Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

HIJACK! (No, not THAT kind!)
various | Today | Me

Posted on 06/05/2004 8:06:55 PM PDT by Long Cut

You may have heard of this lately, or perhaps have had it happen to you. That's right...your internet browser gets hijacked. Taken from your control, as it were.

It takes you to sites you would never have visited in a million years; your computer slows down and maybe crashes; your homepage is mysteriously changed; you now have about a dozen "favorites" that you never selected and don't want.

You've been HIJACKED!

What happened? How? You ask, as you pull your hair out in disgust.

Well, it happened to me,, and some FReepers I know, and a LOT of my friends, lately. I've been hearing scuttlebutt around the Web, and around the water cooler. People's computers are being taken over by insidious, rotten spyware and malware that effectively seizes control and can have serious reperussions for the user.

These things download some particularly nasty porn, even child porn, to a computer. People have been fired, investigated, and disgraced for something they never did.

I discovered mine one day whil, of all things, trying to access FR. I mistyped the URL, and found myself redirected to some porn search engine. Massive popups overwhelmed my Pop-up Stopper, and froze my computer.

After the reboot, I ran my McAffie antivirus, which quickly crashed the system and failed to ever work again. Ad-Aware removed some registry keys and values, and I thought all was well.

Wrong. It happened again.

Now, I got serious. I obtained Symantec Pro version, and ran it. It caught several more bugs, but some couldn't be quarantined OR removed.

I was in a fix. I was using a computer that FReeper thumperusn had graciously loaned me, and I didn't want to give it back to him all jacked up. Thus began my battle with the Internet demon known as "CoolWebSearch".

I went to sites like Spywareguide.com, Spywareinfo.com,, and Symantec's excellent site, and educated myself about CWS. It's a mean one.

With over 25 versions to date, and about 30 affiliated sites, CWS has infected millions of computers to date. It uses a "hole" in JavaScript Virtual Machine to invade your machine and make changes to IE and your registry. It also copies itself to your "restore" files, which the antivirus and anti-spyware programs DO NOT search or modify.

After educating myself, and wading through literally hundreds of pages of "geek-speak", I formed a plan of attack.

PROTECTION

First, I would fix the holes in my system. The borrowed laptop used Windows Me, from 2000. It needed updating, and MS's website had a whole bunch of them. Since I'm on a dialup, it took hours to download and install all the patches.

Next, some firewalls. At Major Geeks.com, I found and downloaded Zone Alarm and Browser Hijack Blaster, both for free. Thus protected from further invasion, I set about curing the disease.

MEDICINE FOR A SICK COMPUTER

I first updated the Symantec to the latest standards. I then did the same with Ad-Aware, and downloaded Spybot Search&Destroy from Majorgeeks. It was about then I discovered that I was not alone.

I found Merjin.org, a website set up by a computer student with the sole purpose of combatting CWS. From there, I obtained the invaluable CWShredder, a program that can remove ANY CWS bugs, and which is updated frequently. I also got HiJackTHIS!, a program which can find and display anything that is downloaded to your computer, and remove it with a command.

So effective are these programs, CWS has recently conducted Denial Of Service attacks on Merjin.org. Thankfully, it has survived...it also contains detailed information about all the CWS variants, and manual removal procedures.

I was able to sweep my system clean of many more bugs. Unfortunately, I still wasn't done.

HEALING THE PATIENT

I was still getting some spyware from CWS, and some Browser Helper Objects (BHO's) were still turning up. Fortunately, due to Zone Alarm and Hijack Blaster, I was warned well in advance. However, I was suspicious as to how it was happening on a daily basis. Thus, I went even deeper.

I went to Symantec's website and downloaded detailed instructions for THOUROUGHLY cleaning your system. I had missed something important.

CWS also writes itself to your "restore" files. These are immune from the cleaning software. The cure for that was quite new for me, a relative computer novice. However, one learns by doing, so I plowed ahead.

I disabled the "restore" function (instructions from Symantec), and rebooted into "safe" mode(also on Symantec's instructions). I then ran all my cleaning and anti-virus/anti-spyware programs, deleting everything found.

Then, I went to the C://System/Restore files and deleted them all. If it affects the "restore" function adversly, I have not seen evidence of it yet.

I rebooted, performed a scandisk and a defrag, and rebooted again. Then I enabled the "restore" function once more.

That was yesterday, and so far, so good. I'd like to think I got it all, but with these bugs, you never know. Fortunately, I'm now forewarned and forearmed.


TOPICS: Crime/Corruption; Culture/Society; Miscellaneous; News/Current Events; Your Opinion/Questions
KEYWORDS: computers; coolwebsearch; hijack; hijackers; spyware; trojanhorses; virus; viruses; worm
Navigation: use the links below to view more comments.
first previous 1-5051-100101-150151-192 next last
To: Long Cut

One thing I found to get around the merjin stuff is that where I was finding problems (wanting to double check the random thing that I find once in awhile before removing from hijack) was that the links to the other sites of lists (like bho lists, etc.) were not allowing for anything to be searched or came up with no responses...I explored long enough that I found that there lists you can download and just 'ctrl f' for whichever you are questioning...

Did that make any sense? In any case, I was glad to find an alternative cause all the problems on his site were getting annoying! LOL!


101 posted on 06/05/2004 10:08:55 PM PDT by mfccinsd
[ Post Reply | Private Reply | To 76 | View Replies]

To: Long Cut

Mozilla is the full featured browser, firefox is just the browser. I have both and use firefox the most. Thanks for all the info, I have had many problems with the wifes PC off/on for months, reinstalled win98 3 times


102 posted on 06/05/2004 10:09:05 PM PDT by markman46
[ Post Reply | Private Reply | To 86 | View Replies]

To: Long Cut
Check earlier in this thread. I made a post with several useful Mozilla links that I'm too lazy to retype now. :-) The "extensions" are definitely something to look at, though aren't strictly necessary.
103 posted on 06/05/2004 10:09:08 PM PDT by zeugma (The Great Experiment is over.)
[ Post Reply | Private Reply | To 91 | View Replies]

To: Fraulein

Do 'save log' and you can put it in a private message to me (the contents of the log) and I'll help you if you'd like


104 posted on 06/05/2004 10:09:41 PM PDT by mfccinsd
[ Post Reply | Private Reply | To 100 | View Replies]

To: zeugma

Okay, just so's I'm clear...I download Mozilla, and Firefox et. al. comes with it, correct? There's several versions of Mozilla on the site...which ones do you recommend?


105 posted on 06/05/2004 10:10:18 PM PDT by Long Cut (Certainty of Death, small chance of Success...What are we waiting for?...Gimli the Dwarf)
[ Post Reply | Private Reply | To 98 | View Replies]

To: Bloody Sam Roberts

I've also found tds-3 (free eval. version you can use) is helpful, as is a2 http://www.emsisoft.com/en/

Both found things that I hadn't been able to fix on hijack adaware and spybot...all of which I run (and update) very often.

Might be worth trying just to be sure, too...


106 posted on 06/05/2004 10:13:49 PM PDT by mfccinsd
[ Post Reply | Private Reply | To 81 | View Replies]

To: Long Cut; All

Anyone contemplating trying Mozilla or Firefox needs to bookmark this page!

Note that "user forums" are open. In other words, you don't have to register. (The sections down the page you do, however).

http://forums.mozillazine.org/index.php


107 posted on 06/05/2004 10:14:38 PM PDT by JoJo Gunn (Intellectuals exist only if you believe they do. )
[ Post Reply | Private Reply | To 105 | View Replies]

To: Long Cut
From the main mozilla page, go to the section titled "mozilla 1.6", and select the one for your operating system. Version 1.6 is considered the latest "stable" release. Right now I'm on version 1.8a, which is an 'alpha' release - it's not considered stable yet. You'd probably be best off with 1.6.
108 posted on 06/05/2004 10:14:52 PM PDT by zeugma (The Great Experiment is over.)
[ Post Reply | Private Reply | To 105 | View Replies]

To: Long Cut

//I'm no expert (but there are certainly some on this thread), however, I'd assume that the files it found are "hidden" somehow from your "search" function. In my case, they were in the "restore" system folder, and I had to disable it before I could begin deleting the offenders. If it's enabled, it won't allow you to mess with it.//

Well, I use 'dir /a' as my file finder; I suppose something could tamper with it, but I don't know that spyware thingies tamper with DOS.


109 posted on 06/05/2004 10:16:09 PM PDT by supercat (Why is it that the more "gun safety" laws are passed, the less safe my guns seem?)
[ Post Reply | Private Reply | To 99 | View Replies]

To: Fraulein

You can go to this page:
http://tomcoyote.com/hjt/

Look around a little and then register if it looks good to you. If you register you will be able to post your log and the gurus there will tell you what to delete. I have not used them but I have heard about it. I think they will be of help.


110 posted on 06/05/2004 10:16:27 PM PDT by No One Special
[ Post Reply | Private Reply | To 100 | View Replies]

To: Fraulein
First, delete all of the stuff ad-aware found. You can do this by acessing the "quarantine list", selecting each, and clicking "delete".

As for HiJackTHIS!, you'll have to go line-by-line and check each...it will give details about each, as well as tell you if any are really bad. Anything with "about:blank", for instance, should be deleted forthwith. Read each carefully...if it's something you know, or remember downloading deliberately by the name, just put it on the "ignore" list.

HiJackTHIS! has a guide to its ratings, and so does Merjin. Refer to them before deleting anything.

It'll be a pain, but after you're done, anything else will be easy.

111 posted on 06/05/2004 10:17:57 PM PDT by Long Cut (Certainty of Death, small chance of Success...What are we waiting for?...Gimli the Dwarf)
[ Post Reply | Private Reply | To 100 | View Replies]

To: Long Cut

Firefox 0.8.

It's a browser only.

Mozilla 1.6 is okay. It has an e-mail client and even a web page maker. But go with Firefox until you get a little used to the changes.

My opinion....


112 posted on 06/05/2004 10:18:04 PM PDT by JoJo Gunn (Intellectuals exist only if you believe they do. )
[ Post Reply | Private Reply | To 105 | View Replies]

To: Long Cut
Full article can be read here: http://www.techuser.net/index.php?id=47

Why Windows is a Security Nightmare
Security in all mainstream operating systems is non-existent; however, things are especially bad for Windows. Windows happens to be the favorite target of worm and virus writers. Conventional wisdom suggests that the huge installed base of Windows helps spread the worms and viruses, and also makes it a highly attractive target for worm/virus writers. The installed base of Windows certainly has an undeniable effect on the prevalence of malware on Windows, but this is not all there is to it.

The Blaster worm attacks Windows XP, and Win2K systems. In order to infect a system the worm needs to send the correct payload for the respective OS. The worm is not able to differentiate between the XP and Win2K so it randomly guesses the OS type; however, if it guesses wrong the RPC service crashes, and Windows reports it as a crash of svchost. The Blaster attack was quite a surprise as the major outbreak of the worm occurred back in August 2003, and I was expecting all infections of the worm to be fixed by now.

I was in no position to do anything about the Blaster attack, so I continued downloading the 35 MB service pack 4 over my dialup connection. It took me a couple of hours to download it, but Windows Update refused to install it; Windows Update probably needed some functionality provided by the crashed svchost.exe.

I rebooted and connected to the internet, which was a mistake as I was giving the worm a second chance to infect my system. Anyway, I proceeded to Windows Update, and tried the same download again. Alas, Windows Update had forgotten all about the 35 MB it had downloaded previously, and started downloading the same stuff all over again. Worse, the Blaster worm crashed svchost again, and I had to discontinue the download.

I knew about the existence of a standalone security update to patch the vulnerability Blaster exploits, so I decided to bypass Windows Update and download it directly. The download was small less than 1MB, but as soon as I tried running it I learned that it requires at least service pack 2 to install, which I didn't have.

Microsoft provides a separate download for service packs as well, and I decided to download the latest service pack, service pack 4. Well, the standalone service pack 4 distribution turned out to be a mammoth 129 MB download. This is about the maximum I have ever downloaded over a dialup connection; a download of this size can easily take 10 or more hours to complete.

Downloading a large file over dialup requires the ability to resume downloads which Internet Explorer does not provide, so I downloaded Wget to acquire that ability. Wget is a commandline tool and is invoked by calling it with the URL name. I tried pasting the URL on the command line, but it turns out that the cut and paste functionality disappears after a blaster attack, so I was forced to manually type the URL.

Normally, typing a URL is not a big deal. Everyone types URLs all the time, and I do too, but I do mind typing gibberish strings of 95 characters like the following:
http://download.microsoft.com/download/E/6/A/E6A04295-D2A8-40D0-A0C5- 241BFECD095E/W2KSP4_EN.EXE
To cut a long story short I managed to download and install the service pack, and the Blaster security update. Finally, the Windows Update started working and after another 30-40 MB of downloads, and 3 or so reboots, I managed to installed the 18 security updates available there (another 5 have been added to that number as of now).

After this experience I cannot help but laugh at the 'usability' problems Windows users are reporting about GNOME and KDE. It has become pretty clear to me that Windows users are so accustomed to usability problems that they don't even recognize them as usability problems. But, as soon as these people move to a different environment they start complaining simply because the new environment does not replicate the features and bugs of Windows exactly.

The other big lesson from all this is that most Windows users are incapable of 'securing' their systems. This is precisely why an unprotected system gets attacked in a matter of seconds, and spammers are still sending out Messenger service spam. Worse, Microsoft is directly responsible for this state of affairs. Windows encourage users to reinstall it every once in a while, and when they do, Windows Update actively prevents users from updating their systems.

The whole idea of Windows Update is a joke. Using an unreliable and insecure network as the primary means of distributing security updates is simply idiotic. This is like asking people to walk through a minefield to get to a shelter. I was able to download security updates off the internet only because the current generation of worms are not particularly malicious; they are just minor irritants.

If Microsoft is serious about Windows security it needs to fix Windows Update, and get rid of the damned Registry for good. Unfortunately, Microsoft's approach is to layer half baked fixes over utterly broken things to keep them going for as long as possible. Microsoft knows that there is a problem with the Registry, but the way it is dealing with it is by offering Registry rollbacks, and similar worthless functionality.

113 posted on 06/05/2004 10:23:18 PM PDT by macJoyful (Macs - the only thing liberal about me)
[ Post Reply | Private Reply | To 1 | View Replies]

To: JoJo Gunn; All
Okay, I'm off to download Firefox...seems it's all I need to start off.

Thanks to ALL the experts who offered their valuable advice and help. I'm sure there were MANY lurkers who found it as useful as the posters did.

If enough people get the word, maybe we can stop these jerks from ruining people's machines and lives.

Signing off for tonight, back tomorrow.

114 posted on 06/05/2004 10:24:53 PM PDT by Long Cut (Certainty of Death, small chance of Success...What are we waiting for?...Gimli the Dwarf)
[ Post Reply | Private Reply | To 112 | View Replies]

To: Long Cut

The Best and only programs I have found that work are spy bot search and destroy and regrun. Regrun is awesome because it can do three things to a malware file like ncase, isolate destroy and block all variations of it from working on my computer sweet a** program.


115 posted on 06/05/2004 10:26:28 PM PDT by aft_lizard (I actually voted for John Kerry before I voted against him)
[ Post Reply | Private Reply | To 1 | View Replies]

To: mylife

People work full time creating these threats making it a full time job to stay ahead of them.


116 posted on 06/05/2004 10:28:51 PM PDT by South40 (Amnesty for ILLEGALS is a slap in the face to the USBP!)
[ Post Reply | Private Reply | To 89 | View Replies]

To: No One Special
Thank you for the link. I will check it out.
117 posted on 06/05/2004 10:28:54 PM PDT by Fraulein
[ Post Reply | Private Reply | To 110 | View Replies]

To: Long Cut
Ah, yes, "about: blank" -- 2 words that I am so sick of seeing on windows as they are first spontaneously popping-up!

Thanks, again, for this thread. It's been very helpful. :)

Oddly, my home page was hijacked by a bright red page saying that my computer had spyware/security problems! Lots of windows would start opening up while the 'new' home page took over the whole computer screen, unable to be minimized, and usually shortly thereafter everything locked up.

118 posted on 06/05/2004 10:36:22 PM PDT by Fraulein
[ Post Reply | Private Reply | To 111 | View Replies]

To: Squantos
AVG-Zone Alarm-Norton AV- Ad Aware are all free, get em , use em !.....:o)

Please note!!! While Norton (Symantec) does have an on-line, web based virus scan, Norton (or Symantec) Anti-Virus is NOT freeware!

Mark

119 posted on 06/05/2004 10:41:23 PM PDT by MarkL (The meek shall inherit the earth... But usually in plots 6' x 3' x 6' deep...)
[ Post Reply | Private Reply | To 47 | View Replies]

To: HairOfTheDog

Every one of those DNS records has their address record set you your system (127.0.0.1 AKA "localhost").

If you're running XP ( which it appears that you are ), check to see what's in your hosts and lmhosts files. These are both text files in the C:\WINDOWS\SYSTEM32\DRIVERS\ETC directory.

Mark


120 posted on 06/05/2004 10:44:58 PM PDT by MarkL (The meek shall inherit the earth... But usually in plots 6' x 3' x 6' deep...)
[ Post Reply | Private Reply | To 49 | View Replies]

To: MarkL
Uhh .....yeah.........(toe in dirt)......I paid for that one . My mistake thanks for catching it !

Stay safe !

121 posted on 06/05/2004 10:48:23 PM PDT by Squantos (Be polite. Be professional. But, have a plan to kill everyone you meet.)
[ Post Reply | Private Reply | To 119 | View Replies]

To: zeugma; All

Have you seen these links?

http://www.texturizer.net/firefox/extensions/

http://texturizer.net/firefox/themes/

As far as extensions, I recommend:

IE View (right click and open IE if there's a page you can't render correctly with Firefox)

AdBlock (in addition to the standard popup blocker, this extension allows you to right click on banner ads and some Flash and remove them)

External Application Buttons (with this I've added an OE button to the browser bar)

NOTE -there's been some bugs with trying to install more than one extension at a time. Install one, then close the browser and restart it before getting another one.


122 posted on 06/05/2004 10:50:21 PM PDT by JoJo Gunn (Intellectuals exist only if you believe they do. )
[ Post Reply | Private Reply | To 108 | View Replies]

To: supercat
Well, I use 'dir /a' as my file finder; I suppose something could tamper with it, but I don't know that spyware thingies tamper with DOS

Under certain circumstances, that's the ONLY way to see the files. Microsoft's filesystems (NTFS - and if you're using WindowsME (not sure about Win9x) FAT32) has an "undocumented" attribute known as "SuperHidden." This hides a file, even if you're folders are set to show all files. However, a "dir /a" will show these files. BTW, if you do a search on Microsoft's knowledgebase for the word "superhidden," you will not get a single hit! IIRC, Nimda was the first virus to take advantage of this, as well as the ability to block showing the extension of the file in Windows Explorer!

Mark

123 posted on 06/05/2004 11:05:24 PM PDT by MarkL (The meek shall inherit the earth... But usually in plots 6' x 3' x 6' deep...)
[ Post Reply | Private Reply | To 109 | View Replies]

To: JoJo Gunn
I'll have to look into the bugs you mentioned with installing multiple extensions. I upgrade to the latest nightly about every two weeks, and have established a regular procedure for same, which normally requires running the install as root, copying my plugin directory from the previous version, then installing the 6 extensions I use, and re-starting Moz as a user. Even running nightlies, I very rarely run into any installtion related bugs. Do you know any specifics, or should I just browse through bugzilla?
124 posted on 06/05/2004 11:05:37 PM PDT by zeugma (The Great Experiment is over.)
[ Post Reply | Private Reply | To 122 | View Replies]

To: Long Cut; All

Glad you posted this....I just got a problem about a week ago and am in the process of cleaning it up.

Thanks to all for their links and useful info. Does anyone know what it is these idiots are trying to accompolish with these programs? It seems to me the parasite is killing the host.

Will check back for more info here!


125 posted on 06/05/2004 11:08:40 PM PDT by TheLion
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

I'm not that deep into it, don't know about the nightlies, but I've noticed on the support threads that doing more than one at a time seems to be at least a common enough occurence.

That likely will change with 0.9, since it's said to have an extension manager/installer built in.

I've been using this with good luck:

http://backup.jasnapaka.com/

If only it could backup the unprotected cache. sigh


126 posted on 06/05/2004 11:13:04 PM PDT by JoJo Gunn (Intellectuals exist only if you believe they do. )
[ Post Reply | Private Reply | To 124 | View Replies]

To: zeugma; JoJo Gunn

Okay! I'm now using Firefox, and so far, it's great! I've got one question...how do I set a homepage to it? I can't seem to figure that out.


127 posted on 06/05/2004 11:36:44 PM PDT by Long Cut (Certainty of Death, small chance of Success...What are we waiting for?...Gimli the Dwarf)
[ Post Reply | Private Reply | To 124 | View Replies]

To: JoJo Gunn
Interesting program. Doesn't look like they have a Linux version. Of course, it's easy enough creating a tar of your ~/.mozilla and /usr/local/mozilla directories under Linux, so I'm not sure how useful it would be for me.

Thanks for the pointer. This has been a great thread. I think it has garnered a few Mozilla converts! Now, if only I could convince them to move away from the Dark Side...

128 posted on 06/05/2004 11:37:59 PM PDT by zeugma (The Great Experiment is over.)
[ Post Reply | Private Reply | To 126 | View Replies]

To: Long Cut
To set the home page, select the "Edit" menu item, then "Preferences". On my browser, it automatically selects the "Navigator" section is highlighted by default. If you are already browsed to the page, just select the "use current page" button.

One thing that I'd suggest you consider is something I've been doing for quite some time. I browse to my bookmarks.html file by "File", then "Open file". Then I set my homepage to be my bookmarks. I find that this speeds up opening my browser in a major way. Highly reccommended. YMMV

129 posted on 06/05/2004 11:42:48 PM PDT by zeugma (The Great Experiment is over.)
[ Post Reply | Private Reply | To 127 | View Replies]

To: zeugma

Thanks, I got it. One more thing...I've noticed that my scroller on this laptop now won't work. is that normal?


130 posted on 06/05/2004 11:47:42 PM PDT by Long Cut (Certainty of Death, small chance of Success...What are we waiting for?...Gimli the Dwarf)
[ Post Reply | Private Reply | To 129 | View Replies]

To: Long Cut

Even after reboot? I have that problem sometimes if I've been doing too much and it's overwhelmed...but I've always been ok after rebooting...

That's really odd...report back if you figure it out! Never know...now that I said that maybe I'll have the same problem and you can tell me the trick! Ha! :-)


131 posted on 06/06/2004 12:35:09 AM PDT by mfccinsd
[ Post Reply | Private Reply | To 130 | View Replies]

To: IVote2

mozilla firebird.
FASTER, built in pop up blocking... and impervious to internet explorer baloney.

Tis also FREE.


132 posted on 06/06/2004 12:38:30 AM PDT by Robert_Paulson2 (the madridification of our election is now officially underway.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Weimdog

I use a Mac.

My husband managed to infect it.

I simply won't have Explorer on my machine any more. I use Safari and that doesn't allow pop-ups.


133 posted on 06/06/2004 12:41:06 AM PDT by tiamat ("Just a Bronze-Age Gal, Trapped in a Techno-World!")
[ Post Reply | Private Reply | To 72 | View Replies]

To: mercy

Us Mac people are vulnerable too.

My husband managed to infect my machine.

He kept insisting on using Explorer and that's how it got in. I finally ended up simply remving the entire program.

We only use Safari, now.


134 posted on 06/06/2004 12:44:39 AM PDT by tiamat ("Just a Bronze-Age Gal, Trapped in a Techno-World!")
[ Post Reply | Private Reply | To 93 | View Replies]

To: Long Cut

you cannot get rid of IE.. just stop using it. clear it's cache and get rid of it's link in the toolbar...

firefox, thunderbird and mozilla are immune from microsoft based attacks. the firefox browser is blazing fast, has tabbed browsing (incredible feature really really), and graphics rendering is really top notch.

I've used them for four or five years.
Once you have installed a mozilla browser, you won't wanna go back...


135 posted on 06/06/2004 12:47:41 AM PDT by Robert_Paulson2 (the madridification of our election is now officially underway.)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Long Cut
I mistyped the URL, and found myself redirected to some porn search engine.

My computer has a function called "Favorites", so all I have to do is click on the bookmarked Free Republic link and, voila!, I'm there! No typing necessary! I suggest that you get a computer with a "Favorites" function.

Regards
LH

136 posted on 06/06/2004 12:49:26 AM PDT by Lancey Howard
[ Post Reply | Private Reply | To 1 | View Replies]

To: Luis Gonzalez

Spy Sweeper is awesome.


137 posted on 06/06/2004 12:50:10 AM PDT by Lancey Howard
[ Post Reply | Private Reply | To 50 | View Replies]

To: tiamat
My husband managed to infect it.

Exactly WHAT were you infected with? I know of no infectious programs in the wild for Mac OSX.

138 posted on 06/06/2004 2:06:48 AM PDT by Swordmaker (This tagline shut down for renovations and repairs. Re-open June of 2001.)
[ Post Reply | Private Reply | To 133 | View Replies]

To: zeugma
That is the same evolution viruses have taken in Windows.

Before Windows, some DOS level viruses existed.

Those who create viruses don't live in a vacuum. They will modify and adjust.
139 posted on 06/06/2004 3:40:09 AM PDT by TomGuy (Clintonites have such good hind-sight because they had their heads up their hind-ends 8 years.)
[ Post Reply | Private Reply | To 95 | View Replies]

To: Swordmaker

He was using Explorer to surf for naughty pictures ( A thing i do NOT appreciate!) and we had a "button" appear and attach itself to Explorer's tool bar. Took you direct to one of these sites, and you would also get droves of nasty pop-ups.

The dumb thing was right there where my daughter could have gotten to it.

I tried to remove the button and could not. He would also have things begin to down-load and not know how he had activated them.

AND he was leaving smut on the desk-top!

I finally just trashed Explorer and told him I'd break his neck if I found anything like that again.


140 posted on 06/06/2004 5:14:44 AM PDT by tiamat ("Just a Bronze-Age Gal, Trapped in a Techno-World!")
[ Post Reply | Private Reply | To 138 | View Replies]

To: Long Cut

Thanks for the info.


141 posted on 06/06/2004 6:39:07 AM PDT by tsomer
[ Post Reply | Private Reply | To 111 | View Replies]

To: MarkL
This is what is in there...


142 posted on 06/06/2004 7:31:54 AM PDT by HairOfTheDog (farewell to a great president.)
[ Post Reply | Private Reply | To 120 | View Replies]

To: HairOfTheDog

Wow! A 19KB hosts file? You've been hit by something. Please freepmail me your hosts and hosts.old files. You haven't got an lmhosts file (that's OK).

I'll see if I can "fix it" for you, then freepmail it back to you. It should be pretty simple.

Mark


143 posted on 06/06/2004 7:54:18 AM PDT by MarkL (The meek shall inherit the earth... But usually in plots 6' x 3' x 6' deep...)
[ Post Reply | Private Reply | To 142 | View Replies]

To: zeugma

I'm still learning the differences, so though I know of .js files and the "user chrome" when they're mentioned, I haven't touched them as of yet.

Maybe someday I'll try Linux. I'm about ready too. I can't fathom so many jumping on the XP bandwagon. One of my pet sayings about it is how you have to have a former fry cook to authorize your using what you bought and paid for.

I understand those who go and buy their first computer at Wal-Mart. As when I started, they know no better and that's what's offered now. But for anyone who has been around computers a while, the Big Brother aspects should have fired off alarm bells. There's been even worse rumors about Longhorn, and that "lockbox" (the DRM thing).

Oh well, I'm still on the Dark Side, but I'm gonna run ME into the ground before becoming a slave to fry cooks.


144 posted on 06/06/2004 8:05:09 AM PDT by JoJo Gunn (Intellectuals exist only if you believe they do. )
[ Post Reply | Private Reply | To 128 | View Replies]

To: MarkL; ecurbh; Ramius; Long Cut

WOW! You got it! My fiancee is here and knew how to go in and look at that stuff.... and there was all kinds of frap in there he knew how to get rid of and give me a clean hosts file... Now when I flush the cache, nothing insidious shows up there.

Thanks also to mfccinsd, who helped me run the HijackThis tool and get rid of some other leftovers I just didn't need in there!

But just so you know the weight you have lifted from me, here is what was in there! (I did once briefly have Kazaa, but I swear to you, I have never willingly been to any of the sex-type stuff! Here is my host file the way it was:

# localhost: Needs to stay like this to work
127.0.0.1 localhost

# KaZaA related:

127.0.0.1 desktop.kazaa.com
# 216.239.39.101 = www.google.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 alpha.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 www.b3d.com

# Adservers and other crappy sites:

127.0.0.1 123banners.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.es.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.free6.com
127.0.0.1 ad.it.doubleclick.net
127.0.0.1 ad.iwin.com
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.kr.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.trafficmp.com
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.webprovider.com
127.0.0.1 ad08.focalink.com
127.0.0.1 ad1.adcept.net
127.0.0.1 ad1.icorp.net
127.0.0.1 ad1.looksmart.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ad2.looksmart.com
127.0.0.1 ad3.adcept.net
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreatives.imaginemedia.com
127.0.0.1 addb.looksmart.com
127.0.0.1 adevents.msn.com
127.0.0.1 adex3.flycast.com
127.0.0.1 adforce.ads.imgis.com
127.0.0.1 adforce.imgis.com
127.0.0.1 adfu.blockstackers.com
127.0.0.1 adimage.blm.net
127.0.0.1 adimages.earthweb.com
127.0.0.1 adimages.go.com
127.0.0.1 adimages.imaginemedia.com
127.0.0.1 adimg.egroups.com
127.0.0.1 admedia.xoom.com
127.0.0.1 admonitor.net
127.0.0.1 adpick.switchboard.com
127.0.0.1 adproject.net
127.0.0.1 adremote.pathfinder.com
127.0.0.1 adres.internet.com
127.0.0.1 ads.adflight.com
127.0.0.1 ads.ad-flow.com
127.0.0.1 ads.admaximize.com
127.0.0.1 ads.admonitor.net
127.0.0.1 ads.adroar.com
127.0.0.1 ads.bfast.com
127.0.0.1 ads.box.sk
127.0.0.1 ads.burstnet.com
127.0.0.1 ads.cdfreaks.com
127.0.0.1 ads.chrbanner.com
127.0.0.1 ads.clickagents.com
127.0.0.1 ads.clickhouse.com
127.0.0.1 ads.dai.net
127.0.0.1 ads.datais.com
127.0.0.1 ads.enliven.com
127.0.0.1 ads.eu.msn.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.fool.com
127.0.0.1 ads.fortunecity.com
127.0.0.1 ads.fortunecity.fr
127.0.0.1 ads.freeze.com
127.0.0.1 ads.freshmeat.net
127.0.0.1 ads.god.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 ads.hitcents.com
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.i12.de
127.0.0.1 ads.i33.com
127.0.0.1 ads.ign.com
127.0.0.1 ads.imaginemedia.com
127.0.0.1 ads.indya.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.irover.com
127.0.0.1 ads.ixo.com
127.0.0.1 ads.jpost.com
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.killerapp.com
127.0.0.1 ads.link4ads.com
127.0.0.1 ads.linksponsor.com
127.0.0.1 ads.looksmart.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.lycos.de
127.0.0.1 ads.madison.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 ads.msn.com
127.0.0.1 ads.musiccity.com
127.0.0.1 ads.netomia.com
127.0.0.1 ads.newcity.com
127.0.0.1 ads.newcitynet.com
127.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.rediff.com
127.0.0.1 ads.satyamonline.com
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.smartclicks.net
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.startpath.com
127.0.0.1 ads.station.sony.com
127.0.0.1 ads.tiscali.fr
127.0.0.1 ads.tripod.com
127.0.0.1 ads.tucows.com
127.0.0.1 ads.vcommunities.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.x10.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.zdnet.com
127.0.0.1 ads01.focalink.com
127.0.0.1 ads02.focalink.com
127.0.0.1 ads03.focalink.com
127.0.0.1 ads04.focalink.com
127.0.0.1 ads05.focalink.com
127.0.0.1 ads06.focalink.com
127.0.0.1 ads07.focalink.com
127.0.0.1 ads08.focalink.com
127.0.0.1 ads09.focalink.com
127.0.0.1 ads1.activeagent.at
127.0.0.1 ads1.ad-flow.com
127.0.0.1 ads1.speedbit.com
127.0.0.1 ads10.focalink.com
127.0.0.1 ads11.focalink.com
127.0.0.1 ads12.focalink.com
127.0.0.1 ads13.focalink.com
127.0.0.1 ads14.focalink.com
127.0.0.1 ads15.focalink.com
127.0.0.1 ads16.focalink.com
127.0.0.1 ads17.focalink.com
127.0.0.1 ads18.focalink.com
127.0.0.1 ads19.focalink.com
127.0.0.1 ads2.speedbit.com
127.0.0.1 ads2.zdnet.com
127.0.0.1 ads20.focalink.com
127.0.0.1 ads21.focalink.com
127.0.0.1 ads22.focalink.com
127.0.0.1 ads23.focalink.com
127.0.0.1 ads24.focalink.com
127.0.0.1 ads25.focalink.com
127.0.0.1 ads3.speedbit.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads4.speedbit.com
127.0.0.1 ads5.gamecity.net
127.0.0.1 ads5.speedbit.com
127.0.0.1 ads6.speedbit.com
127.0.0.1 ads7.speedbit.com
127.0.0.1 ads8.speedbit.com
127.0.0.1 adserv.bravenet.com
127.0.0.1 adserv.bravenet.com
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.internetfuel.com
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserver.affiliation.com
127.0.0.1 adserver.akqa.net
127.0.0.1 adserver.dbusiness.com
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.humanux.com
127.0.0.1 adserver.imaginemedia.com
127.0.0.1 adserver.isonews.com
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.lunarpages.com
127.0.0.1 adserver.merc.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver.tweakers.net
127.0.0.1 adserver.ugo.com
127.0.0.1 adserver.webads.nl
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adserver2.imaginemedia.com
127.0.0.1 AdSubstract
127.0.0.1 adsubstract
127.0.0.1 ads-ussj1.focalink.com
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 adulttds.com
127.0.0.1 aglink.mircx.com
127.0.0.1 antfarm-ad.flycast.com
127.0.0.1 au.ads.link4ads.com
127.0.0.1 bach.aureate.com
127.0.0.1 badservant.guj.de
127.0.0.1 banner.50megs.com
127.0.0.1 banner.adverity.com
127.0.0.1 banner.commissionpartner.com
127.0.0.1 banner.de
127.0.0.1 banner.easyspace.com
127.0.0.1 banner.free6.com
127.0.0.1 banner.i-3.de
127.0.0.1 banner.media-system.de
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 bannerad.ipgnet.com
127.0.0.1 bannerads.de
127.0.0.1 bannerfarm.ace.advertising.com
127.0.0.1 bannerimages.0catch.com
127.0.0.1 bannermaster.geektech.com
127.0.0.1 banner-net.com
127.0.0.1 bannerpower.com
127.0.0.1 banners.adultfriendfinder.com
127.0.0.1 banners.easydns.com
127.0.0.1 banners.free6.com
127.0.0.1 banners.hotlinks.net
127.0.0.1 banners.looksmart.com
127.0.0.1 banners.nextcard.com
127.0.0.1 banners.pennyweb.com
127.0.0.1 banners.webmasterplan.com
127.0.0.1 banners.wunderground.com
127.0.0.1 bannervip.webjump.com
127.0.0.1 banzai.moodlogic.com
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 beseen.com
127.0.0.1 beseen.looksmart.com
127.0.0.1 beseen5.looksmart.com
127.0.0.1 beseenad.looksmart.com
127.0.0.1 beseenad1.looksmart.com
127.0.0.1 beseenad2.looksmart.com
127.0.0.1 beseenad3.looksmart.com
127.0.0.1 beseenadx.looksmart.com
127.0.0.1 bfast.com
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bn.bfast.com
127.0.0.1 botw.topbucks.com
127.0.0.1 bsads.looksmart.com
127.0.0.1 by.advertising.com
127.0.0.1 c1.thecounter.com
127.0.0.1 c2.thecounter.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 califia.imaginemedia.com
127.0.0.1 cash4banner.com
127.0.0.1 cash4banner.de
127.0.0.1 cds.mediaplex.com
127.0.0.1 cgi.sexlist.com
127.0.0.1 click.avenuea.com
127.0.0.1 click.go2net.com
127.0.0.1 click.linksynergy.com
127.0.0.1 clickagents.com
127.0.0.1 clicks.about.com
127.0.0.1 clit5.sextracker.com
127.0.0.1 code02.pbtech.net
127.0.0.1 commonwealth.riddler.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 counter.hitbox.com
127.0.0.1 counter1.sextracker.com
127.0.0.1 counter10.sextracker.com
127.0.0.1 counter11.sextracker.com
127.0.0.1 counter12.sextracker.com
127.0.0.1 counter13.sextracker.com
127.0.0.1 counter14.sextracker.com
127.0.0.1 counter15.sextracker.com
127.0.0.1 counter16.sextracker.com
127.0.0.1 counter2.sextracker.com
127.0.0.1 counter3.sextracker.com
127.0.0.1 counter4.sextracker.com
127.0.0.1 counter5.sextracker.com
127.0.0.1 counter6.sextracker.com
127.0.0.1 counter7.sextracker.com
127.0.0.1 counter8.sextracker.com
127.0.0.1 counter9.sextracker.com
127.0.0.1 crs.akamai.com
127.0.0.1 crux.songline.com
127.0.0.1 ct.iac-online.de
127.0.0.1 ctc.amateurpages.com
127.0.0.1 de.netstatpro.net
127.0.0.1 desktop.grokster.com
127.0.0.1 dialer.offshoreclicks.com
127.0.0.1 doubleclick.net
127.0.0.1 download1.libereco.net
127.0.0.1 ehg.hitbox.com
127.0.0.1 ehg-commjun.hitbox.com
127.0.0.1 erie.smartage.com
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 everyone.net
127.0.0.1 exchange-it.com
127.0.0.1 exitfuel.com
127.0.0.1 exitmoney.com
127.0.0.1 fast.mediacharger.com
127.0.0.1 focalink.com
127.0.0.1 fp.valueclick.com
127.0.0.1 fragmentserv.iac-online.de
127.0.0.1 free.fuck-portal.com
127.0.0.1 freebieclub.com
127.0.0.1 freeezinebucks.com
127.0.0.1 freepass.elitecities.com
127.0.0.1 fs.dai.net
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 global.msads.net
127.0.0.1 gm.preferences.com
127.0.0.1 go.ezgreen.com
127.0.0.1 got2goshop.com
127.0.0.1 gp.dejanews.com
127.0.0.1 hacker-spider.de
127.0.0.1 hc2.humanclick.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 hit.hotlog.ru
127.0.0.1 hitbox.com
127.0.0.1 hitmatic.com
127.0.0.1 hitsfrom.popuprush.com
127.0.0.1 hypercount.com
127.0.0.1 ifcol.exitfuel.com
127.0.0.1 image.click2net.com
127.0.0.1 image.com.com
127.0.0.1 image.eimg.com
127.0.0.1 images.sexlist.com
127.0.0.1 images2.nytimes.com
127.0.0.1 img.mediaplex.com
127.0.0.1 impnl.tradedoubler.com
127.0.0.1 internetfuel.com
127.0.0.1 itn.adbureau.net
127.0.0.1 jcms.cydoor.com
127.0.0.1 jeeves.flycast.com
127.0.0.1 jobkeys.ngadcenter.net
127.0.0.1 kansas.valueclick.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 linkbuddies.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 liveadvert.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 looksmartclicks.com
127.0.0.1 lsads.looksmart.com.au
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 marketing-internet.com
127.0.0.1 maximumcash.com
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 media.carpediem.fr
127.0.0.1 media.expedia.com
127.0.0.1 media.fastclick.net
127.0.0.1 media.popuptraffic.com
127.0.0.1 media.preferences.com
127.0.0.1 media20.fastclick.net
127.0.0.1 mediacharger.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 mediaplex.com
127.0.0.1 megacash.de
127.0.0.1 mercury.rmuk.co.uk
127.0.0.1 millenium-hitz.com
127.0.0.1 mjxads.internet.com
127.0.0.1 mojofarm.sjc.mediaplex.com
127.0.0.1 monitor.looksmart.com
127.0.0.1 monsterhitz.to
127.0.0.1 musiccity.streamcastnetwork.com
127.0.0.1 n24.de
127.0.0.1 nbc.adbureau.net
127.0.0.1 newads.cmpnet.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nitrous.exitfuel.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 oad.realmedia.com
127.0.0.1 oas.benchmark.fr
127.0.0.1 onresponse.com
127.0.0.1 onresponse.com
127.0.0.1 p.wtlive.com
127.0.0.1 paycounter.com
127.0.0.1 ph-ad04.focalink.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 php.offshoreclicks.com
127.0.0.1 pluto.beseen.com
127.0.0.1 proxy.ladot.com
127.0.0.1 pub.epiknet.org
127.0.0.1 pub.infiniland.com
127.0.0.1 pub.ketix.com
127.0.0.1 pub.telmedia.fr
127.0.0.1 pub.weborama.fr
127.0.0.1 realads.realmedia.com
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 redirect.iac-online.de
127.0.0.1 regio.adlink.de
127.0.0.1 ResponseMedia-ad.flycast.com
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 rs.webmasterplan.com
127.0.0.1 s0.bluestreak.com
127.0.0.1 s1.bluestreak.com
127.0.0.1 s10.sitemeter.com
127.0.0.1 s11.sitemeter.com
127.0.0.1 s12.sitemeter.com
127.0.0.1 s2.bluestreak.com
127.0.0.1 s2.focalink.com
127.0.0.1 s3.bluestreak.com
127.0.0.1 s4.bluestreak.com
127.0.0.1 s5.bluestreak.com
127.0.0.1 s6.bluestreak.com
127.0.0.1 s7.bluestreak.com
127.0.0.1 s8.bluestreak.com
127.0.0.1 script.weborama.fr
127.0.0.1 secserv.imgis.com
127.0.0.1 servedby.advertising.com
127.0.0.1 servedby.advertwizard.com
127.0.0.1 server.hamster.com
127.0.0.1 server-uk.imrworldwide.com
127.0.0.1 servlets.kliks.nl
127.0.0.1 sextracker.com
127.0.0.1 sh4banner.de
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 shop.freepush.com
127.0.0.1 specialoffers.aol.com
127.0.0.1 spezialreporte.de
127.0.0.1 spin.spinbox.net
127.0.0.1 sprinks-clicks.about.com
127.0.0.1 spylog.com
127.0.0.1 srv1.bannercommunity.de
127.0.0.1 srv2.bannercommunity.de
127.0.0.1 srv3.bannercommunity.de
127.0.0.1 static.admaximize.com
127.0.0.1 stats.superstats.com
127.0.0.1 stats3.porntrack.com
127.0.0.1 statse.webtrendslive.com
127.0.0.1 Suissa-ad.flycast.com
127.0.0.1 survey.proactive.nl
127.0.0.1 sview.avenuea.com
127.0.0.1 t0.extreme-dm.com
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tpl1.realtracker.com
127.0.0.1 tracker.clicktrade.com
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 tuerck.de.counted.com
127.0.0.1 twistedhumor.com
127.0.0.1 ugo.eu-adcenter.net
127.0.0.1 UGO.eu-adcenter.net
127.0.0.1 uk1.linksynergy.com
127.0.0.1 uk2.linksynergy.com
127.0.0.1 uk3.linksynergy.com
127.0.0.1 uk4.linksynergy.com
127.0.0.1 uk5.linksynergy.com
127.0.0.1 us.adserver.yahoo.com
127.0.0.1 v0.extreme-dm.com
127.0.0.1 v1.extreme-dm.com
127.0.0.1 valueclick.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 vant.guj.de
127.0.0.1 view.accendo.com
127.0.0.1 view.avenuea.com
127.0.0.1 vis1.sexlist.com
127.0.0.1 vis2.sexlist.com
127.0.0.1 vis3.sexlist.com
127.0.0.1 vis4.sexlist.com
127.0.0.1 vis5.sexlist.com
127.0.0.1 visite.weborama.fr
127.0.0.1 VNU.eu-adcenter.net
127.0.0.1 w0.extreme-dm.com
127.0.0.1 w113.hitbox.com
127.0.0.1 w117.hitbox.com
127.0.0.1 w25.hitbox.com
127.0.0.1 web2.deja.com
127.0.0.1 webads.bizservers.com
127.0.0.1 weblist.de
127.0.0.1 webxprod.qualcomm.com
127.0.0.1 www.0190-dialer.com
127.0.0.1 www.12traffic.de
127.0.0.1 www.1for1.com
127.0.0.1 www.3turtles.com
127.0.0.1 www.404errorpage.com
127.0.0.1 www.7adpower.com
127.0.0.1 www.7host.com
127.0.0.1 www.activeannonce.com
127.0.0.1 www.adbucks.com
127.0.0.1 www.adexit.com
127.0.0.1 www.adforce.com
127.0.0.1 www.admex.com
127.0.0.1 www.adnetz.net
127.0.0.1 www.adserver.com
127.0.0.1 www.adserver.net
127.0.0.1 www.adsmart.com
127.0.0.1 www.adsmart.net
127.0.0.1 www.adultbizvoice.com
127.0.0.1 www.adultclicks.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.adverity.com
127.0.0.1 www.adverlead.com
127.0.0.1 www.adverline.com
127.0.0.1 www.adverline.fr
127.0.0.1 www.advertising.com
127.0.0.1 www.advertwizard.com
127.0.0.1 www.adviews-sponsor.de
127.0.0.1 www.alladvantage.com
127.0.0.1 www.allclicks.com
127.0.0.1 www.amateur-galleries.com
127.0.0.1 www.bannerads.de
127.0.0.1 www.beseen.com
127.0.0.1 www.bfast.com
127.0.0.1 www.boonsolutions.com
127.0.0.1 www.brutalextreme.com
127.0.0.1 www.burstnet.com
127.0.0.1 www.cash1x1.de
127.0.0.1 www.cash2002.de
127.0.0.1 www.cash4banner.com
127.0.0.1 www.cash4banner.de
127.0.0.1 www.cashcount.com
127.0.0.1 www.cashfiesta.com
127.0.0.1 www.cashradio.com
127.0.0.1 www.cashsurfers.com
127.0.0.1 www.casinoglamour.com
127.0.0.1 www.cellularphones.com
127.0.0.1 www.cibleclick.com
127.0.0.1 www.cj.com
127.0.0.1 www.click-fr.com
127.0.0.1 www.clickxchange.com
127.0.0.1 www.clictrafic.com
127.0.0.1 www.coinpromo.com
127.0.0.1 www.cometcursor.com
127.0.0.1 www.cometsystems.net
127.0.0.1 www.commission-junction.com
127.0.0.1 www.crxwarez.net
127.0.0.1 www.cydoor.com
127.0.0.1 www.daz.com
127.0.0.1 www.directvalue.nl
127.0.0.1 www.drawnsex.com
127.0.0.1 www.eads.com
127.0.0.1 www.fastclick.net
127.0.0.1 www.fastmetasearch.com
127.0.0.1 www.flycast.co.uk
127.0.0.1 www.flycast.com
127.0.0.1 www.free-banners.com
127.0.0.1 www.freeezinebucks.com
127.0.0.1 www.freestats.com
127.0.0.1 www.fuck-portal.com
127.0.0.1 www.gamingclub.com
127.0.0.1 www.gator.co.uk
127.0.0.1 www.gator.com
127.0.0.1 www.gator.net
127.0.0.1 www.genhit.com
127.0.0.1 www.getsearches.com
127.0.0.1 www.gopopup.com
127.0.0.1 www.grokster.com
127.0.0.1 www.hardcorepornos.org
127.0.0.1 www.hightrafficads.com
127.0.0.1 www.hit-parade.com
127.0.0.1 www.hitsme.com
127.0.0.1 www.imaginemedia.com
127.0.0.1 www.kliks.nl
127.0.0.1 www.lastconsole.com
127.0.0.1 www.linkshare.com
127.0.0.1 www.liveadvert.com
127.0.0.1 www.lo-litas.com
127.0.0.1 www.looksmartclicks.com
127.0.0.1 www.lop.com
127.0.0.1 www.lottoforever.com
127.0.0.1 www.mediaplex.com
127.0.0.1 www.megacash.de
127.0.0.1 www.modchip.com
127.0.0.1 www.mod-chip.com
127.0.0.1 www.money4exit.de
127.0.0.1 www.my-stats.com
127.0.0.1 www.netbroadcaster.com
127.0.0.1 www.netdirect.nl
127.0.0.1 www.netflip.com
127.0.0.1 www.netgravity.com
127.0.0.1 www.newtopsites.com
127.0.0.1 www.nic.co.il
127.0.0.1 www.nudelinkz.com
127.0.0.1 www.oneandonlynetwork.com
127.0.0.1 www.onresponse.com
127.0.0.1 www.paidpopup.de
127.0.0.1 www.piratos.de
127.0.0.1 www.popdown.de
127.0.0.1 www.popuptraffic.com
127.0.0.1 www.PostMasterBannerNet.com
127.0.0.1 www.prepaidliving.com
127.0.0.1 www.qksrv.net
127.0.0.1 www.qualityhitz.com
127.0.0.1 www.qualypromos.com
127.0.0.1 www.radiate.com
127.0.0.1 www.radiofreecash.com
127.0.0.1 www.rankyou.com
127.0.0.1 www.reference-sexe.com
127.0.0.1 www.searchtraffic.com
127.0.0.1 www.sexfranco.com
127.0.0.1 www.sexfreelist.com
127.0.0.1 www.sexlist.com
127.0.0.1 www.sexspy.com
127.0.0.1 www.sexstudio24.de
127.0.0.1 www.sextracker.com
127.0.0.1 www.sextraffic.org
127.0.0.1 www.sexyfreehost.com
127.0.0.1 www.sexyplugin.com
127.0.0.1 www.simplecounter.net
127.0.0.1 www.slutzoo.com
127.0.0.1 www.sonixwarez.com
127.0.0.1 www.sponsor2002.de
127.0.0.1 www.targetshop.com
127.0.0.1 www.teknosurf.com
127.0.0.1 www.teknosurf2.com
127.0.0.1 www.teknosurf3.com
127.0.0.1 www.theadultwire.com
127.0.0.1 www.topwarez-fr.com
127.0.0.1 www.toys-galleries.com
127.0.0.1 www.trafficmonetizer.com
127.0.0.1 www.unionwarez.com
127.0.0.1 www.valueclick.com
127.0.0.1 www.valuesponsor.com
127.0.0.1 www.warez33.com
127.0.0.1 www.warezfield.com
127.0.0.1 www.web3000.co.uk
127.0.0.1 www.web3000.com
127.0.0.1 www.webads.nl
127.0.0.1 www.webferret.com
127.0.0.1 www.webhancer.com
127.0.0.1 www.webhancer.net
127.0.0.1 www.weblist.de
127.0.0.1 www.websitefinancing.com
127.0.0.1 www.wedoo.com
127.0.0.1 www.win24.de
127.0.0.1 www.wingowin.com
127.0.0.1 www.wtlive.com
127.0.0.1 www.xiti.com
127.0.0.1 www.xxxdisplay.com
127.0.0.1 www.xxxteenclub.de
127.0.0.1 www.youmakemoney.com
127.0.0.1 www.zeloop.net
127.0.0.1 www2.burstnet.com
127.0.0.1 www2.consumercreditusa.com
127.0.0.1 www3.netgravity.com
127.0.0.1 www4.netgravity.com
127.0.0.1 www4.trix.net
127.0.0.1 www80.valueclick.com
127.0.0.1 xads.infospace.com
127.0.0.1 xads.zedo.com
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.extreme-dm.com
127.0.0.1 zac.netgravity.com

# new
127.0.0.1 www.xpostx.com
127.0.0.1 clicks.oxcash.com
127.0.0.1 www.paypopup.com
127.0.0.1 download2.0190-dialer.com
127.0.0.1 www.service-url.de


145 posted on 06/06/2004 8:14:04 AM PDT by HairOfTheDog (farewell to a great president.)
[ Post Reply | Private Reply | To 143 | View Replies]

To: mfccinsd

OOPS Forgot to ping you.... see my post above!


146 posted on 06/06/2004 8:19:45 AM PDT by HairOfTheDog (farewell to a great president.)
[ Post Reply | Private Reply | To 145 | View Replies]

To: HairOfTheDog
I'm glad that you got it straightened out...

You don't know the half of it. The hosts file is searched BEFORE DNS, so a bad guy could easily insert an entry like www.paypal.com or www.ebay.com in your hosts file, which then sends you to an alternate "bad guy" site, and you could unknowingly enter your username and password.

Again, the 127.0.0.1 address is TCP/IP speak for your computer. So, if you've got some trojan or other program running, you could get the porn pop-ups even if you're disconnected from the Internet!

I'm glad I could be of some help

Mark

147 posted on 06/06/2004 8:49:35 AM PDT by MarkL (The meek shall inherit the earth... But usually in plots 6' x 3' x 6' deep...)
[ Post Reply | Private Reply | To 145 | View Replies]

To: MarkL

Well, the thing is.... the computer worked fine... I never did have trouble with my computer acting up, I only knew this stuff was in my cache because clearing the cache became part of my troubleshooting for a bad DNS juju problem I had awhile ago. That (I believe) was a bad name server problem with my ISP that they eventually fixed.

But it bothered me that I'd see things like "sextracker" in my cache when I hadn't done anything!


148 posted on 06/06/2004 8:54:24 AM PDT by HairOfTheDog (farewell to a great president.)
[ Post Reply | Private Reply | To 147 | View Replies]

To: MarkL
Well, the thing is.... the computer worked fine... I never did have trouble with my computer acting up that I knew of anyhow!
149 posted on 06/06/2004 8:56:20 AM PDT by HairOfTheDog (farewell to a great president.)
[ Post Reply | Private Reply | To 147 | View Replies]

To: Long Cut

Good post. I've got a friend's laptop on my desk, for a spyware exorcism, right now. It's currently installing Windows updates, after a couple of Ad-Aware and Spybot sessions.

I'm not sure which ring of Hell that spammers and malware/adware/hijacker writers and distributors will occupy, but they are in there somewhere.


150 posted on 06/06/2004 9:01:50 AM PDT by FreedomPoster (hoplophobia is a mental aberration rather than a mere attitude)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-5051-100101-150151-192 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson