Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

HIJACK! (No, not THAT kind!)
various | Today | Me

Posted on 06/05/2004 8:06:55 PM PDT by Long Cut

You may have heard of this lately, or perhaps have had it happen to you. That's right...your internet browser gets hijacked. Taken from your control, as it were.

It takes you to sites you would never have visited in a million years; your computer slows down and maybe crashes; your homepage is mysteriously changed; you now have about a dozen "favorites" that you never selected and don't want.

You've been HIJACKED!

What happened? How? You ask, as you pull your hair out in disgust.

Well, it happened to me,, and some FReepers I know, and a LOT of my friends, lately. I've been hearing scuttlebutt around the Web, and around the water cooler. People's computers are being taken over by insidious, rotten spyware and malware that effectively seizes control and can have serious reperussions for the user.

These things download some particularly nasty porn, even child porn, to a computer. People have been fired, investigated, and disgraced for something they never did.

I discovered mine one day whil, of all things, trying to access FR. I mistyped the URL, and found myself redirected to some porn search engine. Massive popups overwhelmed my Pop-up Stopper, and froze my computer.

After the reboot, I ran my McAffie antivirus, which quickly crashed the system and failed to ever work again. Ad-Aware removed some registry keys and values, and I thought all was well.

Wrong. It happened again.

Now, I got serious. I obtained Symantec Pro version, and ran it. It caught several more bugs, but some couldn't be quarantined OR removed.

I was in a fix. I was using a computer that FReeper thumperusn had graciously loaned me, and I didn't want to give it back to him all jacked up. Thus began my battle with the Internet demon known as "CoolWebSearch".

I went to sites like Spywareguide.com, Spywareinfo.com,, and Symantec's excellent site, and educated myself about CWS. It's a mean one.

With over 25 versions to date, and about 30 affiliated sites, CWS has infected millions of computers to date. It uses a "hole" in JavaScript Virtual Machine to invade your machine and make changes to IE and your registry. It also copies itself to your "restore" files, which the antivirus and anti-spyware programs DO NOT search or modify.

After educating myself, and wading through literally hundreds of pages of "geek-speak", I formed a plan of attack.

PROTECTION

First, I would fix the holes in my system. The borrowed laptop used Windows Me, from 2000. It needed updating, and MS's website had a whole bunch of them. Since I'm on a dialup, it took hours to download and install all the patches.

Next, some firewalls. At Major Geeks.com, I found and downloaded Zone Alarm and Browser Hijack Blaster, both for free. Thus protected from further invasion, I set about curing the disease.

MEDICINE FOR A SICK COMPUTER

I first updated the Symantec to the latest standards. I then did the same with Ad-Aware, and downloaded Spybot Search&Destroy from Majorgeeks. It was about then I discovered that I was not alone.

I found Merjin.org, a website set up by a computer student with the sole purpose of combatting CWS. From there, I obtained the invaluable CWShredder, a program that can remove ANY CWS bugs, and which is updated frequently. I also got HiJackTHIS!, a program which can find and display anything that is downloaded to your computer, and remove it with a command.

So effective are these programs, CWS has recently conducted Denial Of Service attacks on Merjin.org. Thankfully, it has survived...it also contains detailed information about all the CWS variants, and manual removal procedures.

I was able to sweep my system clean of many more bugs. Unfortunately, I still wasn't done.

HEALING THE PATIENT

I was still getting some spyware from CWS, and some Browser Helper Objects (BHO's) were still turning up. Fortunately, due to Zone Alarm and Hijack Blaster, I was warned well in advance. However, I was suspicious as to how it was happening on a daily basis. Thus, I went even deeper.

I went to Symantec's website and downloaded detailed instructions for THOUROUGHLY cleaning your system. I had missed something important.

CWS also writes itself to your "restore" files. These are immune from the cleaning software. The cure for that was quite new for me, a relative computer novice. However, one learns by doing, so I plowed ahead.

I disabled the "restore" function (instructions from Symantec), and rebooted into "safe" mode(also on Symantec's instructions). I then ran all my cleaning and anti-virus/anti-spyware programs, deleting everything found.

Then, I went to the C://System/Restore files and deleted them all. If it affects the "restore" function adversly, I have not seen evidence of it yet.

I rebooted, performed a scandisk and a defrag, and rebooted again. Then I enabled the "restore" function once more.

That was yesterday, and so far, so good. I'd like to think I got it all, but with these bugs, you never know. Fortunately, I'm now forewarned and forearmed.


TOPICS: Crime/Corruption; Culture/Society; Miscellaneous; News/Current Events; Your Opinion/Questions
KEYWORDS: computers; coolwebsearch; hijack; hijackers; spyware; trojanhorses; virus; viruses; worm
Navigation: use the links below to view more comments.
first previous 1-20 ... 101-120121-140141-160 ... 181-192 next last
To: MarkL
Uhh .....yeah.........(toe in dirt)......I paid for that one . My mistake thanks for catching it !

Stay safe !

121 posted on 06/05/2004 10:48:23 PM PDT by Squantos (Be polite. Be professional. But, have a plan to kill everyone you meet.)
[ Post Reply | Private Reply | To 119 | View Replies]

To: zeugma; All

Have you seen these links?

http://www.texturizer.net/firefox/extensions/

http://texturizer.net/firefox/themes/

As far as extensions, I recommend:

IE View (right click and open IE if there's a page you can't render correctly with Firefox)

AdBlock (in addition to the standard popup blocker, this extension allows you to right click on banner ads and some Flash and remove them)

External Application Buttons (with this I've added an OE button to the browser bar)

NOTE -there's been some bugs with trying to install more than one extension at a time. Install one, then close the browser and restart it before getting another one.


122 posted on 06/05/2004 10:50:21 PM PDT by JoJo Gunn (Intellectuals exist only if you believe they do. )
[ Post Reply | Private Reply | To 108 | View Replies]

To: supercat
Well, I use 'dir /a' as my file finder; I suppose something could tamper with it, but I don't know that spyware thingies tamper with DOS

Under certain circumstances, that's the ONLY way to see the files. Microsoft's filesystems (NTFS - and if you're using WindowsME (not sure about Win9x) FAT32) has an "undocumented" attribute known as "SuperHidden." This hides a file, even if you're folders are set to show all files. However, a "dir /a" will show these files. BTW, if you do a search on Microsoft's knowledgebase for the word "superhidden," you will not get a single hit! IIRC, Nimda was the first virus to take advantage of this, as well as the ability to block showing the extension of the file in Windows Explorer!

Mark

123 posted on 06/05/2004 11:05:24 PM PDT by MarkL (The meek shall inherit the earth... But usually in plots 6' x 3' x 6' deep...)
[ Post Reply | Private Reply | To 109 | View Replies]

To: JoJo Gunn
I'll have to look into the bugs you mentioned with installing multiple extensions. I upgrade to the latest nightly about every two weeks, and have established a regular procedure for same, which normally requires running the install as root, copying my plugin directory from the previous version, then installing the 6 extensions I use, and re-starting Moz as a user. Even running nightlies, I very rarely run into any installtion related bugs. Do you know any specifics, or should I just browse through bugzilla?
124 posted on 06/05/2004 11:05:37 PM PDT by zeugma (The Great Experiment is over.)
[ Post Reply | Private Reply | To 122 | View Replies]

To: Long Cut; All

Glad you posted this....I just got a problem about a week ago and am in the process of cleaning it up.

Thanks to all for their links and useful info. Does anyone know what it is these idiots are trying to accompolish with these programs? It seems to me the parasite is killing the host.

Will check back for more info here!


125 posted on 06/05/2004 11:08:40 PM PDT by TheLion
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

I'm not that deep into it, don't know about the nightlies, but I've noticed on the support threads that doing more than one at a time seems to be at least a common enough occurence.

That likely will change with 0.9, since it's said to have an extension manager/installer built in.

I've been using this with good luck:

http://backup.jasnapaka.com/

If only it could backup the unprotected cache. sigh


126 posted on 06/05/2004 11:13:04 PM PDT by JoJo Gunn (Intellectuals exist only if you believe they do. )
[ Post Reply | Private Reply | To 124 | View Replies]

To: zeugma; JoJo Gunn

Okay! I'm now using Firefox, and so far, it's great! I've got one question...how do I set a homepage to it? I can't seem to figure that out.


127 posted on 06/05/2004 11:36:44 PM PDT by Long Cut (Certainty of Death, small chance of Success...What are we waiting for?...Gimli the Dwarf)
[ Post Reply | Private Reply | To 124 | View Replies]

To: JoJo Gunn
Interesting program. Doesn't look like they have a Linux version. Of course, it's easy enough creating a tar of your ~/.mozilla and /usr/local/mozilla directories under Linux, so I'm not sure how useful it would be for me.

Thanks for the pointer. This has been a great thread. I think it has garnered a few Mozilla converts! Now, if only I could convince them to move away from the Dark Side...

128 posted on 06/05/2004 11:37:59 PM PDT by zeugma (The Great Experiment is over.)
[ Post Reply | Private Reply | To 126 | View Replies]

To: Long Cut
To set the home page, select the "Edit" menu item, then "Preferences". On my browser, it automatically selects the "Navigator" section is highlighted by default. If you are already browsed to the page, just select the "use current page" button.

One thing that I'd suggest you consider is something I've been doing for quite some time. I browse to my bookmarks.html file by "File", then "Open file". Then I set my homepage to be my bookmarks. I find that this speeds up opening my browser in a major way. Highly reccommended. YMMV

129 posted on 06/05/2004 11:42:48 PM PDT by zeugma (The Great Experiment is over.)
[ Post Reply | Private Reply | To 127 | View Replies]

To: zeugma

Thanks, I got it. One more thing...I've noticed that my scroller on this laptop now won't work. is that normal?


130 posted on 06/05/2004 11:47:42 PM PDT by Long Cut (Certainty of Death, small chance of Success...What are we waiting for?...Gimli the Dwarf)
[ Post Reply | Private Reply | To 129 | View Replies]

To: Long Cut

Even after reboot? I have that problem sometimes if I've been doing too much and it's overwhelmed...but I've always been ok after rebooting...

That's really odd...report back if you figure it out! Never know...now that I said that maybe I'll have the same problem and you can tell me the trick! Ha! :-)


131 posted on 06/06/2004 12:35:09 AM PDT by mfccinsd
[ Post Reply | Private Reply | To 130 | View Replies]

To: IVote2

mozilla firebird.
FASTER, built in pop up blocking... and impervious to internet explorer baloney.

Tis also FREE.


132 posted on 06/06/2004 12:38:30 AM PDT by Robert_Paulson2 (the madridification of our election is now officially underway.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Weimdog

I use a Mac.

My husband managed to infect it.

I simply won't have Explorer on my machine any more. I use Safari and that doesn't allow pop-ups.


133 posted on 06/06/2004 12:41:06 AM PDT by tiamat ("Just a Bronze-Age Gal, Trapped in a Techno-World!")
[ Post Reply | Private Reply | To 72 | View Replies]

To: mercy

Us Mac people are vulnerable too.

My husband managed to infect my machine.

He kept insisting on using Explorer and that's how it got in. I finally ended up simply remving the entire program.

We only use Safari, now.


134 posted on 06/06/2004 12:44:39 AM PDT by tiamat ("Just a Bronze-Age Gal, Trapped in a Techno-World!")
[ Post Reply | Private Reply | To 93 | View Replies]

To: Long Cut

you cannot get rid of IE.. just stop using it. clear it's cache and get rid of it's link in the toolbar...

firefox, thunderbird and mozilla are immune from microsoft based attacks. the firefox browser is blazing fast, has tabbed browsing (incredible feature really really), and graphics rendering is really top notch.

I've used them for four or five years.
Once you have installed a mozilla browser, you won't wanna go back...


135 posted on 06/06/2004 12:47:41 AM PDT by Robert_Paulson2 (the madridification of our election is now officially underway.)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Long Cut
I mistyped the URL, and found myself redirected to some porn search engine.

My computer has a function called "Favorites", so all I have to do is click on the bookmarked Free Republic link and, voila!, I'm there! No typing necessary! I suggest that you get a computer with a "Favorites" function.

Regards
LH

136 posted on 06/06/2004 12:49:26 AM PDT by Lancey Howard
[ Post Reply | Private Reply | To 1 | View Replies]

To: Luis Gonzalez

Spy Sweeper is awesome.


137 posted on 06/06/2004 12:50:10 AM PDT by Lancey Howard
[ Post Reply | Private Reply | To 50 | View Replies]

To: tiamat
My husband managed to infect it.

Exactly WHAT were you infected with? I know of no infectious programs in the wild for Mac OSX.

138 posted on 06/06/2004 2:06:48 AM PDT by Swordmaker (This tagline shut down for renovations and repairs. Re-open June of 2001.)
[ Post Reply | Private Reply | To 133 | View Replies]

To: zeugma
That is the same evolution viruses have taken in Windows.

Before Windows, some DOS level viruses existed.

Those who create viruses don't live in a vacuum. They will modify and adjust.
139 posted on 06/06/2004 3:40:09 AM PDT by TomGuy (Clintonites have such good hind-sight because they had their heads up their hind-ends 8 years.)
[ Post Reply | Private Reply | To 95 | View Replies]

To: Swordmaker

He was using Explorer to surf for naughty pictures ( A thing i do NOT appreciate!) and we had a "button" appear and attach itself to Explorer's tool bar. Took you direct to one of these sites, and you would also get droves of nasty pop-ups.

The dumb thing was right there where my daughter could have gotten to it.

I tried to remove the button and could not. He would also have things begin to down-load and not know how he had activated them.

AND he was leaving smut on the desk-top!

I finally just trashed Explorer and told him I'd break his neck if I found anything like that again.


140 posted on 06/06/2004 5:14:44 AM PDT by tiamat ("Just a Bronze-Age Gal, Trapped in a Techno-World!")
[ Post Reply | Private Reply | To 138 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 101-120121-140141-160 ... 181-192 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson