lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <679368ACAEF95C43B69BEEDD95AF4377192A508C@exchftc01.centerpartners.com>
From: dean at centerpartners.com (Dean Porter)
Subject: Cool Web Search

Has any one dealt with a similar thing called "searchweb2.com"? 

This installed itself into two folders: "C:\Program Files\htm acid soap",
and "C:\Documents and Settings\All Users\Application Data\spam wipe that
audio" and then integrated itself into Internet Explorer as a "Search Bar",
that you can't turn off or on via the Right-Click (over the toolbars)
toolbars menu. It also sets the home page to point to
"http://searchweb2.com" and then sets the "page can't be found" to a page
with directory it - which reloads it self. 

Neither Adware nor Spybot did anything about this. BHODemon doesn't see it
either (though I loaded BHODemon after I was hit by this). 

It seems to have a "hidden" process that runs an executable from one of
these folders ("2 LOAD SETUP.exe" or "Once Grid.exe") which loads up two
hidden copies IExplore, if you kill the IExplore processes, they relaunch. 

I cleaned it off my system by booting in safe mode, removing the links from
HLM\Software\Microsoft\Windows\CurrentVersion\Run, cleaning with HiJackThis,
and then deleting the files in these folders.

Anyway, I was wondering if anyone else has dealt with this, what it actually
does (besides create a search bar and pop ads), and if I got it all.  

Dean



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ