Security Incidents mailing list archives
Re: IE default Page
From: Justin.Ross () signalsolutionsinc com
Date: Fri, 16 Jul 2004 11:14:18 -0700
My experience was that the fix (CWShredder) would not "take", until the machine was restarted after applying it. Applying fix, and then opening the browser just lead to reinfection. possibly because of a cached registry value/hive/key. Justin Ross MCP+I, MCSE, CCNA, CCSA, CCSE, CCSI Senior Network Security Engineer Signal Solutions Inc. - http://www.signalcorp.com 101 Wilcox Dr. Sierra Vista, AZ 85635 Phone: (520) 459-1354 x3095 Cell: (520) 234-4080 Fax: (520) 459-1428 Email: Justin.Ross () signalsolutionsinc com Try this out, I had one that was doing that and used the technique described by LoPhatPhuud in the web-forum topic linked below to remove it. The only difference was that my .dll and .cpy.dll files had a different base name. But it's easy enough to find as it's mentioned in the Guardian branch and should be the only .cpy.dll file in the system32 directory. It is set to hidden, system, and read-only, so you'll need to tell Windows to show it to you. http://forums.net-integration.net/index.php?showtopic=13744
Interesting bug going around, coolwebsearch, has anyone been successful
in
removing this virus from a system? It looks like it recreates the DLL
under
c:\windows\system32 and renames it after a few reboots. It's pretty
annoying
and I haven't been able to fully contain it. Thoughts? Suggestions? I've used highjackthis, cwshredder and a few
spyware
detectors, but nothing is really fixing the problem. Thanks, -Wes
-- Steven Bairstow Computer and Network Services - Abington College - Penn State University http://www.personal.psu.edu/~sab139 PGP Key ID = 0x0C81E13C "No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced."
Current thread:
- IE default Page wnorth (Jul 16)
- Re: IE default Page Jeff Garrett (Jul 16)
- Re: IE default Page Steven Bairstow (Jul 16)
- Re: IE default Page Justin . Ross (Jul 16)
- RE: IE default Page wnorth (Jul 16)
- <Possible follow-ups>
- RE: IE default Page Hagen, Eric (Jul 16)
- RE: IE default Page Ed Wittmann (Jul 16)
- RE: IE default Page Micro Kluge (Jul 16)