new detections info

Discussion in 'SpywareBlaster & Other Forum' started by mr.mark, Aug 15, 2003.

Thread Status:
Not open for further replies.
  1. mr.mark

    mr.mark Guest

    hello Pieter, or anyone else....

    i awoke this a.m. to find my IE start page URL value changed. with the use of HijackThis and the help of Pieter, i was alble to clean the offending reg entries quickly.

    since i do run Spybot, SpywareBlaster, SpywareGuard and Ad-aware, and since i do keep all four super current and run daily scans, i figure that this is a new item that needs to be added to javacool's database.

    is there a submission process? i did pm javacool, but read that he's away.

    a curse on superwebsearch.com!

    :)

    mark
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi mr.mark,

    Since we were unable to lay our fingers on the installer it is a bit hard to do a submission.
    Not that I would have liked it, happening to you, but if the hijack had reoccurred, we would have known it was hiding on your computer somewhere. Then we could have sent out a search party. :)
    In this case we would have to find the site where it happened.
    If you knew approximately when it happened, and your index.dat would go back that far, we would have a tiny chance of finding that site.

    For anyone interested, the removal was done here: http://www.spywareinfoforum.com/forums/index.php?act=ST&f=11&t=9512&s=

    Regards,

    Pieter
     
  3. mr.mark

    mr.mark Guest

    hi Pieter

    i adios the index.dat file every night, so nothing to be gained by me looking there.

    and i spent so much time on the net i have no idea when/where i bumped into this item.

    i didn't not experience the behavior last night. i left the pc on overnight, then this morning the IE start page URL value change was suddenly happening, i mean as soon as i tried opening a browser window.

    i think i noted that i keep the home page address set to about:blank. the behavior i encountered was the the window would not open from a quick launch IE icon (for about:blank). but i could open IE from other desktop IE shortcuts.

    from there i immediately went to tools/internet options/general tab and checked out the home page url to see if anything was amiss.

    all i saw was, instead of about:blank, a series of question marks and small square boxes. i would clear them, and open a few more browser windows, check back and find a lone letter, like K or L in place of the about:blank.

    i knew i was in need of HijackThis.

    not a lot to go on, but then you saw the logs.

    and there was no prob when i logged off the net last night, only to discover what i've described as soon as i logged on this a.m.

    regards, :)

    mark
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi mr.mark,

    I would love to find this one, and I'm sure we will eventually. ;)

    Regards,

    Pieter
     
  5. mr.mark

    mr.mark Guest

    hi Pieter

    well now i have a lil more info on this puppy. superwebsearch.com is affiliated with an index.dat file viewer program i use that is found here ... http://www.exits.ro/

    today for the first time, SpywareGuard triggered when i opened the index.dat viewer, showing browser protection alerts for both user search page change and user search bar change. obviously i selected yes to undo the change (from superwebsearch.com) back to my desired setting.

    that SG alert in turn triggered my recollection of a couple dslreports threads on the topic, one of which i'm linking ... here

    ironically, i contributed to these threads with my dslr alias boblandy.

    scrolling down thru the dslr thread revealed a couple spywareinfo threads on the same topic....

    http://www.spywareinfoforum.com/forums/index.php?act=ST&f=14&t=5220

    http://www.spywareinfoforum.com/forums/index.php?act=ST&f=8&t=3319

    a quick search reveals even more threads to be perused if desired.

    by now, i'm sure your memory has been jogged too. :)

    finally, as i stated in the dslr thread, this index.dat file viewer has *never* given me an ounce of trouble, never caused any home page problems like this morning, and never caused SG to alert either. i am a relative newcomer to SG, having had it installed on my operating systems for about two weeks. nothing changed with the SG settings, i have had browser hijack protection enabled since install.

    this index.dat file viewer proggie has behaved itself quite well for more than four months of use, never a prob, until today.

    anyway, at least i know what the heck is behind this superwebsearch.com action.

    the other details leave me wondering.

    fwiw

    :)

    mark
     
Thread Status:
Not open for further replies.