[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <001001c49869$077c9650$6500a8c0@p41700>
From: chows at ozemail.com.au (Gregh)
Subject: drive by shooting - got hit by mysearch toolbar
----- Original Message -----
From: <fulldisclosure@...eraxe.demon.nl>
To: <full-disclosure@...ts.netsys.com>
Sent: Sunday, September 12, 2004 9:58 AM
Subject: [Full-Disclosure] drive by shooting - got hit by mysearch toolbar
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All patches installed on w2k server ie6
> except :
>
> journal viewer
> net framework
> directx9.0b
> media player 9
>
> googled for 'how to configure htaccess on apache', firts hit was this
> page :
>
> www.thesitewizard.com/apache/index.shtml
>
Interested in what gets where so went and looked after reading your message.
Tried it on main machine connected to net with XPSP2 fully patched. Nothing.
Tried it on LAN (using only ICS) XPSP2 laptop and again nothing. Even
rebooted it to test again. Thought it may be able to get through IESP1 so
tried a 98SE machine connected to the lan with only IE6SP1 on it and again
nothing.
I would think that it came from elsewhere in your setup. From what I have
been able to learn. an infected machine either doesn't or it may be doesn't
"in some cases" actually show signs of this problem until it has been
rebooted, whereupon all the shit gets installed. It is possible it was
already there on your machine prior to going to that web site. I wouldn't
mind tracking through your history to see where it came from, actually. I
have had great success getting rid of the damned thing easily using
HiJackThis to just list entries and pick out the crap, delete the entries
and associated exes from machines I look after for a job. I don't try to get
it to auto disinfect, just list so I can removed them. Maybe this can help
you.
Greg.
Powered by blists - more mailing lists