18 replies to this topic

[KnightWaterTiger]

Now this one is really burning me off, Tom.

I posted your thanks to the CWS tool, but this little bugger has me stumped ...

Please help.

I have the pest in my computer, and none of the previously used tools and Trojan Hunter's catch this bad, bad wormy.

Check it out ....

http://cool-search.net/

It has several variants, too ...


http://cool-homepage.co

Problem is I can't locate the "infestor" ... Can't find this bug where it has implanted itself into my XP.

I have temporarily used SBS&D to stop my page from changing, but the thought of having this in my machine bugs the snot out of me.

Please help, Tom.

KnightWaterTiger

P.S. Hope you don't mind, but I am linking your site to our Webpages.

Edited by mjc, 19 November 2003 - 06:46 PM.

[Zero]

I take you are talking about CWShredder. What version are you using of it? I believe it was updated to include those URLS.

[Coyote]

CWShredder
http://www.spywarein.../cwshredder.zip

[KnightWaterTiger]

Yea, I got it ... the updated one, Tom.

No workie, chief ...

The last time I had the "other" COOL bug you helped me with, the Trojan Hunter identified the base trojan and I simply deleted it.

This variant is not recognized as a trojan. Thank God for SBS&D, or my webpages would still be opening with that silly thing.

Help!!

P.S.

I have run Norton 2003 Business Professional, AVG 6.0, Trojan Hunter and all your online scanners .. nothing tags this bugger.

KnightWaterTiger

Founder,

Brotherhood of Trans-Atlantic Knights

http://www.botaknights.com

Edited by mjc, 19 November 2003 - 06:47 PM.

[Galadriel]

Get Hijack This. Unzip using your favorite unzipping utility (http://www.winzip.com/)
Double click on the HijackThis.exe file. Press the "Scan" button, it will then change to "Save Log". Copy and paste its entire contents here. DO NOT fix anything yet, as most of what is listed is harmless or even needed.

http://tomcoyote.org/hjt/

[Zero]

Actually post the log here

http://tomcoyote.org...st&CODE=00&f=27

[KnightWaterTiger]

Done ...

[KnightWaterTiger]

Ahhhhhhhhh ..... It's back today.

New http ... OK< I'm throwing this computer out the window.

And, I had my SBS&D locked down!!!!!!

http://66.250.57.28/

WTF?

KnightWaterTiger

[Unzy]

Hi there, Can you open up the registry : start -> run -> type regedit and press enter Once inside press ctrl+f In the searchbox type cool-search.net and press 'search' Press F3 to find next Keep us posted if you found entries containing that name in the registry Thanks! Cheers,

[KnightWaterTiger]

HOMEOldSP -- deleted .... http://66.250.57.28/

cool-homepage -- delted

Deleted from Regedit ..............

.......................................................................................................................

The problem with this bug, is that it morphs .... changes.

I just ran Trendo Micro Housecall (online scan) .... caught 3 Java trojans, and I have now found the loaders that reboot this bug into the system

JAVA BYTVERIFY.A
JAVA CLOADER.E
JAVA BYTVERIFY.A

So, now you have it. I sent the log file into your shop yesterday ...

BTW, Norton's best missed this, AVG missed this ... CWS (updated) missed it, it turned off the SBD&D block on the homepage and allowed it to reinfest -- not on reboot, but just on reloading the IE page.

OK, calming down now... breathhhheeee

Now you know what I know.

Cheers.

KnightWaterTiger

Founder and council member,

Brotherhood of Trans-Atlantic Knights

BOTAKnights

[KnightWaterTiger]

IT'S BACK!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

WITHOUT REBOOT!!!!!!!!!!!!!!!!!!!!

http://66.250.57.28/

I hate this ....

CWS no workie on it ...

Nothing kills it.

HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!

WaterTiger

[YoKenny]

I put 66.250.57.26 - 66.250.57.28 in my Kerio firewall block rules.

You may want to use IE-SPYAD and update regularly:
http://www.staff.uiu...rce.htm#IESPYAD

[KnightWaterTiger]

Thanks Kenny .. that worked. WaterTiger

[Coyote]

I don't have the kinda $$ to afford any of the norton anti-evil softwares so I guess I'd have to settle for Ad-aware which happily located and removed the problem for me. Of course it means I have to stop visiting the very site that's causing me grief, I happen to know one and I'm gonna email the webmaster to see if he could help.

From http://TomCoyote.org under the Heading "My Tips for safer computing":
These are the steps that I use to keep safe from a lot of problems:
(Along with SpywareBlaster and SpywareGuard and SpyBotSD and AdAware)
One step would be to block the adservers, If you use IE then go to http://www.staff.uiuc.edu/~ehowes/ And read about how to install IESpyads.

Another suggestion would be to turn off scripting in IE in the Internet Zone since most popups occur from scripts. Read more about controlling the zones here

==================================

Those are all free programs (the links to those are on the link above)

as well read the following link:
http://www3.ca.com/P...e.asp?CID=52733
CA To Offer Free Antivirus And Firewall Software To Windows Users Worldwide
This offer gives you a free AV and Firewall of high quality to protect your system, I use both here, they work very well.