A while back I made a thread about an issue with spyware I was having… my homepage kept getting changed to http://nkvd.us (or http://searchpage.cc/) no matter how many times I changed it… I thought I had fixed the problem after running Ad-aware and Spybot 20 mil times, plus this new program I got called Spywiper. It turns out they did nothing, and I thought “oh well, I’ll just live with it” until recently I’ve been noticing I can’t download anything. >_< For example, I just tried to download something at download.com, and as soon as I clicked on “download now” it went to that http://nkvd.us search engine page…
I know it’s messed up my registry and I keep going in there and fixing it, but for one that doesn’t fix the downloading problem, and for two, it gets changed back right after I fix it o_O I guess there’s some kind of dll I still need to delete, but I don’t know how to find it.
Sorry Astral, but you’ve picked up one of the nastiest spywares out there, it’s virtually impossible to remove, and believe me I’ve tried.
I can tell you how to remove it, but chances are it’ll come back every few days unless you do a full format (or unless you were lucky enough to get one of the more benign versions of CWS). The best solution is to simply give up on IE and switch to something else. Foxfire is a good alternative.
If you can’t download that I’m sure someone could send it to you in the chat.
It depends on the variant you have of CWS, the particular one I’m afflicted by doesn’t show up on Highjack This and all the other tools I’ve tried haven’t worked either.
Locke, killing active X isn’t the that much of a solution, ignoring the fact that disabling it makes your life harder, the most annoying spywares spred without it so while you’ll dodge the little stuff you’ll still be hit by the big stuff.
Turning Active X off will prevent anything from installing itself through your browser onto your machine without your knowledge. Of course, if you click a link to an executable, and click ‘yes’ to run it, you’ll still get hit with stuff - but that’s your fault. The only spyware I’ve ever gotten hit with is the the type that just installs itself because it’s “marked safe for scripting”, and default settings let it run. The only inconvenience no Active X causes is I have to add sites to my trusted zone when I do want to watch flash. But adding the 50 or so sites to the zone in the past year cost me ~much~ less time than running Adaware once, so it’s well worth the tradeoff, IMO.
My question to you is, with Active X turned off, and without you explicitly downloading and running something, how will you become infected with the spyware? I’m not talking about worms, or Outlook, or anything else - just browser security. I am very interested in your response.
Most spywares that are installed without the use of Active X do so by using security holes in Microsoft’s Java virtual machine. There are several variants of CWS that utilise these weaknesses to infect systems. Without going into too much details, the way it basically works is by using very carefully constructed objects (they can be classes or strings it doesn’t really matter) which are designed so that part of the content overflows out of the allocated space for an object of that type and into your active memory. From there someone can run virtually anything.
Creating this type of spyware is much harder which is why those who use this type of loophole tend to create better programs.
The reason I got infected with this CWS crap in the first place is that I downloaded a program called Morpheus. Otherwise, I’ve never had any issues that Ad-aware and spybot couldn’t take care of. So, since I don’t want to make my life harder, I think I’ll keep Active X on.