Fil Posted September 16, 2003 Share Posted September 16, 2003 Now first off, this really is from a friend, none of this 'hiding behind a story' macho-crap here. He seems to think he may have been hacked. The symptoms are: At 12pm his homepage gets reset to http://global-finder.com 25 registry keys are hijacked at the same time. He has Zonealarm, AVG 6 and Ad-Aware. Ad-Aware picks up the hijacked keys - I've attached the Ad-Aware log file. I have suggested he checks that all three programs are updated and running the most recent version. I've also suggested that he either upgrade to or repair his installation of IE6 - but to be honest, I'm not sure if this'll help. If anyones got any suggestions he'd be very grateful. spyware.htm Link to comment Share on other sites More sharing options...
Fil Posted September 16, 2003 Author Share Posted September 16, 2003 Okay, solved. I did a search around the net for him, (To be honest, I thought he'd already done this) and came across a few other instances of what appears to be a trojan, formerly known as CoolWebSearch. Anyhow, should anyone else be searching neowin for the same problem here's the URL you'll need to remove it http://www.spywareinfo.com/~merijn/cwschronicles.html It gains entry through a code vulnerabity in IE (Wow! Thats a big shock </sarcasm>) - so the morale of the story really is to keep all your operating system upto date. Thanks, Phil. Link to comment Share on other sites More sharing options...
Guest Quick Reply Posted September 16, 2003 Share Posted September 16, 2003 thanks for the info ;) Link to comment Share on other sites More sharing options...
XavierHyde Posted September 16, 2003 Share Posted September 16, 2003 He seems to think he may have been hacked. No, but his computer may have been cracked by a browser hijacking program written by some script kiddie or worse. :x For more info on this common word abuse or misuse check the entries on 'hack' and 'hacker' and also 'cracker' in the Jargon File (link is in my sig). Link to comment Share on other sites More sharing options...
Digital.K Posted September 16, 2003 Share Posted September 16, 2003 Well your friend should get spybot search and destroy, it will clean those baddies out and it has a neat immunize feature to keep IE from loading those pesky things to start with, thats why I use Opera Browser, I don't have to worry about any of that crap..and also, is your friend a user of warez? That is a common problem with warez, you get more than what you bargained for...... :woot: Link to comment Share on other sites More sharing options...
Frank Posted September 17, 2003 Share Posted September 17, 2003 Umm....he figured the problem out....you can stop posting answers for him now.... Link to comment Share on other sites More sharing options...
Miyagi Son Posted September 17, 2003 Share Posted September 17, 2003 Well what was it? the problem so other people will know Link to comment Share on other sites More sharing options...
Fil Posted September 18, 2003 Author Share Posted September 18, 2003 Miyagi Son, second post down. Problem found, battle lines drawn, foe executed. :rolleyes: Link to comment Share on other sites More sharing options...
Sephora Posted September 27, 2003 Share Posted September 27, 2003 Thanks Fil, I was having the same problem (globe-finder). Your link saved the day! Link to comment Share on other sites More sharing options...
Fil Posted September 27, 2003 Author Share Posted September 27, 2003 Sephora, its good to see that spending a little longer by posting the solution does help others. I hope that many others who have the same problem also find this topic. Link to comment Share on other sites More sharing options...
Recommended Posts