Would an Admin check this out, I took the liberty of posting the "Rare Intance" Thread at SWI and a poster and myself drew a file-not-found "404" on the above URL.
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Cws Variant - Shaw Hosts File Reader!
Started by
siljaline
, Jan 15 2004 04:52 PM
8 replies to this topic
#1
siljaline
-
- Authentic Member
-
- 69 posts
Authentic Member
Posted 15 January 2004 - 04:52 PM
Would an Admin check this out, I took the liberty of posting the "Rare Intance" Thread at SWI and a poster and myself drew a file-not-found "404" on the above URL.
Register to Remove
#2
Coyote
-
- Authentic Member
-
- 979 posts
Emeritus-Expert
#3
siljaline
-
- Authentic Member
-
- 69 posts
Authentic Member
Posted 15 January 2004 - 06:26 PM
I stand corrected.
Tom, while I have you as I see you're online.
Please tell me where this information came from.
(*If* available).
A) CWS site... [What Site(s)...]
New Variant CWS? {Yes/No?}
C) Has anyone got a copy of an HJT Log of a hijack of any sort
from "this" specific CWS variant.
D) If it's a site hijacker, webmasters must have some information that could lead us closer to finding where the variant is originationg from.
You are aware that Merijn is out of the loop until the .....
Regards,
~Silj
Tom, while I have you as I see you're online.
Please tell me where this information came from.
(*If* available).
A) CWS site... [What Site(s)...]
New Variant CWS? {Yes/No?}C) Has anyone got a copy of an HJT Log of a hijack of any sort
from "this" specific CWS variant.
D) If it's a site hijacker, webmasters must have some information that could lead us closer to finding where the variant is originationg from.
You are aware that Merijn is out of the loop until the .....
Regards,
~Silj
#4
Coyote
-
- Authentic Member
-
- 979 posts
Emeritus-Expert
Posted 15 January 2004 - 06:30 PM
I was alerted by Galadriel to the problem and immediatly took actions to notify the users so the word could get out to all that needed the information, I do not have the specifics as of yet, and yes I know of Merijn being out of town for a short....
Go forth and conquer your goals with the renewed spirit of Coyote and do not let small setbacks stop you from Your Dreams
Microsoft MVP 2006-2007
May your day be blessed by those you love and those you love be blessed by HIM ;-)
Microsoft MVP 2006-2007
May your day be blessed by those you love and those you love be blessed by HIM ;-)
#5
Galadriel
-
- Visiting Fellow
-
- 528 posts
CEO - Chief Elvish Officer
Posted 15 January 2004 - 06:39 PM
It is a new one.... No I don't have a hijack this log. This hijack was found when someone joined our chatroom. We had to manually root out the hijack. I don't have specifics either, because I was not available at the moment it happened, I was alerted and given a copy of the said hosts file.
For now, it redirects the sites I have listed and a couple others to the loopback address (127.0.0.1) and not to one of their domains.
I amar prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The world is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'
'The world is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'
#6
siljaline
-
- Authentic Member
-
- 69 posts
Authentic Member
Posted 15 January 2004 - 07:04 PM
This can all be avoided with a read-only HOSTS file.
Many CWS Hijackers are contained in this HOSTS file, although likely not the new variant but it can help uses from having their loopback address hijacked.
http://mvps.org/winhelp2002/hosts.htm
Galadriel Thanks for the feedback
Regards,
Many CWS Hijackers are contained in this HOSTS file, although likely not the new variant but it can help uses from having their loopback address hijacked.
http://mvps.org/winhelp2002/hosts.htm
Galadriel Thanks for the feedback
Regards,
#7
gonegonegone
-
- Authentic Member
-
- 12 posts
New Member
Posted 15 January 2004 - 07:05 PM
So its legit. OK. I was around some of the forums and couldn't find any other postings about it. So before anyone is caught open the HostsFileReader.exe and backup and wait it out, that's how I read it anyway, perhaps you could please confirm or deny this is the correct procedure. Thanks. 
#8
Coyote
-
- Authentic Member
-
- 979 posts
Emeritus-Expert
Posted 15 January 2004 - 07:28 PM
All we are doing in this instance is preparing you for what could go wrong and you would have the info to correct your computer and anyone else so they can regain access to help
Whether they are seeking help here or another anti-spyware site does not matter, only that they are still able to do so...
Go forth and conquer your goals with the renewed spirit of Coyote and do not let small setbacks stop you from Your Dreams
Microsoft MVP 2006-2007
May your day be blessed by those you love and those you love be blessed by HIM ;-)
Microsoft MVP 2006-2007
May your day be blessed by those you love and those you love be blessed by HIM ;-)
#9
mjc
-
- New Member
-
- 145 posts
-
Posted 15 January 2004 - 07:55 PM
Umm....last time I checked a read only file could still be deleted and a replacement put in its place with a bat file that runs at boot........
I hope it wan't my turn to refill te coffe pot...
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
