Kirrie2001

I found this on the Langalist today. Hope it is of some use.


SPYWARE WARNING - Level: HIGH RISK!
Last night, I got a phonecall from a friend that wanted me to have a look at his PC. Thinking it was going to be an easy job, was an understatement! Internet Explorer would run but not access websites at all. I spent a total of 4hrs trying to get it up and running and failed!
It seems there is a new serious spyware component that can download itself and install, without your knowledge. The last advertising company that I can remember using this technique was RealNames, last year - no longer in operation. Now, there is one originating from the link below.
w.w.w.i.g.n.k.e.y.w.o.r.d.s..c.o.m <<<------ DO NOT CLICK ON THIS ADDRESS!!!!! (I have disabled this link for security reasons!!) - Currently, there is no known cure for this parasite. Ad-aware, Pest Patrol or any other spyware checker will not alert you or disable it. If you can 'BLOCK' this domain, then do so NOW! The uninstaller this company has on their website does not remove the spyware, browser functionality is still affected after using their removal tool.
The parasite will add 3 files to your system, and enter Registry entries. The main culprits come in the form of bho.dll and winstart.exe. The winstart.exe will execute upon restarting under msconfig. Deleting these files, does not get rid of this problem. Even un-installing your browser and re-installing will not cure this infection.
Many reports worldwide, concerning this spyware are growing. Some people have even gone to reformatting their systems. Their have been reports that it affects the search page of Internet Explorer and MSN Messenger.
Some ways of prevention are:
Do not trust a 'Certificate from IGN' as trusted - should you ever receive a dialogue of this description.
Be very careful of ActiveX Control downloads.
Do not click Yes to any popups asking for permission to download.
Make sure your Security settings are set to at least Medium or Higher.
Remember this is not a virus, so your Antivirus program will not detect it, nor will it show as an attack on a firewall program - this parasite comes directly through your browser, and render it useless!
L8rs...
H
P.S. - It looks like I will need to reformat my friends drive!

Link edited, we don't want someone elses computer getting messed up - Jewelzz

Hipster Doofus

I wonder if it affects all browsers or just IE? Good post Kirrie.

---

Tabula Rasa

One of the more important reasons to install windows updates is to avoid things like that, there is a web page that is running a script that formats a visitors computer unless he has the security updates of SP1 .

But what else can you expect from an OS built around a web browser.

wn van deursen

The way I see it SP1 is not up against this parasite (& others to come). Putting this domain name on Block seems a good idea to me, but it would help to know where I can find the option to do so, haven't done it before.

damnyank

Tools, Internet Options, Privacy, under Web Site click Edit, type in site you want to block, and click block.

wn van deursen

So simple. ThkU Damnyank

canadian_divx

i wounder if the education networks ahve this blocked because if they dont it could cause them real probems

Boy_alien

how do u know if its on your comp already? how can u find out?

NetRyder

Thanks for the heads up Kirrie

---

vivid_vibe

Jeez, I think I'll add that site to my HOSTS file. Anybody need help doing that, e-mail me.

vivid

NetRyder

That's a great idea vivid

---

wn van deursen

Boy_alien asked How Do You Know It's Already There.
Kirrie suggests you'll find it in your Registry. But I'm not sure Registry will feature it under the domain (that dares not speak its name...) and if you have many entrees in your Reg it may be difficult to trace...? Anyway, Boy_alien, won't you notice by simply seeing your pc going bonkers?

lieb39

Just another way to block that website,
Whenever you type a domain in, ex www.hotmail.com, it first checks your host file if it is anything "special", and if it is not than it will contine as normal. But if it does find it than it will redirect to where ever the hosts file says (this is a very good way to block ads) So you can make ads or this website just get a error file by;

1. open run, type this in;
notepad c:\windows\system32\drivers\etc\hosts
hit enter
2. You might have a short or long file, in either case just make sure you have this at the very top (if not, copy paste)

# localhost: Needs to stay like this to work
127.0.0.1 localhost

3. than go to the last line on this file and type;
127.0.0.1[space][the website you want to block]

ex. 127.0.0.1 ad.adsmart.com
this will block out ad.adsmart.com
(if it is a www site type www.website.com)

This makes the computer look on your own computer for the page, and it will come back in error.

Enjoy!

lieb39

---

Boy_alien

yeah i guess. thanks for the heads up.

Octopus

there is nothing in that site I removed all the dots and then clicked, the page is white.

Bluecat

You sure it hasn't caused an adverse effect to your desktop background? hehe

ZAnwar

It hasn't done something to my PC either!

Burpster

no biggie ...there is an uninstaller for it ...relaxxxx

PCdabbler

Thanks People, you have indirectly helped me over a small problem ... some time ago I ran an Ad killer, and have been looking to remove it ever since ! Well, it turns out that it had Filled my HOSTS file with redirects to 127.0.0.1 for just about EVERY Ad server, making my HOST file huge !! It did work though, but got annoying seeing all those page not found errors, and it did slow down surfing due to the HOSTS file size I suppose.

Kush

ahhh i had this parasite and i got rid of it using spy bot. at least i think it did!

---