Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91982 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Cws Variant - Shaw Hosts File Reader!


  • Please log in to reply
8 replies to this topic

#1 siljaline

siljaline

    Authentic Member

  • Authentic Member
  • PipPip
  • 69 posts

Posted 15 January 2004 - 04:52 PM

http://members.shaw....sFileReader.exe

Would an Admin check this out, I took the liberty of posting the "Rare Intance" Thread at SWI and a poster and myself drew a file-not-found "404" on the above URL.
siljaline
My Blog
Posted Image
Posted Image
Posted Image

    Advertisements

Register to Remove


#2 Coyote

Coyote

    Emeritus-Expert

  • Authentic Member
  • PipPipPipPip
  • 979 posts

Posted 15 January 2004 - 06:07 PM

works here
Go forth and conquer your goals with the renewed spirit of Coyote and do not let small setbacks stop you from Your Dreams

Microsoft MVP 2006-2007


May your day be blessed by those you love and those you love be blessed by HIM ;-)

#3 siljaline

siljaline

    Authentic Member

  • Authentic Member
  • PipPip
  • 69 posts

Posted 15 January 2004 - 06:26 PM

I stand corrected.

Tom, while I have you as I see you're online.

Please tell me where this information came from.
(*If* available).

A) CWS site... [What Site(s)...]

B) New Variant CWS? {Yes/No?}

C) Has anyone got a copy of an HJT Log of a hijack of any sort
from "this" specific CWS variant.

D) If it's a site hijacker, webmasters must have some information that could lead us closer to finding where the variant is originationg from.

You are aware that Merijn is out of the loop until the .....
Regards,

~Silj
siljaline
My Blog
Posted Image
Posted Image
Posted Image

#4 Coyote

Coyote

    Emeritus-Expert

  • Authentic Member
  • PipPipPipPip
  • 979 posts

Posted 15 January 2004 - 06:30 PM

I was alerted by Galadriel to the problem and immediatly took actions to notify the users so the word could get out to all that needed the information, I do not have the specifics as of yet, and yes I know of Merijn being out of town for a short....
Go forth and conquer your goals with the renewed spirit of Coyote and do not let small setbacks stop you from Your Dreams

Microsoft MVP 2006-2007


May your day be blessed by those you love and those you love be blessed by HIM ;-)

#5 Galadriel

Galadriel

    CEO - Chief Elvish Officer

  • Visiting Fellow
  • PipPipPipPip
  • 528 posts

Posted 15 January 2004 - 06:39 PM

It is a new one.... No I don't have a hijack this log. This hijack was found when someone joined our chatroom. We had to manually root out the hijack. I don't have specifics either, because I was not available at the moment it happened, I was alerted and given a copy of the said hosts file. For now, it redirects the sites I have listed and a couple others to the loopback address (127.0.0.1) and not to one of their domains.
I amar prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel

'The world is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

#6 siljaline

siljaline

    Authentic Member

  • Authentic Member
  • PipPip
  • 69 posts

Posted 15 January 2004 - 07:04 PM

This can all be avoided with a read-only HOSTS file.

Many CWS Hijackers are contained in this HOSTS file, although likely not the new variant but it can help uses from having their loopback address hijacked.

http://mvps.org/winhelp2002/hosts.htm

Galadriel Thanks for the feedback :thumbup:

Regards,
siljaline
My Blog
Posted Image
Posted Image
Posted Image

#7 gonegonegone

gonegonegone

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 15 January 2004 - 07:05 PM

So its legit. OK. I was around some of the forums and couldn't find any other postings about it. So before anyone is caught open the HostsFileReader.exe and backup and wait it out, that's how I read it anyway, perhaps you could please confirm or deny this is the correct procedure. Thanks. :)

#8 Coyote

Coyote

    Emeritus-Expert

  • Authentic Member
  • PipPipPipPip
  • 979 posts

Posted 15 January 2004 - 07:28 PM

All we are doing in this instance is preparing you for what could go wrong and you would have the info to correct your computer and anyone else so they can regain access to help Whether they are seeking help here or another anti-spyware site does not matter, only that they are still able to do so...
Go forth and conquer your goals with the renewed spirit of Coyote and do not let small setbacks stop you from Your Dreams

Microsoft MVP 2006-2007


May your day be blessed by those you love and those you love be blessed by HIM ;-)

#9 mjc

mjc

    -

  • New Member
  • PipPip
  • 145 posts

Posted 15 January 2004 - 07:55 PM

Umm....last time I checked a read only file could still be deleted and a replacement put in its place with a bat file that runs at boot........
I hope it wan't my turn to refill te coffe pot...

Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users