lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: chows at ozemail.com.au (Gregh)
Subject: drive by shooting - got hit by mysearch toolbar

----- Original Message ----- 
From: <fulldisclosure@...eraxe.demon.nl>
To: <full-disclosure@...ts.netsys.com>
Sent: Sunday, September 12, 2004 9:58 AM
Subject: [Full-Disclosure] drive by shooting - got hit by mysearch toolbar


>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All patches installed on w2k server ie6
> except :
>
> journal viewer
> net framework
> directx9.0b
> media player 9
>
> googled for 'how to configure htaccess on apache', firts hit was this
> page :
>
> www.thesitewizard.com/apache/index.shtml
>

Interested in what gets where so went and looked after reading your message. 
Tried it on main machine connected to net with XPSP2 fully patched. Nothing. 
Tried it on LAN (using only ICS) XPSP2 laptop and again nothing. Even 
rebooted it to test again. Thought it may be able to get through IESP1 so 
tried a 98SE machine connected to the lan with only IE6SP1 on it and again 
nothing.

I would think that it came from elsewhere in your setup. From what I have 
been able to learn. an infected machine either doesn't or it may be doesn't 
"in some cases" actually show signs of this problem until it has been 
rebooted, whereupon all the shit gets installed. It is possible it was 
already there on your machine prior to going to that web site. I wouldn't 
mind tracking through your history to see where it came from, actually. I 
have had great success getting rid of the damned thing easily using 
HiJackThis to just list entries and pick out the crap, delete the entries 
and associated exes from machines I look after for a job. I don't try to get 
it to auto disinfect, just list so I can removed them. Maybe this can help 
you.

Greg.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ