|
new cws hijack infestation, hijacks internet logfiles
i just had a brutal experience with cws hijack. i spent 17 hours tracking this bug down, used several scanners and other wise but just kept coming back. cws shredder found, deleted it once but it still came back, spysweeper would get rid of it in safe mode, but once rebooted it came back. through one of the programs showing what was running on my computer i stumbled accross a file called iamdb.rdb, i moved this file to a floppy, deleted it, rebooted and still had problems. finally i stumbled on windows downloads folder and noticed a strange file name sekure kontrol, opened it couldn't read any of it, tracked it, found it let to internet explorers log files. went to internet explorer log file folder and deleted all log files, and went into registry under zones for internet explorer and found under trusted a fourth category listed as meddum, opened and found it redirected all search, homepage and otherwise in internet explorer, deleted this, restarted and explorer and system tray wouldn't load, used startup disk, restored registry from a few days ago, restarted and it was up and running again, then reran all sweepers to clean up, and after an hour of clean up all is well again. what a mess.
i have the rdb file on floppy, as well as a couple other suspicious files that i came accross, i can't find the sekure kontrol file, i think i shredded it. if anyone is interested in thes files email me and i can see about getting you these files to play with and maybe come up with a way to protect ourselves against these hijacks.
|
