Free Republic
Browse · Search		 News/Activism
Topics · Post Article

Skip to comments.

HIJACK! (No, not THAT kind!)
various | Today | Me

Posted on 06/05/2004 8:06:55 PM PDT by Long Cut

You may have heard of this lately, or perhaps have had it happen to you. That's right...your internet browser gets hijacked. Taken from your control, as it were.

It takes you to sites you would never have visited in a million years; your computer slows down and maybe crashes; your homepage is mysteriously changed; you now have about a dozen "favorites" that you never selected and don't want.

You've been HIJACKED!

What happened? How? You ask, as you pull your hair out in disgust.

Well, it happened to me,, and some FReepers I know, and a LOT of my friends, lately. I've been hearing scuttlebutt around the Web, and around the water cooler. People's computers are being taken over by insidious, rotten spyware and malware that effectively seizes control and can have serious reperussions for the user.

These things download some particularly nasty porn, even child porn, to a computer. People have been fired, investigated, and disgraced for something they never did.

I discovered mine one day whil, of all things, trying to access FR. I mistyped the URL, and found myself redirected to some porn search engine. Massive popups overwhelmed my Pop-up Stopper, and froze my computer.

After the reboot, I ran my McAffie antivirus, which quickly crashed the system and failed to ever work again. Ad-Aware removed some registry keys and values, and I thought all was well.

Wrong. It happened again.

Now, I got serious. I obtained Symantec Pro version, and ran it. It caught several more bugs, but some couldn't be quarantined OR removed.

I was in a fix. I was using a computer that FReeper thumperusn had graciously loaned me, and I didn't want to give it back to him all jacked up. Thus began my battle with the Internet demon known as "CoolWebSearch".

I went to sites like Spywareguide.com, Spywareinfo.com,, and Symantec's excellent site, and educated myself about CWS. It's a mean one.

With over 25 versions to date, and about 30 affiliated sites, CWS has infected millions of computers to date. It uses a "hole" in JavaScript Virtual Machine to invade your machine and make changes to IE and your registry. It also copies itself to your "restore" files, which the antivirus and anti-spyware programs DO NOT search or modify.

After educating myself, and wading through literally hundreds of pages of "geek-speak", I formed a plan of attack.

PROTECTION

First, I would fix the holes in my system. The borrowed laptop used Windows Me, from 2000. It needed updating, and MS's website had a whole bunch of them. Since I'm on a dialup, it took hours to download and install all the patches.

Next, some firewalls. At Major Geeks.com, I found and downloaded Zone Alarm and Browser Hijack Blaster, both for free. Thus protected from further invasion, I set about curing the disease.

MEDICINE FOR A SICK COMPUTER

I first updated the Symantec to the latest standards. I then did the same with Ad-Aware, and downloaded Spybot Search&Destroy from Majorgeeks. It was about then I discovered that I was not alone.

I found Merjin.org, a website set up by a computer student with the sole purpose of combatting CWS. From there, I obtained the invaluable CWShredder, a program that can remove ANY CWS bugs, and which is updated frequently. I also got HiJackTHIS!, a program which can find and display anything that is downloaded to your computer, and remove it with a command.

So effective are these programs, CWS has recently conducted Denial Of Service attacks on Merjin.org. Thankfully, it has survived...it also contains detailed information about all the CWS variants, and manual removal procedures.

I was able to sweep my system clean of many more bugs. Unfortunately, I still wasn't done.

HEALING THE PATIENT

I was still getting some spyware from CWS, and some Browser Helper Objects (BHO's) were still turning up. Fortunately, due to Zone Alarm and Hijack Blaster, I was warned well in advance. However, I was suspicious as to how it was happening on a daily basis. Thus, I went even deeper.

I went to Symantec's website and downloaded detailed instructions for THOUROUGHLY cleaning your system. I had missed something important.

CWS also writes itself to your "restore" files. These are immune from the cleaning software. The cure for that was quite new for me, a relative computer novice. However, one learns by doing, so I plowed ahead.

I disabled the "restore" function (instructions from Symantec), and rebooted into "safe" mode(also on Symantec's instructions). I then ran all my cleaning and anti-virus/anti-spyware programs, deleting everything found.

Then, I went to the C://System/Restore files and deleted them all. If it affects the "restore" function adversly, I have not seen evidence of it yet.

I rebooted, performed a scandisk and a defrag, and rebooted again. Then I enabled the "restore" function once more.

That was yesterday, and so far, so good. I'd like to think I got it all, but with these bugs, you never know. Fortunately, I'm now forewarned and forearmed.

TOPICS: Crime/Corruption; Culture/Society; Miscellaneous; News/Current Events; Your Opinion/Questions
KEYWORDS: computers; coolwebsearch; hijack; hijackers; spyware; trojanhorses; virus; viruses; worm
Navigation: use the links below to view more comments.
first previous 1-20 ... 121-140141-160161-180181-192 next last
To: Long Cut

Thanks for the info.


141 posted on 06/06/2004 6:39:07 AM PDT by tsomer
[ Post Reply | Private Reply | To 111 | View Replies]
To: MarkL
This is what is in there...


142 posted on 06/06/2004 7:31:54 AM PDT by HairOfTheDog (farewell to a great president.)
[ Post Reply | Private Reply | To 120 | View Replies]
To: HairOfTheDog

Wow! A 19KB hosts file? You've been hit by something. Please freepmail me your hosts and hosts.old files. You haven't got an lmhosts file (that's OK).

I'll see if I can "fix it" for you, then freepmail it back to you. It should be pretty simple.

Mark


143 posted on 06/06/2004 7:54:18 AM PDT by MarkL (The meek shall inherit the earth... But usually in plots 6' x 3' x 6' deep...)
[ Post Reply | Private Reply | To 142 | View Replies]
To: zeugma

I'm still learning the differences, so though I know of .js files and the "user chrome" when they're mentioned, I haven't touched them as of yet.

Maybe someday I'll try Linux. I'm about ready too. I can't fathom so many jumping on the XP bandwagon. One of my pet sayings about it is how you have to have a former fry cook to authorize your using what you bought and paid for.

I understand those who go and buy their first computer at Wal-Mart. As when I started, they know no better and that's what's offered now. But for anyone who has been around computers a while, the Big Brother aspects should have fired off alarm bells. There's been even worse rumors about Longhorn, and that "lockbox" (the DRM thing).

Oh well, I'm still on the Dark Side, but I'm gonna run ME into the ground before becoming a slave to fry cooks.


144 posted on 06/06/2004 8:05:09 AM PDT by JoJo Gunn (Intellectuals exist only if you believe they do. ©)
[ Post Reply | Private Reply | To 128 | View Replies]
To: MarkL; ecurbh; Ramius; Long Cut

WOW! You got it! My fiancee is here and knew how to go in and look at that stuff.... and there was all kinds of frap in there he knew how to get rid of and give me a clean hosts file... Now when I flush the cache, nothing insidious shows up there.

Thanks also to mfccinsd, who helped me run the HijackThis tool and get rid of some other leftovers I just didn't need in there!

But just so you know the weight you have lifted from me, here is what was in there! (I did once briefly have Kazaa, but I swear to you, I have never willingly been to any of the sex-type stuff! Here is my host file the way it was:

# localhost: Needs to stay like this to work
127.0.0.1 localhost

# KaZaA related:

127.0.0.1 desktop.kazaa.com
# 216.239.39.101 = www.google.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 alpha.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 www.b3d.com

# Adservers and other crappy sites:

127.0.0.1 123banners.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.es.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.free6.com
127.0.0.1 ad.it.doubleclick.net
127.0.0.1 ad.iwin.com
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.kr.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.trafficmp.com
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.webprovider.com
127.0.0.1 ad08.focalink.com
127.0.0.1 ad1.adcept.net
127.0.0.1 ad1.icorp.net
127.0.0.1 ad1.looksmart.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ad2.looksmart.com
127.0.0.1 ad3.adcept.net
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreatives.imaginemedia.com
127.0.0.1 addb.looksmart.com
127.0.0.1 adevents.msn.com
127.0.0.1 adex3.flycast.com
127.0.0.1 adforce.ads.imgis.com
127.0.0.1 adforce.imgis.com
127.0.0.1 adfu.blockstackers.com
127.0.0.1 adimage.blm.net
127.0.0.1 adimages.earthweb.com
127.0.0.1 adimages.go.com
127.0.0.1 adimages.imaginemedia.com
127.0.0.1 adimg.egroups.com
127.0.0.1 admedia.xoom.com
127.0.0.1 admonitor.net
127.0.0.1 adpick.switchboard.com
127.0.0.1 adproject.net
127.0.0.1 adremote.pathfinder.com
127.0.0.1 adres.internet.com
127.0.0.1 ads.adflight.com
127.0.0.1 ads.ad-flow.com
127.0.0.1 ads.admaximize.com
127.0.0.1 ads.admonitor.net
127.0.0.1 ads.adroar.com
127.0.0.1 ads.bfast.com
127.0.0.1 ads.box.sk
127.0.0.1 ads.burstnet.com
127.0.0.1 ads.cdfreaks.com
127.0.0.1 ads.chrbanner.com
127.0.0.1 ads.clickagents.com
127.0.0.1 ads.clickhouse.com
127.0.0.1 ads.dai.net
127.0.0.1 ads.datais.com
127.0.0.1 ads.enliven.com
127.0.0.1 ads.eu.msn.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.fool.com
127.0.0.1 ads.fortunecity.com
127.0.0.1 ads.fortunecity.fr
127.0.0.1 ads.freeze.com
127.0.0.1 ads.freshmeat.net
127.0.0.1 ads.god.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 ads.hitcents.com
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.i12.de
127.0.0.1 ads.i33.com
127.0.0.1 ads.ign.com
127.0.0.1 ads.imaginemedia.com
127.0.0.1 ads.indya.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.irover.com
127.0.0.1 ads.ixo.com
127.0.0.1 ads.jpost.com
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.killerapp.com
127.0.0.1 ads.link4ads.com
127.0.0.1 ads.linksponsor.com
127.0.0.1 ads.looksmart.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.lycos.de
127.0.0.1 ads.madison.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 ads.msn.com
127.0.0.1 ads.musiccity.com
127.0.0.1 ads.netomia.com
127.0.0.1 ads.newcity.com
127.0.0.1 ads.newcitynet.com
127.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.rediff.com
127.0.0.1 ads.satyamonline.com
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.smartclicks.net
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.startpath.com
127.0.0.1 ads.station.sony.com
127.0.0.1 ads.tiscali.fr
127.0.0.1 ads.tripod.com
127.0.0.1 ads.tucows.com
127.0.0.1 ads.vcommunities.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.x10.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.zdnet.com
127.0.0.1 ads01.focalink.com
127.0.0.1 ads02.focalink.com
127.0.0.1 ads03.focalink.com
127.0.0.1 ads04.focalink.com
127.0.0.1 ads05.focalink.com
127.0.0.1 ads06.focalink.com
127.0.0.1 ads07.focalink.com
127.0.0.1 ads08.focalink.com
127.0.0.1 ads09.focalink.com
127.0.0.1 ads1.activeagent.at
127.0.0.1 ads1.ad-flow.com
127.0.0.1 ads1.speedbit.com
127.0.0.1 ads10.focalink.com
127.0.0.1 ads11.focalink.com
127.0.0.1 ads12.focalink.com
127.0.0.1 ads13.focalink.com
127.0.0.1 ads14.focalink.com
127.0.0.1 ads15.focalink.com
127.0.0.1 ads16.focalink.com
127.0.0.1 ads17.focalink.com
127.0.0.1 ads18.focalink.com
127.0.0.1 ads19.focalink.com
127.0.0.1 ads2.speedbit.com
127.0.0.1 ads2.zdnet.com
127.0.0.1 ads20.focalink.com
127.0.0.1 ads21.focalink.com
127.0.0.1 ads22.focalink.com
127.0.0.1 ads23.focalink.com
127.0.0.1 ads24.focalink.com
127.0.0.1 ads25.focalink.com
127.0.0.1 ads3.speedbit.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads4.speedbit.com
127.0.0.1 ads5.gamecity.net
127.0.0.1 ads5.speedbit.com
127.0.0.1 ads6.speedbit.com
127.0.0.1 ads7.speedbit.com
127.0.0.1 ads8.speedbit.com
127.0.0.1 adserv.bravenet.com
127.0.0.1 adserv.bravenet.com
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.internetfuel.com
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserver.affiliation.com
127.0.0.1 adserver.akqa.net
127.0.0.1 adserver.dbusiness.com
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.humanux.com
127.0.0.1 adserver.imaginemedia.com
127.0.0.1 adserver.isonews.com
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.lunarpages.com
127.0.0.1 adserver.merc.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver.tweakers.net
127.0.0.1 adserver.ugo.com
127.0.0.1 adserver.webads.nl
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adserver2.imaginemedia.com
127.0.0.1 AdSubstract
127.0.0.1 adsubstract
127.0.0.1 ads-ussj1.focalink.com
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 adulttds.com
127.0.0.1 aglink.mircx.com
127.0.0.1 antfarm-ad.flycast.com
127.0.0.1 au.ads.link4ads.com
127.0.0.1 bach.aureate.com
127.0.0.1 badservant.guj.de
127.0.0.1 banner.50megs.com
127.0.0.1 banner.adverity.com
127.0.0.1 banner.commissionpartner.com
127.0.0.1 banner.de
127.0.0.1 banner.easyspace.com
127.0.0.1 banner.free6.com
127.0.0.1 banner.i-3.de
127.0.0.1 banner.media-system.de
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 bannerad.ipgnet.com
127.0.0.1 bannerads.de
127.0.0.1 bannerfarm.ace.advertising.com
127.0.0.1 bannerimages.0catch.com
127.0.0.1 bannermaster.geektech.com
127.0.0.1 banner-net.com
127.0.0.1 bannerpower.com
127.0.0.1 banners.adultfriendfinder.com
127.0.0.1 banners.easydns.com
127.0.0.1 banners.free6.com
127.0.0.1 banners.hotlinks.net
127.0.0.1 banners.looksmart.com
127.0.0.1 banners.nextcard.com
127.0.0.1 banners.pennyweb.com
127.0.0.1 banners.webmasterplan.com
127.0.0.1 banners.wunderground.com
127.0.0.1 bannervip.webjump.com
127.0.0.1 banzai.moodlogic.com
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 beseen.com
127.0.0.1 beseen.looksmart.com
127.0.0.1 beseen5.looksmart.com
127.0.0.1 beseenad.looksmart.com
127.0.0.1 beseenad1.looksmart.com
127.0.0.1 beseenad2.looksmart.com
127.0.0.1 beseenad3.looksmart.com
127.0.0.1 beseenadx.looksmart.com
127.0.0.1 bfast.com
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bn.bfast.com
127.0.0.1 botw.topbucks.com
127.0.0.1 bsads.looksmart.com
127.0.0.1 by.advertising.com
127.0.0.1 c1.thecounter.com
127.0.0.1 c2.thecounter.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 califia.imaginemedia.com
127.0.0.1 cash4banner.com
127.0.0.1 cash4banner.de
127.0.0.1 cds.mediaplex.com
127.0.0.1 cgi.sexlist.com
127.0.0.1 click.avenuea.com
127.0.0.1 click.go2net.com
127.0.0.1 click.linksynergy.com
127.0.0.1 clickagents.com
127.0.0.1 clicks.about.com
127.0.0.1 clit5.sextracker.com
127.0.0.1 code02.pbtech.net
127.0.0.1 commonwealth.riddler.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 counter.hitbox.com
127.0.0.1 counter1.sextracker.com
127.0.0.1 counter10.sextracker.com
127.0.0.1 counter11.sextracker.com
127.0.0.1 counter12.sextracker.com
127.0.0.1 counter13.sextracker.com
127.0.0.1 counter14.sextracker.com
127.0.0.1 counter15.sextracker.com
127.0.0.1 counter16.sextracker.com
127.0.0.1 counter2.sextracker.com
127.0.0.1 counter3.sextracker.com
127.0.0.1 counter4.sextracker.com
127.0.0.1 counter5.sextracker.com
127.0.0.1 counter6.sextracker.com
127.0.0.1 counter7.sextracker.com
127.0.0.1 counter8.sextracker.com
127.0.0.1 counter9.sextracker.com
127.0.0.1 crs.akamai.com
127.0.0.1 crux.songline.com
127.0.0.1 ct.iac-online.de
127.0.0.1 ctc.amateurpages.com
127.0.0.1 de.netstatpro.net
127.0.0.1 desktop.grokster.com
127.0.0.1 dialer.offshoreclicks.com
127.0.0.1 doubleclick.net
127.0.0.1 download1.libereco.net
127.0.0.1 ehg.hitbox.com
127.0.0.1 ehg-commjun.hitbox.com
127.0.0.1 erie.smartage.com
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 everyone.net
127.0.0.1 exchange-it.com
127.0.0.1 exitfuel.com
127.0.0.1 exitmoney.com
127.0.0.1 fast.mediacharger.com
127.0.0.1 focalink.com
127.0.0.1 fp.valueclick.com
127.0.0.1 fragmentserv.iac-online.de
127.0.0.1 free.fuck-portal.com
127.0.0.1 freebieclub.com
127.0.0.1 freeezinebucks.com
127.0.0.1 freepass.elitecities.com
127.0.0.1 fs.dai.net
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 global.msads.net
127.0.0.1 gm.preferences.com
127.0.0.1 go.ezgreen.com
127.0.0.1 got2goshop.com
127.0.0.1 gp.dejanews.com
127.0.0.1 hacker-spider.de
127.0.0.1 hc2.humanclick.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 hit.hotlog.ru
127.0.0.1 hitbox.com
127.0.0.1 hitmatic.com
127.0.0.1 hitsfrom.popuprush.com
127.0.0.1 hypercount.com
127.0.0.1 ifcol.exitfuel.com
127.0.0.1 image.click2net.com
127.0.0.1 image.com.com
127.0.0.1 image.eimg.com
127.0.0.1 images.sexlist.com
127.0.0.1 images2.nytimes.com
127.0.0.1 img.mediaplex.com
127.0.0.1 impnl.tradedoubler.com
127.0.0.1 internetfuel.com
127.0.0.1 itn.adbureau.net
127.0.0.1 jcms.cydoor.com
127.0.0.1 jeeves.flycast.com
127.0.0.1 jobkeys.ngadcenter.net
127.0.0.1 kansas.valueclick.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 linkbuddies.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 liveadvert.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 looksmartclicks.com
127.0.0.1 lsads.looksmart.com.au
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 marketing-internet.com
127.0.0.1 maximumcash.com
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 media.carpediem.fr
127.0.0.1 media.expedia.com
127.0.0.1 media.fastclick.net
127.0.0.1 media.popuptraffic.com
127.0.0.1 media.preferences.com
127.0.0.1 media20.fastclick.net
127.0.0.1 mediacharger.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 mediaplex.com
127.0.0.1 megacash.de
127.0.0.1 mercury.rmuk.co.uk
127.0.0.1 millenium-hitz.com
127.0.0.1 mjxads.internet.com
127.0.0.1 mojofarm.sjc.mediaplex.com
127.0.0.1 monitor.looksmart.com
127.0.0.1 monsterhitz.to
127.0.0.1 musiccity.streamcastnetwork.com
127.0.0.1 n24.de
127.0.0.1 nbc.adbureau.net
127.0.0.1 newads.cmpnet.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nitrous.exitfuel.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 oad.realmedia.com
127.0.0.1 oas.benchmark.fr
127.0.0.1 onresponse.com
127.0.0.1 onresponse.com
127.0.0.1 p.wtlive.com
127.0.0.1 paycounter.com
127.0.0.1 ph-ad04.focalink.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 php.offshoreclicks.com
127.0.0.1 pluto.beseen.com
127.0.0.1 proxy.ladot.com
127.0.0.1 pub.epiknet.org
127.0.0.1 pub.infiniland.com
127.0.0.1 pub.ketix.com
127.0.0.1 pub.telmedia.fr
127.0.0.1 pub.weborama.fr
127.0.0.1 realads.realmedia.com
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 redirect.iac-online.de
127.0.0.1 regio.adlink.de
127.0.0.1 ResponseMedia-ad.flycast.com
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 rs.webmasterplan.com
127.0.0.1 s0.bluestreak.com
127.0.0.1 s1.bluestreak.com
127.0.0.1 s10.sitemeter.com
127.0.0.1 s11.sitemeter.com
127.0.0.1 s12.sitemeter.com
127.0.0.1 s2.bluestreak.com
127.0.0.1 s2.focalink.com
127.0.0.1 s3.bluestreak.com
127.0.0.1 s4.bluestreak.com
127.0.0.1 s5.bluestreak.com
127.0.0.1 s6.bluestreak.com
127.0.0.1 s7.bluestreak.com
127.0.0.1 s8.bluestreak.com
127.0.0.1 script.weborama.fr
127.0.0.1 secserv.imgis.com
127.0.0.1 servedby.advertising.com
127.0.0.1 servedby.advertwizard.com
127.0.0.1 server.hamster.com
127.0.0.1 server-uk.imrworldwide.com
127.0.0.1 servlets.kliks.nl
127.0.0.1 sextracker.com
127.0.0.1 sh4banner.de
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 shop.freepush.com
127.0.0.1 specialoffers.aol.com
127.0.0.1 spezialreporte.de
127.0.0.1 spin.spinbox.net
127.0.0.1 sprinks-clicks.about.com
127.0.0.1 spylog.com
127.0.0.1 srv1.bannercommunity.de
127.0.0.1 srv2.bannercommunity.de
127.0.0.1 srv3.bannercommunity.de
127.0.0.1 static.admaximize.com
127.0.0.1 stats.superstats.com
127.0.0.1 stats3.porntrack.com
127.0.0.1 statse.webtrendslive.com
127.0.0.1 Suissa-ad.flycast.com
127.0.0.1 survey.proactive.nl
127.0.0.1 sview.avenuea.com
127.0.0.1 t0.extreme-dm.com
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tpl1.realtracker.com
127.0.0.1 tracker.clicktrade.com
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 tuerck.de.counted.com
127.0.0.1 twistedhumor.com
127.0.0.1 ugo.eu-adcenter.net
127.0.0.1 UGO.eu-adcenter.net
127.0.0.1 uk1.linksynergy.com
127.0.0.1 uk2.linksynergy.com
127.0.0.1 uk3.linksynergy.com
127.0.0.1 uk4.linksynergy.com
127.0.0.1 uk5.linksynergy.com
127.0.0.1 us.adserver.yahoo.com
127.0.0.1 v0.extreme-dm.com
127.0.0.1 v1.extreme-dm.com
127.0.0.1 valueclick.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 vant.guj.de
127.0.0.1 view.accendo.com
127.0.0.1 view.avenuea.com
127.0.0.1 vis1.sexlist.com
127.0.0.1 vis2.sexlist.com
127.0.0.1 vis3.sexlist.com
127.0.0.1 vis4.sexlist.com
127.0.0.1 vis5.sexlist.com
127.0.0.1 visite.weborama.fr
127.0.0.1 VNU.eu-adcenter.net
127.0.0.1 w0.extreme-dm.com
127.0.0.1 w113.hitbox.com
127.0.0.1 w117.hitbox.com
127.0.0.1 w25.hitbox.com
127.0.0.1 web2.deja.com
127.0.0.1 webads.bizservers.com
127.0.0.1 weblist.de
127.0.0.1 webxprod.qualcomm.com
127.0.0.1 www.0190-dialer.com
127.0.0.1 www.12traffic.de
127.0.0.1 www.1for1.com
127.0.0.1 www.3turtles.com
127.0.0.1 www.404errorpage.com
127.0.0.1 www.7adpower.com
127.0.0.1 www.7host.com
127.0.0.1 www.activeannonce.com
127.0.0.1 www.adbucks.com
127.0.0.1 www.adexit.com
127.0.0.1 www.adforce.com
127.0.0.1 www.admex.com
127.0.0.1 www.adnetz.net
127.0.0.1 www.adserver.com
127.0.0.1 www.adserver.net
127.0.0.1 www.adsmart.com
127.0.0.1 www.adsmart.net
127.0.0.1 www.adultbizvoice.com
127.0.0.1 www.adultclicks.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.adverity.com
127.0.0.1 www.adverlead.com
127.0.0.1 www.adverline.com
127.0.0.1 www.adverline.fr
127.0.0.1 www.advertising.com
127.0.0.1 www.advertwizard.com
127.0.0.1 www.adviews-sponsor.de
127.0.0.1 www.alladvantage.com
127.0.0.1 www.allclicks.com
127.0.0.1 www.amateur-galleries.com
127.0.0.1 www.bannerads.de
127.0.0.1 www.beseen.com
127.0.0.1 www.bfast.com
127.0.0.1 www.boonsolutions.com
127.0.0.1 www.brutalextreme.com
127.0.0.1 www.burstnet.com
127.0.0.1 www.cash1x1.de
127.0.0.1 www.cash2002.de
127.0.0.1 www.cash4banner.com
127.0.0.1 www.cash4banner.de
127.0.0.1 www.cashcount.com
127.0.0.1 www.cashfiesta.com
127.0.0.1 www.cashradio.com
127.0.0.1 www.cashsurfers.com
127.0.0.1 www.casinoglamour.com
127.0.0.1 www.cellularphones.com
127.0.0.1 www.cibleclick.com
127.0.0.1 www.cj.com
127.0.0.1 www.click-fr.com
127.0.0.1 www.clickxchange.com
127.0.0.1 www.clictrafic.com
127.0.0.1 www.coinpromo.com
127.0.0.1 www.cometcursor.com
127.0.0.1 www.cometsystems.net
127.0.0.1 www.commission-junction.com
127.0.0.1 www.crxwarez.net
127.0.0.1 www.cydoor.com
127.0.0.1 www.daz.com
127.0.0.1 www.directvalue.nl
127.0.0.1 www.drawnsex.com
127.0.0.1 www.eads.com
127.0.0.1 www.fastclick.net
127.0.0.1 www.fastmetasearch.com
127.0.0.1 www.flycast.co.uk
127.0.0.1 www.flycast.com
127.0.0.1 www.free-banners.com
127.0.0.1 www.freeezinebucks.com
127.0.0.1 www.freestats.com
127.0.0.1 www.fuck-portal.com
127.0.0.1 www.gamingclub.com
127.0.0.1 www.gator.co.uk
127.0.0.1 www.gator.com
127.0.0.1 www.gator.net
127.0.0.1 www.genhit.com
127.0.0.1 www.getsearches.com
127.0.0.1 www.gopopup.com
127.0.0.1 www.grokster.com
127.0.0.1 www.hardcorepornos.org
127.0.0.1 www.hightrafficads.com
127.0.0.1 www.hit-parade.com
127.0.0.1 www.hitsme.com
127.0.0.1 www.imaginemedia.com
127.0.0.1 www.kliks.nl
127.0.0.1 www.lastconsole.com
127.0.0.1 www.linkshare.com
127.0.0.1 www.liveadvert.com
127.0.0.1 www.lo-litas.com
127.0.0.1 www.looksmartclicks.com
127.0.0.1 www.lop.com
127.0.0.1 www.lottoforever.com
127.0.0.1 www.mediaplex.com
127.0.0.1 www.megacash.de
127.0.0.1 www.modchip.com
127.0.0.1 www.mod-chip.com
127.0.0.1 www.money4exit.de
127.0.0.1 www.my-stats.com
127.0.0.1 www.netbroadcaster.com
127.0.0.1 www.netdirect.nl
127.0.0.1 www.netflip.com
127.0.0.1 www.netgravity.com
127.0.0.1 www.newtopsites.com
127.0.0.1 www.nic.co.il
127.0.0.1 www.nudelinkz.com
127.0.0.1 www.oneandonlynetwork.com
127.0.0.1 www.onresponse.com
127.0.0.1 www.paidpopup.de
127.0.0.1 www.piratos.de
127.0.0.1 www.popdown.de
127.0.0.1 www.popuptraffic.com
127.0.0.1 www.PostMasterBannerNet.com
127.0.0.1 www.prepaidliving.com
127.0.0.1 www.qksrv.net
127.0.0.1 www.qualityhitz.com
127.0.0.1 www.qualypromos.com
127.0.0.1 www.radiate.com
127.0.0.1 www.radiofreecash.com
127.0.0.1 www.rankyou.com
127.0.0.1 www.reference-sexe.com
127.0.0.1 www.searchtraffic.com
127.0.0.1 www.sexfranco.com
127.0.0.1 www.sexfreelist.com
127.0.0.1 www.sexlist.com
127.0.0.1 www.sexspy.com
127.0.0.1 www.sexstudio24.de
127.0.0.1 www.sextracker.com
127.0.0.1 www.sextraffic.org
127.0.0.1 www.sexyfreehost.com
127.0.0.1 www.sexyplugin.com
127.0.0.1 www.simplecounter.net
127.0.0.1 www.slutzoo.com
127.0.0.1 www.sonixwarez.com
127.0.0.1 www.sponsor2002.de
127.0.0.1 www.targetshop.com
127.0.0.1 www.teknosurf.com
127.0.0.1 www.teknosurf2.com
127.0.0.1 www.teknosurf3.com
127.0.0.1 www.theadultwire.com
127.0.0.1 www.topwarez-fr.com
127.0.0.1 www.toys-galleries.com
127.0.0.1 www.trafficmonetizer.com
127.0.0.1 www.unionwarez.com
127.0.0.1 www.valueclick.com
127.0.0.1 www.valuesponsor.com
127.0.0.1 www.warez33.com
127.0.0.1 www.warezfield.com
127.0.0.1 www.web3000.co.uk
127.0.0.1 www.web3000.com
127.0.0.1 www.webads.nl
127.0.0.1 www.webferret.com
127.0.0.1 www.webhancer.com
127.0.0.1 www.webhancer.net
127.0.0.1 www.weblist.de
127.0.0.1 www.websitefinancing.com
127.0.0.1 www.wedoo.com
127.0.0.1 www.win24.de
127.0.0.1 www.wingowin.com
127.0.0.1 www.wtlive.com
127.0.0.1 www.xiti.com
127.0.0.1 www.xxxdisplay.com
127.0.0.1 www.xxxteenclub.de
127.0.0.1 www.youmakemoney.com
127.0.0.1 www.zeloop.net
127.0.0.1 www2.burstnet.com
127.0.0.1 www2.consumercreditusa.com
127.0.0.1 www3.netgravity.com
127.0.0.1 www4.netgravity.com
127.0.0.1 www4.trix.net
127.0.0.1 www80.valueclick.com
127.0.0.1 xads.infospace.com
127.0.0.1 xads.zedo.com
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.extreme-dm.com
127.0.0.1 zac.netgravity.com

# new
127.0.0.1 www.xpostx.com
127.0.0.1 clicks.oxcash.com
127.0.0.1 www.paypopup.com
127.0.0.1 download2.0190-dialer.com
127.0.0.1 www.service-url.de


145 posted on 06/06/2004 8:14:04 AM PDT by HairOfTheDog (farewell to a great president.)
[ Post Reply | Private Reply | To 143 | View Replies]
To: mfccinsd

OOPS Forgot to ping you.... see my post above!


146 posted on 06/06/2004 8:19:45 AM PDT by HairOfTheDog (farewell to a great president.)
[ Post Reply | Private Reply | To 145 | View Replies]
To: HairOfTheDog
I'm glad that you got it straightened out...

You don't know the half of it. The hosts file is searched BEFORE DNS, so a bad guy could easily insert an entry like www.paypal.com or www.ebay.com in your hosts file, which then sends you to an alternate "bad guy" site, and you could unknowingly enter your username and password.

Again, the 127.0.0.1 address is TCP/IP speak for your computer. So, if you've got some trojan or other program running, you could get the porn pop-ups even if you're disconnected from the Internet!

I'm glad I could be of some help

Mark

147 posted on 06/06/2004 8:49:35 AM PDT by MarkL (The meek shall inherit the earth... But usually in plots 6' x 3' x 6' deep...)
[ Post Reply | Private Reply | To 145 | View Replies]
To: MarkL

Well, the thing is.... the computer worked fine... I never did have trouble with my computer acting up, I only knew this stuff was in my cache because clearing the cache became part of my troubleshooting for a bad DNS juju problem I had awhile ago. That (I believe) was a bad name server problem with my ISP that they eventually fixed.

But it bothered me that I'd see things like "sextracker" in my cache when I hadn't done anything!


148 posted on 06/06/2004 8:54:24 AM PDT by HairOfTheDog (farewell to a great president.)
[ Post Reply | Private Reply | To 147 | View Replies]
To: MarkL
Well, the thing is.... the computer worked fine... I never did have trouble with my computer acting up that I knew of anyhow!
149 posted on 06/06/2004 8:56:20 AM PDT by HairOfTheDog (farewell to a great president.)
[ Post Reply | Private Reply | To 147 | View Replies]
To: Long Cut

Good post. I've got a friend's laptop on my desk, for a spyware exorcism, right now. It's currently installing Windows updates, after a couple of Ad-Aware and Spybot sessions.

I'm not sure which ring of Hell that spammers and malware/adware/hijacker writers and distributors will occupy, but they are in there somewhere.


150 posted on 06/06/2004 9:01:50 AM PDT by FreedomPoster (hoplophobia is a mental aberration rather than a mere attitude)
[ Post Reply | Private Reply | To 1 | View Replies]
To: FreedomPoster; All
Thanks. The response here has been uniformly positive...both from people witht the bugs, and from those gracious experts who are offering their advice and help.

It seems that FReepers always come through for each other.

151 posted on 06/06/2004 9:43:27 AM PDT by Long Cut (Certainty of Death, small chance of Success...What are we waiting for?...Gimli the Dwarf)
[ Post Reply | Private Reply | To 150 | View Replies]
To: All

BUMP To the top for a new day...


152 posted on 06/06/2004 10:42:12 AM PDT by Long Cut (Certainty of Death, small chance of Success...What are we waiting for?...Gimli the Dwarf)
[ Post Reply | Private Reply | To 1 | View Replies]
To: Long Cut

I'll bump it too. This thread is a great resource and should be bookmarked.


153 posted on 06/06/2004 10:47:38 AM PDT by Bloody Sam Roberts (ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,Election '04...It's going to be a bumpy ride,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø)
[ Post Reply | Private Reply | To 152 | View Replies]
To: Bloody Sam Roberts
You bet. I downloaded Firefox last night, and I'm playing with it now. I love it...it's faster and more convinient than IE ever was.

Only problem I have is that the Synaptec touchpad on my HP Pavilion XH156 here won't scroll with it. Haven't figured that out yet, but I posted the question over at Firefox Support. Hopefully, I'll get a response. Not having a scroll button can be a pain, especially here on FR.

154 posted on 06/06/2004 11:03:27 AM PDT by Long Cut (Certainty of Death, small chance of Success...What are we waiting for?...Gimli the Dwarf)
[ Post Reply | Private Reply | To 153 | View Replies]
To: inflation
I have no trouble with any of this, perhaps it's because I run Linux? ;->

You and my #2 son. He swears by a pop-up block he's going to install for me. We're not sure how it's going to work with Windows XP, but we'll see. I don't remember the name of it, but he and #1 son also mentioned Mowzilla.

Last summer I started getting all kinds of crap on my computer; thankfully no hardcore stuff, but disturbing, nonetheless just to know that someone can install something about which you are not aware and for which you did not ask! It took my computer weenie husband and the aforementioned computer weenie son over 3 hours just to FIND the crap. Turns out, they just built me a new computer and we loaded all new stuff on it and didn't copy over the crap.

I run Spybot every couple of days, but I'm all over the place on the Internet, so I pick up pop-ups all the time. My Norton anti-virus has helped tremendously, too.

155 posted on 06/06/2004 11:11:06 AM PDT by SuziQ (Bush in 2004/Because we Must!!! (Bombard))
[ Post Reply | Private Reply | To 8 | View Replies]
To: mylife
running mozilla firefox has made a tremendous difference.

That's the one my son mentioned, Firefox!

156 posted on 06/06/2004 11:12:46 AM PDT by SuziQ (Bush in 2004/Because we Must!!! (Bombard))
[ Post Reply | Private Reply | To 19 | View Replies]
To: SuziQ
That's the one my son mentioned, Firefox!

Go get it ;^)

157 posted on 06/06/2004 11:14:48 AM PDT by mylife (The roar of the masses could be farts)
[ Post Reply | Private Reply | To 156 | View Replies]
To: MarkL
Again, the 127.0.0.1 address is TCP/IP speak for your computer. So, if you've got some trojan or other program running, you could get the porn pop-ups even if you're disconnected from the Internet!

True, but looking at the posted host file I would guess that it was put in to block adware sites, since redirecting a site to 127.0.0.1 is usually a good way to prevent it from showing up at all. Some people recommend 0.0.0.0 instead; I don't know the pros and cons of one versus the other but I would expect 0.0.0.0 would send out IP requests for information (which would die at the next router) while 127.0.0.1 wouldn't leave the local system.

158 posted on 06/06/2004 11:15:26 AM PDT by supercat (Why is it that the more "gun safety" laws are passed, the less safe my guns seem?)
[ Post Reply | Private Reply | To 147 | View Replies]
To: Long Cut
Only problem I have is that the Synaptec touchpad on my HP Pavilion XH156 here won't scroll with it. Haven't figured that out yet, but I posted the question over at Firefox Support. Hopefully, I'll get a response. Not having a scroll button can be a pain, especially here on FR.

Hmmmmm ...thats odd my scoll function in IE/XP while using FR was jerky, that went away as soon as I started using firefox. it cured the problem for me.

159 posted on 06/06/2004 11:19:04 AM PDT by mylife (The roar of the masses could be farts)
[ Post Reply | Private Reply | To 154 | View Replies]
To: Long Cut
Make sure you get the "TabBrowser Extensions" extension as well as the "Pref Bar" extension. They are the handiest for configuring the browser.

I don't even have a good bluff for the touchpad issue other than...go get a cheap scroll mouse and plug it in.

160 posted on 06/06/2004 11:21:06 AM PDT by Bloody Sam Roberts (ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,Election '04...It's going to be a bumpy ride,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø)
[ Post Reply | Private Reply | To 154 | View Replies]

Navigation: use the links below to view more comments.
first previous 1-20 ... 121-140141-160161-180181-192 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search		 News/Activism
Topics · Post Article
FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson