Fall down, go boom!

Discussion in 'privacy general' started by SG1, Jun 6, 2006.

Thread Status:
Not open for further replies.
  1. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    So, yesterday Spybot S&D informs me that I had a browser hijacker:
    the unexpected guest was CnsMin, related to 3721 dot com (bought by
    Yahoo! in 2003 whereas Google bought part of 3721's competitor,
    baidu dot com in '04, I think it was. BTW, if you have a sense of
    irony I think it was Yahoo! that sold out some poor schmuck dissident
    in China to the authorities, via online logs of the guy's activity).

    Anyway: while online I run Ewido, RegDefend, PG, A-squared Guard, Sygate Pro firewall, TrojanHunter Guard, NOD32, Spysweeper, Window Washer, Online Armor, (Wallwatcher logging for the router), and A Really Small App that tells one about connection/s to other PCs, if any, among other things.

    There's also a few things in the "background" like Spywareblaster and Spybot that have put their stamp on things so to speak and are at work too. There's likely other security programs I have run through, once, as "set and forget" types re settings for OS overall security, and left them to their own devices. So, it's not like I'm a slacker here: or at least I've
    tried/bought many an app, for alleged PC protection.

    But, at one point I happened to run Spybot after an update, which found said hijacker. Now, assuming "the best" security apps may find 70% of stuff, this tells me that bad guys are smarter/quicker than forces of all combined good guys about 30% of the time then, is that about it?

    Call me a rube if you like, but I'm a bit dismayed over this as you may
    guess, and in part I'm wondering about the why-how-where-when of how this came to pass and this was nothing esp. nasty as far as that goes. Any downloads come from trusted sites, or so I thought: we don't do music, porn sites or any of that, and the download Dir is scanned by several apps before I install a program, and most all of stuff I get IS security or utility type, of programs.

    And as far as that goes, I tried X-Cleaner (Free) and it says I had some
    type of adware toolbar in IE which I didn't as far as I could see, & they
    even had image of said toolbar on their site of what adware toolbar would look like - and I don't see that toolbar in IE (that my brother uses, but I most always run Firefox, or sometimes Opera). So... what should I make of all this, the overall security scene in general and the seeming failure of 99.9% of my paid-for security apps, to be more specific?

    OR, am I completely wrong on this? If my browser/s were not redirected to another site against my will - did the security apps do their job? If they did, how/why did Spybot alleged hijacker after the fact? OR, could it have been an FP on the part of Spybot)?

    And, peering into the Registry for 3721 references, it is possibly related
    to Foxmail (that I got from Answersthatwork dot com, where I bought the app, The Ultimate Troubleshooter). I say that, as I see something about 3721/Chinese Mail related to Foxmail in the Reg., so I've uninstalled that just in case).

    Thanks for any thoughts, on this: or, if you enlighten me on how I may
    have misunderstood all my security program/inner workings, great, as I'll learn something that way, too.

    SG1 (Pat)
     
  2. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Pat,

    Can you post a screenshot of the IE Toolbars page from OA?

    Or did you already remove the infection?

    Mike
     
  3. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    Mike,

    Do you mean listings under the "IE Extensions" category, in OA?

    Bear in mind that X-Cleaner (Free ver.) claimed I had some toolbar added into IE, but I saw no evidence of that - which made me wonder a bit about their app's efficiency. Hence, no toolbar to remove, unless I really missed something.

    SG1 (Pat)
     
  4. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Pat,

    Yes, that was the one I meant. or, just check it carefully to see if there is any entry like 'CnsMin' which is the parasite in question. If you find it, I'll have to ask you to wander over to the TE forums to continue with one on one support but if it's there, it does mean that someone would have allowed it.

    Mike
     
  5. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    PS - Apologies if I am stating the obvious - but in IE, you can look on the "View ---> Toolbars" menu as not all toolbars are set to be displayed by default.


    Mike
     
  6. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    Mike;

    Good that you did state the obvious, as I hadn't thought to look in IE Views, so I did look there, and went further to check under Manage Add Ons for toolbars that are in use or have been used in IE. Nothing, as far as I can tell. And if that is the case, it's back to my orig. query about how the 3721 dot com stuff got on the PC, that (only) Spybot alerted me to and then remedied.

    *Uploaded one screen cap of OA: was going to insert a 2nd one, one from X-Cleaner's report, and search of Reg. to show the mention of a bho.dll but that, I think, is related to SpoofStick addon in Firefox browser, but it seems I hit limit of only one upload allowed. *

    Thanks, SG1 (Pat)
     

    Attached Files:

    • OA1.gif
      OA1.gif
      File size:
      19.8 KB
      Views:
      116
Loading...
Thread Status:
Not open for further replies.