Report New Spyware Here

As consumers and businesses, we must continue to fight the threat of privacy invasion.  I cannot believe people are willing to sacrifice their privacy so easily!  I hope the government, business, and consumers will soon be able to go on the offensive against the idiots who try and spoil the Internet and send them programs that load their computers with spyware, adware, malware, viruses, new web pages, etc.  I would like to see how the hackers respond.  Perhaps the people that have hacking skills could turn their skills to good use by helping to defend the computer networks of the United States from outside hack attempts.  A company with China sent me a 17500 attack that ZoneAlarm stopped before I installed a hardware firewall as well as my ZoneAlarm software firewall.  In my opinion, it is ridiculous how much effort people must go to in order to protect their computers.  

Just wanted to add that 1,000 and below is considered normal port scanning activity.  In the recent movie that was based on a true story "Catch me if you Can", we have an example of someone who turned their bad ckeck writing skills to good use to help the government.  Perhaps, others who make this mistake will follow the movie's example.  Have a great day!

Yep that seems to be a brand new one

Each time a different dll, corresponding with a BHO

Every infection = new dll man the shredder will have a tough time dealing with this

Cheers,

Covered in 1.56.0

Ah, that should be wonderfull news! Because the logs infected with this type are flying around my ears here  

Hi Dew,

Could you please post only CWS related news here? Thnx!

Cheers,

I don't think the shredder at this point removes these type of infections

Too many users reporting they ran the latest version with no luck

I suspect something sneaky reinfects the user

I don't think the shredder at this point removes these type of infections

Too many users reporting they ran the latest version with no luck

I suspect something sneaky reinfects the user

Yup. Got one too now. Bizarre. It works all the time and then suddenly there's one where it keeps coming back.    

The shredder has been updated :

Hi all, this version should take care of the fake Osborne
Popup Blocker BHO that CWS.Smartfinder.2 uses to regenerate.
Users have reported the entire problem went away after deleting it,
so I'm assuming this works. The real Osborne BHO (other CLSID, other
folder) is untouched.

CWShredder 1.56.2:
* Updated for CWS.Smartfinder.2, which was indeed being reinstalled by a
fake BHO pretending to be the 'Osborn Popup Blocker'.

* Updated for a new distribution method of the mshp.dll (iefeatsl) variant
using an installer file dropped in the IE folder (CLSID
{10000000-1000-0000-1000-000000000000}).

Good job

Cheers,

Some users are still complaining about re-infection.

It's best to run the shredder in safe mode, after downloading it into a folder of choice.

Click Here how to start PC in Safe Mode

Cheers,

Another variant with some tricky stuff has showed up

Hijack to enjoysearch

This file is the culprit :

jushed32.exe <-

It can hide from a HijackThis log. Fix the R0 and R1 entries, then if you have win2k/xp you can end the process via taskmanager and remove it from your PC. It could be that after doing so it suddenly pops up in a HijackThis log, but fixing the entry then is enough.

win9x/ME systems will have to reboot in safe mode and remove manually C:\WINDOWS\jushed32.exe

Well, at least untill the shredder is updated When it is, this will be all done for you!

Example HERE

Cheers,

And another one :

sysdll32.exe

File responsible for this browser Hijack :

hxxp://www.wholeworldmarket.com/search/

Style sheet present as well

Adds a few to the favorites folder as well

As seen HERE

Cheers,

O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\AddCLS.exe

Found on a Dutch forum

That log is a mess but there is a CWS URL inside the file pointing to hxxp://www.tadstore.cc

Pieter

CWSHredder 1.56.3 covers that one:

* Updated for CWS.Systeminit.2 (filename sysdll32.exe, hijacking to
wholeworldmarket.com,
drops sstyle.css stylesheet).
* Updated for CWS.Addclass.2 (uses filename addcls.exe instead, hijacks to
e-finder.cc,
tadstore.cc and rightfinder.net).

Sorry for going off topic.  Can you donate to help support the development of CWShredder?

Hi Dew7,

Yes you can :

http://www.spywareinfo.com/~merijn/donate.html

Cheers,

start.chm / MSITStore (MasterSearch)

A new type of CWS variant that uses an exploit to reset a user's homepage.

More info HERE

Responsible entries in a HijackThis log :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\WINDOWS\start.chm::/start.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\WINDOWS\start.chm::/start.html

A workaround for this exploit is provided HERE

There should be an official microsoft patch soon, please keep an eye for updated patches at windowsupdate.com

NOTE* : There is offered a removal tool (remove.exe) on their site which seems legit and does work, however it is believed it creates a GUID (Global Unique IDentifier) which can always 'distinguish' a user, meaning : they can track you down and follow your actions on the net, kinda like WMP.

Cheers,