ALERT!! Spyware, Lavasoft

Discussion in 'other security issues & news' started by FireDancer, Sep 16, 2003.

Thread Status:
Not open for further replies.
  1. FireDancer

    FireDancer Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    316
    Hi all,

    I picked this up at another board and copied to Wilders if it is not in the right place please move but I felt it was worth reading and getting the word out.


    CWS Trojan Blacklist SpywareInfo, Lavasoft
    Permlink | Top

    The people who distribute the CWS trojan have added SpywareInfo and Lavasoft's support site to victims' HOSTS files in a vain attempt to prevent their victims from receiving assistance in removing the trojan. Specifically, spywareinfoforum.com, www.spywareinfoforum.com, lavasoftsupport.com, and www.lavasoftsupport.com are redirected to a porn site on infected machines.

    CWS is a trojan horse virus that exploits a flaw in Microsoft Java VM to infect victims. Once infected, the victim's web browser will have its start and search settings redirected to one of numerous web sites with an affiliate relationship to coolwebsearch.com. Those web sites are search portals each with hundreds of pay-per-click links.

    The HOSTS file is the first place Windows goes to look up the IP address of a remote server to which your computer wants to connect, such as a web site or a gaming server. If it is not listed in the HOSTS file, then it will send a request to your ISP's DNS servers to look up the IP address of the server.

    By listing the SpywareInfo and Lavasoft web sites in the HOSTS file, infected machines will be unable to reach the sites in most cases. Thankfully, there is a simple workaround for this problem.

    The official addresses for HijackThis and CWShredder are http://www.spywareinfoforum.com/~merijn/files/cwshredder.zip and http://www.spywareinfoforum.com/~merijn/files/hijackthis.zip

    If you or someone you are helping elsewhere are blocked from SpywareInfo while trying to download these programs, you can use these alternate addresses to download the files. These addresses are immune to HOSTS file hijacks.

    http://216.180.252.218/~spywareinfo.../hijackthis.zip
    http://216.180.252.218/~spywareinfo.../cwshredder.zip


    Please spread the word around the message boards where people go for help with this sort of thing and let people know of these alternate addresses. This is a very sleazy hijack and these two tools are the best at cleaning it up.

    Links:
    http://www.spywareinfoforum.com/~merijn/cwschronicles.html :: Coolwebsearch Chronicles
    http://www3.ca.com/virusinfo/virus.aspx?ID=35839 :: Computer Associates CWS trojan information

    Regards,
    FireDancer
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
  3. FireDancer

    FireDancer Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    316
    Sorry LWM I didnt realize :)
    my appolgies.

    FireDancer
     
Loading...
Thread Status:
Not open for further replies.