Spyware (take 2)

A while back I made a thread about an issue with spyware I was having… my homepage kept getting changed to http://nkvd.us (or http://searchpage.cc/) no matter how many times I changed it… I thought I had fixed the problem after running Ad-aware and Spybot 20 mil times, plus this new program I got called Spywiper. It turns out they did nothing, and I thought “oh well, I’ll just live with it” until recently I’ve been noticing I can’t download anything. >_< For example, I just tried to download something at download.com, and as soon as I clicked on “download now” it went to that http://nkvd.us search engine page…

I know it’s messed up my registry and I keep going in there and fixing it, but for one that doesn’t fix the downloading problem, and for two, it gets changed back right after I fix it o_O I guess there’s some kind of dll I still need to delete, but I don’t know how to find it.

Could anyone help? o_o

Sorry Astral, but you’ve picked up one of the nastiest spywares out there, it’s virtually impossible to remove, and believe me I’ve tried.

I can tell you how to remove it, but chances are it’ll come back every few days unless you do a full format (or unless you were lucky enough to get one of the more benign versions of CWS). The best solution is to simply give up on IE and switch to something else. Foxfire is a good alternative.

If you can’t download that I’m sure someone could send it to you in the chat.

This site purports to have information about how to remove “CWS”:

Ahh… I think it worked! :smiley: For now, at least. I’m crossing my fingers for a “benign” version o_o;

Thanks so much, both you guys! :smiley:

Cool little browser though, I downloaded it on a whim and I like it.

I recently reformatted my HDD for spywear reasons, and have used firefox ever sence and haven’t been happier with it’s ad, popup and spy wear blocking ability.

I’d love FireFox if it would make sense with the tabbed browsing. How hard can it be to include a function to make new windows appear as new tabs by default? Jesus.

Turn. Off. Active. X. And. Spyware. Is. Gone. Forever.

Edit - that won’t clean it, but you’ll never get it again.

<img src=“http://www.rpgclassics.com/subsites/twistedrpg/images/hero/rirse.gif”> Miss Astral, if you have the problem again, try using Hijack This, a free program at www.download.com that tends to catch the most annoying buggers. Granted I am no computer genius (that DarkSand :D), but this program does work most of the time. Yet if this CSS thing is really bad, then I do suggest the reformat.

It depends on the variant you have of CWS, the particular one I’m afflicted by doesn’t show up on Highjack This and all the other tools I’ve tried haven’t worked either.

Locke, killing active X isn’t the that much of a solution, ignoring the fact that disabling it makes your life harder, the most annoying spywares spred without it so while you’ll dodge the little stuff you’ll still be hit by the big stuff.

With Active X shut off, as far as I know, nothing can run in your browser except html and javascript (which you can also control). Active X allows things like flash, acrobat reader, office, etc. to run. It also allows spyware applications to run, and when doing so, gives them the user’s rights to do as they please on the machine. It’s the most insecure idea ever.

Turning Active X off will prevent anything from installing itself through your browser onto your machine without your knowledge. Of course, if you click a link to an executable, and click ‘yes’ to run it, you’ll still get hit with stuff - but that’s your fault. The only spyware I’ve ever gotten hit with is the the type that just installs itself because it’s “marked safe for scripting”, and default settings let it run. The only inconvenience no Active X causes is I have to add sites to my trusted zone when I do want to watch flash. But adding the 50 or so sites to the zone in the past year cost me ~much~ less time than running Adaware once, so it’s well worth the tradeoff, IMO.

My question to you is, with Active X turned off, and without you explicitly downloading and running something, how will you become infected with the spyware? I’m not talking about worms, or Outlook, or anything else - just browser security. I am very interested in your response.

Most spywares that are installed without the use of Active X do so by using security holes in Microsoft’s Java virtual machine. There are several variants of CWS that utilise these weaknesses to infect systems. Without going into too much details, the way it basically works is by using very carefully constructed objects (they can be classes or strings it doesn’t really matter) which are designed so that part of the content overflows out of the allocated space for an object of that type and into your active memory. From there someone can run virtually anything.

Creating this type of spyware is much harder which is why those who use this type of loophole tend to create better programs.

The reason I got infected with this CWS crap in the first place is that I downloaded a program called Morpheus. Otherwise, I’ve never had any issues that Ad-aware and spybot couldn’t take care of. So, since I don’t want to make my life harder, I think I’ll keep Active X on. :stuck_out_tongue:

Oh, and thanks for the suggestion, Rirse. :slight_smile:

Ah, the obsolete and unsupported Microsoft JVM. That would do it!

Just go to firefox. Or even opera, or ANYTHING other than MSIE. Its such a piece of shit, using firefox is like a breath of fresh air. Literally.

The file-sharing thing? Did you download it from their website, or some other third-party site?

I got it from download.com… :\ That thing really screwed up my computer. Oh well. I guess I learned my lesson. I’ll stick with direct connect ;p