Warning !!!!!

K

Kirrie2001

Guest
#1
I found this on the Langalist today. Hope it is of some use.


SPYWARE WARNING - Level: HIGH RISK!
Last night, I got a phonecall from a friend that wanted me to have a look at his PC. Thinking it was going to be an easy job, was an understatement! Internet Explorer would run but not access websites at all. I spent a total of 4hrs trying to get it up and running and failed!
It seems there is a new serious spyware component that can download itself and install, without your knowledge. The last advertising company that I can remember using this technique was RealNames, last year - no longer in operation. Now, there is one originating from the link below.
w.w.w.i.g.n.k.e.y.w.o.r.d.s..c.o.m <<<------ DO NOT CLICK ON THIS ADDRESS!!!!! (I have disabled this link for security reasons!!) - Currently, there is no known cure for this parasite. Ad-aware, Pest Patrol or any other spyware checker will not alert you or disable it. If you can 'BLOCK' this domain, then do so NOW! The uninstaller this company has on their website does not remove the spyware, browser functionality is still affected after using their removal tool.
The parasite will add 3 files to your system, and enter Registry entries. The main culprits come in the form of bho.dll and winstart.exe. The winstart.exe will execute upon restarting under msconfig. Deleting these files, does not get rid of this problem. Even un-installing your browser and re-installing will not cure this infection.
Many reports worldwide, concerning this spyware are growing. Some people have even gone to reformatting their systems. Their have been reports that it affects the search page of Internet Explorer and MSN Messenger.
Some ways of prevention are:
Do not trust a 'Certificate from IGN' as trusted - should you ever receive a dialogue of this description.
Be very careful of ActiveX Control downloads.
Do not click Yes to any popups asking for permission to download.
Make sure your Security settings are set to at least Medium or Higher.
Remember this is not a virus, so your Antivirus program will not detect it, nor will it show as an attack on a firewall program - this parasite comes directly through your browser, and render it useless!
L8rs...
H
P.S. - It looks like I will need to reformat my friends drive!

Link edited, we don't want someone elses computer getting messed up - Jewelzz
 

Tabula Rasa

Stranger Than Kindness
Political User
#3
One of the more important reasons to install windows updates is to avoid things like that, there is a web page that is running a script that formats a visitors computer unless he has the security updates of SP1 .

But what else can you expect from an OS built around a web browser.
 
W

wn van deursen

Guest
#4
Re warning

The way I see it SP1 is not up against this parasite (& others to come). Putting this domain name on Block seems a good idea to me, but it would help to know where I can find the option to do so, haven't done it before.
 

damnyank

I WILL NOT FORGET 911
#5
Tools, Internet Options, Privacy, under Web Site click Edit, type in site you want to block, and click block.
 
W

wn van deursen

Guest
#12
re warning

Boy_alien asked How Do You Know It's Already There.
Kirrie suggests you'll find it in your Registry. But I'm not sure Registry will feature it under the domain (that dares not speak its name...) and if you have many entrees in your Reg it may be difficult to trace...? Anyway, Boy_alien, won't you notice by simply seeing your pc going bonkers?
 

lieb39

Apple lover, PC User
#13
Just another way to block the website

Just another way to block that website,
Whenever you type a domain in, ex www.hotmail.com, it first checks your host file if it is anything "special", and if it is not than it will contine as normal. But if it does find it than it will redirect to where ever the hosts file says (this is a very good way to block ads) So you can make ads or this website just get a error file by;

1. open run, type this in;
notepad c:\windows\system32\drivers\etc\hosts
hit enter
2. You might have a short or long file, in either case just make sure you have this at the very top (if not, copy paste)

# localhost: Needs to stay like this to work
127.0.0.1 localhost

3. than go to the last line on this file and type;
127.0.0.1[space][the website you want to block]

ex. 127.0.0.1 ad.adsmart.com
this will block out ad.adsmart.com
(if it is a www site type www.website.com)

This makes the computer look on your own computer for the page, and it will come back in error.

Enjoy!

lieb39
 
B

Bluecat

Guest
#16
Originally posted by Octopus
there is nothing in that site I removed all the dots and then clicked, the page is white.:cool:
You sure it hasn't caused an adverse effect to your desktop background? hehe :eek:
 
P

PCdabbler

Guest
#19
Thanks !

Thanks People, you have indirectly helped me over a small problem ... some time ago I ran an Ad killer, and have been looking to remove it ever since ! Well, it turns out that it had Filled my HOSTS file with redirects to 127.0.0.1 for just about EVERY Ad server, making my HOST file huge !! It did work though, but got annoying seeing all those page not found errors, and it did slow down surfing due to the HOSTS file size I suppose. :cool:
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,971
Messages
673,300
Members
89,016
Latest member
Poseeut