Re: drive by shooting - got hit by mysearch toolbar

["Gregh" <chows () ozemail com au>]

----- Original Message ----- 
From: <fulldisclosure () wateraxe demon nl>
To: <full-disclosure () lists netsys com>
Sent: Sunday, September 12, 2004 9:58 AM
Subject: [Full-disclosure] drive by shooting - got hit by mysearch toolbar


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All patches installed on w2k server ie6
> except :
>
> journal viewer
> net framework
> directx9.0b
> media player 9
>
> googled for 'how to configure htaccess on apache', firts hit was this
> page :
>
> www.thesitewizard.com/apache/index.shtml

Interested in what gets where so went and looked after reading your message. 
Tried it on main machine connected to net with XPSP2 fully patched. Nothing. 
Tried it on LAN (using only ICS) XPSP2 laptop and again nothing. Even 
rebooted it to test again. Thought it may be able to get through IESP1 so 
tried a 98SE machine connected to the lan with only IE6SP1 on it and again 
nothing.

I would think that it came from elsewhere in your setup. From what I have 
been able to learn. an infected machine either doesn't or it may be doesn't 
"in some cases" actually show signs of this problem until it has been 
rebooted, whereupon all the shit gets installed. It is possible it was 
already there on your machine prior to going to that web site. I wouldn't 
mind tracking through your history to see where it came from, actually. I 
have had great success getting rid of the damned thing easily using 
HiJackThis to just list entries and pick out the crap, delete the entries 
and associated exes from machines I look after for a job. I don't try to get 
it to auto disinfect, just list so I can removed them. Maybe this can help 
you.

Greg. 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html