egafd.com

egafd/bgafd forums
https://www.egafd.com/fora/

Angie George on RealCouples.co.uk

https://www.egafd.com/fora/viewtopic.php?t=111277

Page 2 of 2

Re: Angie George on RealCouples.co.uk

Posted: Sat Jan 03, 2004 9:27 am
by joe king
Is this Internet Explorer ? What was the name of the trojan you found?
What did the trojan do? You said it resets the home page - what else?

Re: Angie George on RealCouples.co.uk

Posted: Sat Jan 03, 2004 9:49 am
by Pianaman
The trojan was called fntldr.exe and was in my system folder. Norton just describes it as a "Startpage Trojan". Norton antivirus found it but only after I ran a scan with a utility called CWShredder because I suspected this may have been due to a variant of the coolwebsearch "virus" as on closer examination I found my search engine had been changed too. CWShredder found 15 extra entries in my registry as well. So it looks like my browser was "hijacked" to load up popups and take me to sites with diallers presumably when surfing to certain sites. Bastards!

Coolwebsearch is getting more and more dangerous, I've been infected by it before but this is the first time I've got diallers popping up which is why initially I thought it was from the the site.

I don't use IE - I use a browser called Avantbrowser which has more sophisticated popup stoppers but it let this through and so did my firewall and antivirus programme which is worrying.

Re: Angie George on RealCouples.co.uk

Posted: Sat Jan 03, 2004 10:47 am
by joe king
Avantbrowser i think is based on IE - it possibly uses the same IE control

is it this one?



looks like it was an email attachment?

Re: Angie George on RealCouples.co.uk

Posted: Sat Jan 03, 2004 1:31 pm
by Pianaman
No I certainly don't open attachments I don't know about - its this one:



I've also found a load of info about this particular parasite here:



Seems this coolwebsearch vermin install's itself without asking from popups you encounter on some webpages, then it takes over your search engine, install trojans in your system folder and places loads of shite in the registry. Some versions even install a hacked winsock file which really messes up your system.

These assholes should be closed down.

The spyware info forum has loads of useful info on how to deal with these threats.

Re: Angie George on RealCouples.co.uk

Posted: Sat Jan 03, 2004 3:35 pm
by joe king
thanks for the info
Well, seems like a java vm exploit and the security patch is here



you must of had a vm which was before 5.00.3810

more info from microsoft here



more info about the java trojan


Re: Angie George on RealCouples.co.uk

Posted: Sat Jan 03, 2004 4:20 pm
by Pianaman
I applied the patch after I ran CWShredder last night. But another alternative is to get rid of Microsoft's buggy vrrtual machine completely and just use the Sun Java Machine.

More info on that here:



I'm not sure if there would be any negative consequences from doing this but Microsoft don't support it anymore anyway.

CWShredder is available from Merjyn's page - very useful tool (so is Hijackthis)
All times are UTC
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited