new detections info

hello Pieter, or anyone else....

i awoke this a.m. to find my IE start page URL value changed. with the use of HijackThis and the help of Pieter, i was alble to clean the offending reg entries quickly.

since i do run Spybot, SpywareBlaster, SpywareGuard and Ad-aware, and since i do keep all four super current and run daily scans, i figure that this is a new item that needs to be added to javacool's database.

is there a submission process? i did pm javacool, but read that he's away.

a curse on superwebsearch.com!



mark

 

Hi mr.mark,

Since we were unable to lay our fingers on the installer it is a bit hard to do a submission.
Not that I would have liked it, happening to you, but if the hijack had reoccurred, we would have known it was hiding on your computer somewhere. Then we could have sent out a search party.
In this case we would have to find the site where it happened.
If you knew approximately when it happened, and your index.dat would go back that far, we would have a tiny chance of finding that site.

For anyone interested, the removal was done here: http://www.spywareinfoforum.com/forums/index.php?act=ST&f=11&t=9512&s=

Regards,

Pieter

 

hi Pieter

i adios the index.dat file every night, so nothing to be gained by me looking there.

and i spent so much time on the net i have no idea when/where i bumped into this item.

i didn't not experience the behavior last night. i left the pc on overnight, then this morning the IE start page URL value change was suddenly happening, i mean as soon as i tried opening a browser window.

i think i noted that i keep the home page address set to about:blank. the behavior i encountered was the the window would not open from a quick launch IE icon (for about:blank). but i could open IE from other desktop IE shortcuts.

from there i immediately went to tools/internet options/general tab and checked out the home page url to see if anything was amiss.

all i saw was, instead of about:blank, a series of question marks and small square boxes. i would clear them, and open a few more browser windows, check back and find a lone letter, like K or L in place of the about:blank.

i knew i was in need of HijackThis.

not a lot to go on, but then you saw the logs.

and there was no prob when i logged off the net last night, only to discover what i've described as soon as i logged on this a.m.

regards,

mark

 

Hi mr.mark,

I would love to find this one, and I'm sure we will eventually.

Regards,

Pieter

 

hi Pieter

well now i have a lil more info on this puppy. superwebsearch.com is affiliated with an index.dat file viewer program i use that is found here ... http://www.exits.ro/

today for the first time, SpywareGuard triggered when i opened the index.dat viewer, showing browser protection alerts for both user search page change and user search bar change. obviously i selected yes to undo the change (from superwebsearch.com) back to my desired setting.

that SG alert in turn triggered my recollection of a couple dslreports threads on the topic, one of which i'm linking ... here

ironically, i contributed to these threads with my dslr alias boblandy.

scrolling down thru the dslr thread revealed a couple spywareinfo threads on the same topic....

http://www.spywareinfoforum.com/forums/index.php?act=ST&f=14&t=5220

http://www.spywareinfoforum.com/forums/index.php?act=ST&f=8&t=3319

a quick search reveals even more threads to be perused if desired.

by now, i'm sure your memory has been jogged too.

finally, as i stated in the dslr thread, this index.dat file viewer has *never* given me an ounce of trouble, never caused any home page problems like this morning, and never caused SG to alert either. i am a relative newcomer to SG, having had it installed on my operating systems for about two weeks. nothing changed with the SG settings, i have had browser hijack protection enabled since install.

this index.dat file viewer proggie has behaved itself quite well for more than four months of use, never a prob, until today.

anyway, at least i know what the heck is behind this superwebsearch.com action.

the other details leave me wondering.

fwiw



mark