Re: spyware using "super"-hidden files in Windows XP

From: John McGaw (nowhere_at_inparticu.lar)
Date: 07/08/04 

Date: Thu, 8 Jul 2004 06:50:08 -0400

"John" <John@discussions.microsoft.com> wrote in message
news:0B5F14CC-20B5-4844-A0A1-99952CB3B63A@microsoft.com...
> SUMMARY
> =======
>
> SUBJECT: CoolWWW spyware persistance and removal.
>
>
> PROBLEM: Anti-spyware programs (e.g., Spysweeper, Ad-aware Pro,
PestPatrol) do not remove the cause (a "super"-hidden .dll program) but only
remove symptom files and registry settings.
>
> From original posting by someone else: "This dll is loaded with very
strange file permissions. It has all permissions but 'copy' denied to
everyone, including administrators. This set of permissions makes the file
completely invisible inside windows. You cannot see it using File explorer
or DOS prompts like dir. It also can not have its attributes set so that you
can see it."
>
>
> SOLUTION: Manual removal by using a revealing xfind.com error message,
then by using the Windows XP Recovery Console.
>
> NOTE: the byte verifier patch does not protect against the latest
variations (6/24/04-7/7/04) of CoolWWW.
>
> ===============
> MICROSOFT CULPABILITY
>
> (1) Microsoft allows by design or by flaw the creation of "super"-hidden
files. FIX THIS MICROSOFT!!, then anti-spyware programs will be able to
find and remove this stuff.
>
> (2) Also...Microsoft!! Fix the design flaws that allow anything to write
to the registry and place files on the computer as users browse the web with
IE. WHAT A JOKE!!! Guilty! Sentenced to 5 years of trying to remove
Coolwww without xfind or a clean install.
>
> ===============
> INSTRUCTIONS
>
> Step 1
> Download xfind.com
> (Note: at least a few programs are named xfind, so do not just search the
web and download any one of these. I did this and wasted time with
xfind.exe, which is not a bad program but not the one needed for our task.)
>
> Download from here:
> http://home.mnet-online.de/horst.muc/int/find23.zip (direct download of
zip file)
> or
> http://home.mnet-online.de/horst.muc/index.html (parent page of download;
click the "Find" link then download [9k])
>
snip...

So. We are supposed to go and download an executable file from an unknown
source that YOU specify and run it on our machines to detect a magical
invisible file that YOU say is there and causing unspecified problems? Yeah
right... 

-- 
John McGaw
[Knoxville, TN, USA]
Return address will not work. Please
reply in group or through my website:
http://johnmcgaw.com

Relevant Pages

  • RE: internet explorer
    ... "John D" wrote: ... I'm having a similar problem with a slow download using a wireless ... I tried downloading Internet Explorer Setup Program (version ... system, programs, files, pictures, music, etc.. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Microsoft Photo Editor 3.0 fails to open JPEG
    ... Hey John, There is a new version of Paint. ... but I think that is included in the download. ... >> My problem is that Microsoft Photo Editor 3.0 works fine ...
    (microsoft.public.windowsxp.photos)
  • Re: Random screen freezes
    ... How current is your virus protection? ... They're all free - and most pretty small, so they download quickly enough. ... And John, please don't contribute to the spread and success of email address ... bit safer when posting to open forums. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Can not change font/color/background in titles
    ... John, thanks for the reply. ... restore from last week, last month and 3 months ago and the restore ... download a new copy of it on the Microsoft website. ... users install from the net but this ...
    (microsoft.public.windowsxp.moviemaker)
  • Re: kfmkagpf not responding during shutdown
    ... "John" wrote in message ... What You Should Know About Spyware ... Dealing with Unwanted Malware, Parasites, Toolbars and Search Engines ... Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder ...
    (microsoft.public.windowsxp.general)