PDA

View Full Version : idgsearch.com - CWS.Googlems - New variant ??

Azee
November 24th, 2003, 09:08 PM
I downloaded SpywareBlaster and SpywareGuard a
week ago and I have the latest updates 11/23/03, but somehow yesterday I got my broser hijacked by http://www.idgsearch.com and CWS.Googlems and strange things started to happen like going to different search pages and files associations were
changed.

???I had run SpywareBlaster and I have SpywareGuard
enabled on the system tray.

SpywareGuard alrted me about the attempted page
hijacking and the action taken was always "Restore
the Old Value" and is indicated on the program reports, but the spyware got through anyway,
and SpywareBlaster did not pick it up.

Is this a new variant of spyware ???

PS: I finally was able to identify it and remove with
another program that recognized CWS.Googlems.

Anyway I like your programs and I'll check back for
your answer.

Thanks ............Azee
Pieter_Arntz
November 25th, 2003, 08:52 AM
Hi Azee,

Yes it is a new variant of a wellknown family of hijackers.
As you can see here: http://www.spywareinfo.com/~merijn/cwschronicles.html they come up with a new pest every few days.
I have a feeling the tool you used can be found on that page as well.

Regards,

Pieter
Azee
November 25th, 2003, 09:27 AM
Hi Pieter

Thanks for your answer.

Yes this is the same tool that I downloaded from a
different link.
I found this page extremely interesting.

Isn't what this company idgsearch.com is doing
illegal or something ??. This people do not give anybody a chance to accept or decline installing this
garbage nor they include a way to uninstall it, forcing
folks to have to spend thousands of hours trying to
repair their systems and sometimes having to start
from scratch if it can't be removed in any other way.

I'm a business person and I truly believe on the value
of advertising, but who is ever gonna buy anything
from this company after they do this garbage.

At least with most SPAM, I do not see this kind of
damage and I have the chance to delete it altogether

There should be a way to report and stop this.

Anyway, this are my two cents on the matter and
again Thank you for your help.
Pieter_Arntz
November 25th, 2003, 03:06 PM
Hi Azee,

I agree completely. Most of the variants of this family are actually targeted by Antivirus and AntiTrojan programs as well, because they went way over the limits of "normal" spyware.

Even some of the porn-portals and casinos they link to complained about them.
Unfortunately all (maybe fake) traces lead to Russia, so it's a bit difficult to go out and arrest them. :)

Regards,

Pieter