Manual fix--CWS sp.html#XXXXX variant - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Manual fix--CWS sp.html#XXXXX variant

  1. #11
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    Originally posted here by groovicus
    I wish I did Tedob. The people that I help are usually tight lipped when I try to find out where they have been, so I have to guess the usual warez and porno sites.

    Next time I run across one, I'll see if I can get a user to match up a time of infection with their browsing history.

    I do have an installer for this though if you would like to play with it. It doesn't give alternate data streams though. I'm still trying to get ahold of one of those.
    yeah unfortunatly most people in gov. seem to think if they got it from porn or warez they deserve it. but their are plenty of other sites that lure users with "freebies" like graphics or game related things that do this for a buck as well.

    anything special about the D/Ler? i would like to take a look at it. run strings against it. probably have to decode the urls but yes i would like a look at it. every thing else is probably your typical trojan dropper...write to reg, download files register services etc.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  2. #12
    Junior Member
    Join Date
    Aug 2004
    Posts
    1
    Originally posted here by jinxy
    Yes

    And i do not think you answered in a roundabout way.

    I do understand the reticents from victims to tell where they got infected though. I have one friend who asked me to have a look at his laptop. He did a complete format and install befor he let me have his box. Doh.

    Still he paid me for updating it and giving him some protection.


    AAAAAAIGH!!! I found several of both in one of my home computers!! ok, the roommate was playing around and now I've got a computer to fix. None of these are secured in the slightest, and everyone on the lan seems convinced that downloading adaware will save them. heaven forbid they should download a shareware or two and actually pay for the use? ok. sorry, I'm ranting. It looks like I got the one with the about:blank oage, and so I'm going to follow the instructions here. And then I'm going to sector the bejesus out of this guy's hard drive, to make him think. finally, advice on a forum I can use. thanks for helping me through this.

  3. #13
    Senior Member
    Join Date
    Jul 2005
    Posts
    277
    Hi thenightangel,

    i see u are an 'old' newbie.

    It seems that the general practice here is to try not to re-open threads at their one-year
    anniversaries [sarcasm]
    Difficult takes a day, Impossible takes a week~Kthln01!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides