1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Spyware Info, Lavasoft

Discussion in 'Malware and Virus Removal Archive' started by paul43, 2003/09/16.

Thread Status:
Not open for further replies.
  1. 2003/09/16
    paul43

    paul43 Well-Known Member Thread Starter

    Joined:
    2002/04/24
    Messages:
    364
    Likes Received:
    0
    Thought this article might be of interest to some members of this forum. Paul

    CWS Trojan Blacklist SpywareInfo, Lavasoft
    Permlink | Top

    The people who distribute the CWS trojan have added SpywareInfo and Lavasoft's support site to victims' HOSTS files in a vain attempt to prevent their victims from receiving assistance in removing the trojan. Specifically, spywareinfo.com, www.spywareinfo.com, lavasoftsupport.com, and www.lavasoftsupport.com are redirected to a **** site on infected machines.

    CWS is a trojan horse virus that exploits a flaw in Microsoft Java VM to infect victims. Once infected, the victim's web browser will have its start and search settings redirected to one of numerous web sites with an affiliate relationship to coolwebsearch.com. Those web sites are search portals each with hundreds of pay-per-click links.

    The HOSTS file is the first place Windows goes to look up the IP address of a remote server to which your computer wants to connect, such as a web site or a gaming server. If it is not listed in the HOSTS file, then it will send a request to your ISP's DNS servers to look up the IP address of the server.

    By listing the SpywareInfo and Lavasoft web sites in the HOSTS file, infected machines will be unable to reach the sites in most cases. Thankfully, there is a simple workaround for this problem.

    The official addresses for HijackThis and CWShredder are http://www.spywareinfo.com/~merijn/files/cwshredder.zip and http://www.spywareinfo.com/~merijn/files/hijackthis.zip

    If you or someone you are helping elsewhere are blocked from SpywareInfo while trying to download these programs, you can use these alternate addresses to download the files. These addresses are immune to HOSTS file hijacks.

    http://216.180.252.218/~spywareinfo.com/downloads/tools/hijackthis.zip
    http://216.180.252.218/~spywareinfo.com/downloads/tools/cwshredder.zip


    Please spread the word around the message boards where people go for help with this sort of thing and let people know of these alternate addresses. This is a very sleazy hijack and these two tools are the best at cleaning it up.

    Links:
    http://www.spywareinfo.com/~merijn/cwschronicles.html :: Coolwebsearch Chronicles
    http://www3.ca.com/virusinfo/virus.aspx?ID=35839 :: Computer Associates CWS trojan information
     
    paul43,
    #1
  2. 2003/09/16
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    Interesting stuff. Thanks.

    I can now offer an explanation for at least a couple of folks on other forums.

    Hmmmmm. Sneaky buzzzards, aren't they? (note for UK members - US buzzard AKA Turkey Vulture and a carrion eater. Not your buzzard.)
     
    Newt,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...