Hijacked! New Browser Exploits Plague Web

various sites | 07-09-04 | The Heavy Equipment Guy

[backhoe]

There is a new plague of viruses, trojans, and exploits hammering web users... and no one easy solution.

Be advised, I will add the most useful information I have found so far in the first reply, which I am doing for the sake of simple formatting ease.

First off, here's the most current info and links- follow and read all of it:

---

 

 

 Web Sites Still Infected

 

There are new, nastier browser hijackers flooding the web- the best help is here, but be warned, you have to do most yourself and learn to use some new tools. The old anti-virus software does not work on this new series of bugs:

http://forums.spywareinfo.com/index.php?s=d3c1a671159df31c9420ae4d671f1cd2&showforum=18

 

Microsoft Plugs IE; Warns All Browsers At Risk (Test Your Browser Here)

 

Freepers how do I get rid of this spyware crap that is on my computer?

Worm and Virus Wars- the August Edition

 http://www.mozilla.org/products/firefox/

 

 Mozilla/Firefox bug Allows Remote Code Execution (Windows only)

 

---

 

In my comments that follow is the first block of information, in the reply is the second, more detailed:

[Tuscaloosa Goldfinch]

Some of the stuff I've deleted with the spybot stuff is back the next time I run spybot. arrgh!

[AntiGuv]

Oooh - that's good to know! I was planning to go looking for one but haven't yet got around to it. Need to do that soon.. Don't suppose you have a link handy? (If not, there's no need to go to any trouble tracking one down for me. I can do that myself if you don't have a link on hand.)

[AntiGuv]

Like what? I'm guessing "DSO Exploit" is one of them, and maybe "Possible Browser Hijack" - either one of those may require manually editing the registry.

[dansangel]

Thank you for your tireless efforts in helping us all out with this irritating threat to privacy.

We (.45MAN and I) appreciate the emails and updates that you have been so thoughtful to send.

((((((Backhoe)))))))

[Dust in the Wind]

bump

[AntiGuv]

Blazefind is a search redirect hijack. You should get rid of it. See here: Adware.BlazeFind.

[bitt]

if you are using spybot, apparently DSO exploit is showing up on every scan, you are cleaned off, but the glitch will be repaired in the next update...

bridge..etc is a malware.

Ad-aware users should configure their scans:
go here, great resources

http://forums.spywareinfo.com/index.php?showforum=18

[AntiGuv]

The DSO Exploit vulnerability can be corrected in the registry fairly easily, but I don't have time to put up instructions right now. I have to go to work.

If anyone wants I can post instructions this afternoon. I would need to know the exact registry keys that are flagged by SpyBot (and there may be multiple entries).

The slightly less common "Possible Browser Hijack" flag in SpyBot that it can't fix can also be corrected in the registry.

[Tuscaloosa Goldfinch]

Yep, DSO exploit, commission junction, media plex, a whole bunch of "i.e. plugin" stuff (I haven't deleted that, btw, afraid to!)

[Tuscaloosa Goldfinch]

re: blazeware-- many thanks. Will do immediately.

[tubebender]

You done a hell of a lot of important research on this EVIL. It is over whelming to most old duffers like me. Even though I use a Mac with Netscape and Safari I still have the IE browser on board and worry about becoming a Trojan for these wackos . When do you find time to work and have some fun?

[asgardshill]

Dude. Executive summary time.

[AntiGuv]

If you want, I can walk you through dealing with all the items that are getting flagged, but I have to go now. I won't be back until sometime after 4pm. Lemme know if you want me to ping when I have the time to go through it all.

[backhoe]

Howdy- well I *think* I got rid of the bleedin' thing, but only time will tell. You'd think the antivirus writers would have a better handle on it, but so far they have been behind the curve. SWI forums has the best help, but they are overloaded. They gained 3,000+ new members between yesterday and today!

[Tuscaloosa Goldfinch]

Thanks! I hate to take up that much of your time, but I may take you up on your offer. I'll ping you sometime in the evening. Thanks!

[Eagle9]

Netscape and Safari were vulnerable earlier this week. You can test them here: Microsoft Plugs IE; Warns All Browsers At Risk (Test Your Browser Here) See the link in the last line of that article to test your browser.

[demlosers]

It's OBVIOUS that having every anti-malware program you can find and even having them running in the background is NOT enough to protect you, and additionally, running the programs to find malware is STILL not enough to protect you! They can, and DO make changes that (like SpyBot did) can mess up your PC if you don't make notes of the changes, and in the case of all of them miss these 7 executable files.

Welcome to the party pal...

It's best to familiarize yourself with the files system on your machine. What would be nice, is to have a hard copy of all the computer files with details, making it easier to spot changes. Although, I doubt that would be a reasonable solution for most of us.

I periodically scrutinize the files on my puter regularly, to which I find the crapware that slip through my defenses.

[The Mayor]

I just downloaded FireFox, this is my 1st use of it..

[N3WBI3]

FireFox

[tubebender]

Thanks. I read that thread when it was running and have it bookmarked. A causal friend just quit a good paying IT job here and went into real estate sales because of the unstoppable onslaught of attacks.