Problem Infection??

In message , Oppie writes

It's a way to direct the nasty at localhost,

add lines like;

to %systemroot%\\system32\\drivers\\etc\\hosts

Any program that tries to access adhost.nasty.spyware will get directed to localhost but it takes time for the nasty to time out so it can slow your machine down. Good way to stop spyware if you can find a list of hosts.

You can also use it to give your network 'friendly' names instead of IP addresses but it's not easy to manage if your network has more than, say, five machines as it has to be the same on each machine.

I browse through an OpenBSD firewall running a Squid proxy. There's a publically available block list for Squid that contains a thousand or more domain names (incl wildcards) that serve adware. Squid blocks access to all those sites, which works *really* well.

You could adapt such a list (without the wildcards) to use in your host file.

Clifford Heath.

Yep. I downloaded a file with close to 1400 lines of ad servers and added another 20 of my own related to MySpace and YouTube ;-)

I also found an automated deleter for the Purityscan crap, "OiUninstaller.exe"

Hopefully I've weeded it all out.

Also made an interesting discovery that is sort of scary... one of these "worms" turned off auto-update on my wife's NAV. So I guess the game is get in, turn off the defenses and then let 'er rip :-(

...Jim Thompson

I kept getting re-infected by "Answerworks Runtime"; I finally got rid of it by creating a bunch of empty files (that it needs to install - I had to do this by hand) with the same filenames, and made them read-only.

Kinda reminded me of a "Keeper" - "It grows back. It always grows back." (see B5)

Cheers! Rich

Yes, W32.sven variants do that, and disable personal firewalls so they can run an SMTP server. That's one good reason for having a real firewall. Anyone without one who complains about spam is a hypocrite - and probably contributing to the problem themselves.

There is a program called, "Hijack this!" that will find a lot of hidden crap, but you have to know what you are doing, or you will trash your OS. You can run it and save the log, then post it on some sites where people will tell you what lines are causing your problems.

This is a very useful, but dangerous tool.

In message , Michael A. Terrell writes

There are also sites that will automatically parse the output from HJT and advise you what to delete.

NAV also shuts off when you don't pay to renew. I rip it out of a lot of computers where it came free with the computer, then shut down without the owner realizing what was happening. I replace it with AVG.