CWS hijack pulls a nasty stunt

Discussion in 'other anti-malware software' started by Pieter_Arntz, Sep 10, 2003.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    For anyone not familiar with this hijacker: CWS Chronicles

    The latest version included a very nasty surprise.
    They mutated the DNSRelay variant (number 8 at the site above) to include a hosts file hijack, including these lines:
    O1 - Hosts: 64.135.204.60 spywareinfoforum.com
    O1 - Hosts: 64.135.204.60 www.spywareinfoforum.com
    O1 - Hosts: 64.135.204.60 lavasoftsupport.com
    O1 - Hosts: 64.135.204.60 www.lavasoftsupport.com

    Effectively disabling people from downloading HijackThis and CWShredder from their normal download-links and getting support at some of the most renowned anti-spyware-forums.

    If you experience problems downloading both these programs and fear you have been hit by this hijack, please got to this post and download the attachment.

    Then unzip, double-click HijackThis.exe and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log as a .txt file, and copy and paste its contents into your next post.

    Most of what it lists will be harmless, so do not fix anything yet.

    Regards,

    Pieter
     
  2. Rickster

    Rickster Guest

    Just a superfluous comment, after reading the write up link provided by Pieter, I'm just astounded how bold and diabolical these idiots are becoming. All the more reason to run with scripting and download functions disabled. I need to track these characters down, a volunteer here and I can hold him down and let Blaze loose on him.

    Thanks for the info, Rick
     
Thread Status:
Not open for further replies.