Author Topic: CWS Hijacker trojans  (Read 6914 times)

0 Members and 1 Guest are viewing this topic.

Offline mr.morden

  • Jr. Member
  • **
  • Posts: 44
  • if life is a trip,where's my ticket?
    • Teh Stoner Club
CWS Hijacker trojans
« on: January 19, 2004, 11:16:49 PM »
 ???

umm..does avast find those nasty browser hijack trojans?
if not can it be added to avast someday?


Offline Culpeper

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1187
Re:CWS Hijacker trojans
« Reply #1 on: January 20, 2004, 12:35:15 AM »
Got any examples
The wind in the wires made a tattletale sound
And a wave broke over the railing
And every man knew, as the Captain did, too,
T'was the witch of November come stealing.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re:CWS Hijacker trojans
« Reply #2 on: January 20, 2004, 01:51:10 AM »
???

umm..does avast find those nasty browser hijack trojans?
if not can it be added to avast someday?


Better Backdoor/Trojan detection is always a expected feature. Maybe the WISHLIST will be the best place to ask for a specific thing.  ;)
The best things in life are free.

Offline .: Mac :.

  • Avast √úberevangelist
  • Ultra Poster
  • *****
  • Posts: 5089
Re:CWS Hijacker trojans
« Reply #3 on: January 20, 2004, 02:40:46 AM »
untill then be sure to have a good backup scanner like F-Secure
"People who are really serious about software should make their own hardware." - Alan Kay

Offline mr.morden

  • Jr. Member
  • **
  • Posts: 44
  • if life is a trip,where's my ticket?
    • Teh Stoner Club
Re:CWS Hijacker trojans
« Reply #4 on: January 20, 2004, 11:33:54 AM »
Overview
Summary: Hijacker that runs a Java applet. Requires older or unpatched version of Microsoft Internet Explorer. Some variants (eg., CWS.Vrape) will redirect to adult sites or invoke dialers.  
Alias: Blackbox Trojan, Cool Web Search, Exploit-ByteVerify, Java/Shinwow.F.Blackbox.Trojan, JS.Exception.Exploit, PopMonster, Trojan.Bootconf, Trojan.Qhosts.A, Trojan.Qhosts.B, Verify
Category: Hijacker: Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Homepage Hijackers will change your home page to some other site. Error Hijackers will display a new error page when a requested URL is not found.
 
Variants: CWS.AddClass
CWS.AFF.IEDLL
CWS.AFF.MadFinder
CWS.AFF.WinShow
CWS.AlFaSearch
CWS.Bootconf
CWS.Ctfmon32
CWS.DataNotary
CWS.DNSRelay
CWS.DReplace
CWS.Dwinf
CWS.GoogleMS
CWS.IEFeats
CWS.LoadBAT
CWS.MSConfd
CWS.MSInfo
CWS.MSOffice
CWS.Msspi
CWS.MSwsc10
CWS.MUpdate
CWS.OEMSysPNP
CWS.OSLogo
CWS.QTTasks
CWS.Svchost32
CWS.Svcinit
CWS.TapiCFG
CWS.TheRealSearch
CWS.Vrape
CWS.XPlugin
 
i did have this nasty bugger in my other comp "CWS.GoogleMS"
avast did not find it,i did use CWShredder and it did cut that trojan to million pieces :P

would be great if Avast would detect those browser hijackers(dont know does it detect some of those but CWS.GoogleMS did fool Avast-


check this site up

http://www.pestpatrol.com/pestinfo/c/cws.asp

there is plenty of info about those nasty buggers
« Last Edit: January 20, 2004, 11:46:53 AM by mr.morden »

Offline shgoh

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 977
Re:CWS Hijacker trojans
« Reply #5 on: May 16, 2004, 05:32:50 PM »
i just realised that my comp is infected with CWS.GoogleMS.3 after doing a scan with pest patrol >:(...despite i'm having spywareblaster...spywareguard...spybots&d and ad-aware

Quote
i did have this nasty bugger in my other comp "CWS.GoogleMS"
avast did not find it,i did use CWShredder and it did cut that trojan to million pieces :P

cwshredder doesn't work for me! :'(

any help?
« Last Edit: May 16, 2004, 05:33:56 PM by shgoh »
lIfE iS sAd...yOu NeVeR kNoW wHaT yOu GoNnA gEt... :'(

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31309
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:CWS Hijacker trojans
« Reply #6 on: May 16, 2004, 05:39:46 PM »
People often don't know how to remove virusses/trojans/hijackers in the correct way. Causing the virus/hijacker to return after the reboot. Some virusses simply will not be removed completely because people try to remove them while they are still in use. I created a easy 5 step way to clean a system from then all. http://members.home.nl/edeijl/acred/cleaning.htm I hope this site will help solve the problems for many people.

Offline shgoh

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 977
Re:CWS Hijacker trojans
« Reply #7 on: May 16, 2004, 05:57:17 PM »
thanks artras...i tried it in safe mode...doesn't work...or is it a false positive??? ???

http://forums.computeractive.co.uk/thread.jsp?forum=5&thread=29045

http://computercops.biz/postp137708.html
lIfE iS sAd...yOu NeVeR kNoW wHaT yOu GoNnA gEt... :'(

Offline shgoh

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 977
Re:CWS Hijacker trojans
« Reply #8 on: May 17, 2004, 06:36:20 AM »
the problem is whenever i change my IE homepage from msn.com to a blank page...ad-aware picks up something

Vendor:Possible Browser Hijack attempt
Category:Malware
Object Type:RegData
Size:-
Location:Software\Microsoft\Internet Explorer\Main "Start Page" ("about:blank")
Last Activity:17/5/2004
Risk LevelMedium
Comment:Possible browser hijack attempt
Description:Possible attempt to control\redirect the browser. This object refers to a "blacklisted" site.

when i quarantined it with ad-aware....then my homepage is back to msn.com ???...this is an endless loop!!!

i.e. ..i can't have my IE homepage set to blank page with ad-aware catches me changing the homepage!!!

anyone with the same problem?
« Last Edit: May 17, 2004, 06:40:26 AM by shgoh »
lIfE iS sAd...yOu NeVeR kNoW wHaT yOu GoNnA gEt... :'(

Offline shgoh

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 977
Re:CWS Hijacker trojans
« Reply #9 on: May 18, 2004, 09:58:52 AM »
since no one got the same problem as me...can someone please kindly help me do a scan at pest patrol?

http://www.pestscan.com/ScanOrTrial.asp

and see if it's a false positive...thanks! :D
lIfE iS sAd...yOu NeVeR kNoW wHaT yOu GoNnA gEt... :'(

Offline Tallman

  • Newbie
  • *
  • Posts: 1
Re:CWS Hijacker trojans
« Reply #10 on: May 18, 2004, 03:26:42 PM »
Yes shgoh, I experienced the same thing. Since one of the most recent ref-files, Ad-aware detects the "about:blank" as a possible browser homepage hijack.

They are right in a certain way, because one of the CWS-variants does hijack your homepage and sets it to "about:blank". The disappointing thing is that Ad-aware cannot detect the hijack from a manual setting.

As a solution (or rather work-around) you can add this item in Ad-aware to your ignore list so it won't bug you the next time.