lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040611184714.GA22981@navigo.com>
From: rara at navigo.com (Rachael Treu-Gomes)
Subject: !! Internet Explorer !!

Sploit-du-jour, throwback from yesteryear, unpatched hole,
pr0n, javascript, careless install, operator error...you name 
it.  You might as well throw a dart at a page of possibilities
if you're trying to blindly diagnose the infection details.

If the suggested spyware removal agents don't fully do the 
trick and you find all web requests continually redirected 
to an alternate site, don't forget to visit and do some
housekeeping on your hosts file.

I'll happily second those in this thread who prescribe
deployment of FireFox or Netscape or Opera or any other
http MO than IE as a prophyllactic measure.  ;)

ymmv,
--ra

-- 
K. Rachael Treu-Gomes, CISSP       rara@...igo.com
..quis costodiet ipsos custodes?..

On Fri, Jun 11, 2004 at 07:48:22AM -0700, Harlan Carvey said something to the effect of:
> 
> >        Yesterday i was visitng web sites. so i felt
> > my computer slow. and that time i shutdown my
> > computer and go somewhere. now today i restarted my
> > computer and when i open internet explorer i got Web
> > Page. Which i didn't SET. and now i am not able to
> > write www.anydomain.com . when i type it gave me
> > error. and it is also opening Popup window
> > advertise. and it has 2 files in my windows
> > directory. when i removed them it comes back again.
> > So please tell me,
> > 1) what  is  it? 
> 
> Sounds like some sort of spyware/annoy-ware, that
> hijacks your default web page, feeds pop-ups, etc. 
> >From what little you've said, sounds like a Browswer
> Helper Object, perhaps.  
> 
> Some things you might mention are, what's this web
> page that you see, but didn't set?  What's the URL?
> 
> > 2) how i can delete/remove it ?
> 
> Spybot Search and Destroy.  AdAware.  HijackThis.  Run
> them all.
> 
> > 3) how i got this thing ?
> 
> >From web surfing.  It's also likely that you don't
> have (up-to-date) antivirus software.
> 
> > 4) how to secure from this thing ?
> 
> Stop using IE.  Try FireFox or Netscape.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ