It then runs and installs: "server224.smartbotpro.net" (parasite hijacker) ____________________________________________________________ Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/ Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file http://www.mvps.org/winhelp2002/hosts.htm [updated 02-24-04] Please post replies to this Newsgroup, email address is invalid -- "Mcbamm" <Mcbamm.12ev3g@mail.mcse.ms> wrote in message news:Mcbamm.12ev3g@mail.mcse.ms... > > Mike, > this thing has hijacked my "notepad.exe", any attemp by me or a > program to open notepad results in > 1: it creates a copy of its self and renames its self(my only hope is > that they all turn up where the originals are) > 2: it attempts to connect to the internet. > > It might not be a virus, but it is a pain in the ***! > > I traced any leads i could and came up with: > nsl.smartbotpro.net > I.P. 205.236.189.50 > > Any help with the notepad prob would be helpfull, > thanks > Chris > > > > -- > Mcbamm > ------------------------------------------------------------------------ > Posted via http://www.mcse.ms > ------------------------------------------------------------------------ > View this thread: http://www.mcse.ms/message348344.html >
- Next message: Not Good: "RE: How to get a license to kill (a virus)?"
- Previous message: Darol: "Re: Need help!"
- In reply to: Mcbamm: "Re: = HELP! pup.exe and over.exe ="
- Next in thread: nlightend: "Re: = HELP! pup.exe and over.exe ="
- Reply: nlightend: "Re: = HELP! pup.exe and over.exe ="
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
