| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dean at centerpartners.com (Dean Porter)
Subject: Cool Web Search
Has any one dealt with a similar thing called "searchweb2.com"?
This installed itself into two folders: "C:\Program Files\htm acid soap",
and "C:\Documents and Settings\All Users\Application Data\spam wipe that
audio" and then integrated itself into Internet Explorer as a "Search Bar",
that you can't turn off or on via the Right-Click (over the toolbars)
toolbars menu. It also sets the home page to point to
"http://searchweb2.com" and then sets the "page can't be found" to a page
with directory it - which reloads it self.
Neither Adware nor Spybot did anything about this. BHODemon doesn't see it
either (though I loaded BHODemon after I was hit by this).
It seems to have a "hidden" process that runs an executable from one of
these folders ("2 LOAD SETUP.exe" or "Once Grid.exe") which loads up two
hidden copies IExplore, if you kill the IExplore processes, they relaunch.
I cleaned it off my system by booting in safe mode, removing the links from
HLM\Software\Microsoft\Windows\CurrentVersion\Run, cleaning with HiJackThis,
and then deleting the files in these folders.
Anyway, I was wondering if anyone else has dealt with this, what it actually
does (besides create a search bar and pop ads), and if I got it all.
Dean
Powered by blists - more mailing lists