CWS hijack pulls a nasty stunt

For anyone not familiar with this hijacker: CWS Chronicles

The latest version included a very nasty surprise.
They mutated the DNSRelay variant (number 8 at the site above) to include a hosts file hijack, including these lines:
O1 - Hosts: 64.135.204.60 spywareinfoforum.com
O1 - Hosts: 64.135.204.60 www.spywareinfoforum.com
O1 - Hosts: 64.135.204.60 lavasoftsupport.com
O1 - Hosts: 64.135.204.60 www.lavasoftsupport.com

Effectively disabling people from downloading HijackThis and CWShredder from their normal download-links and getting support at some of the most renowned anti-spyware-forums.

If you experience problems downloading both these programs and fear you have been hit by this hijack, please got to this post and download the attachment.

Then unzip, double-click HijackThis.exe and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log as a .txt file, and copy and paste its contents into your next post.

Most of what it lists will be harmless, so do not fix anything yet.

Regards,

Pieter

 

Just a superfluous comment, after reading the write up link provided by Pieter, I'm just astounded how bold and diabolical these idiots are becoming. All the more reason to run with scripting and download functions disabled. I need to track these characters down, a volunteer here and I can hold him down and let Blaze loose on him.

Thanks for the info, Rick