CWS hijack pulls a nasty stunt

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Metallica

Thread Starter
Malware Specialist
Joined
Jan 28, 2003
Messages
692
For anyone not familiar with this hijacker: CWS Chronicles

The latest version included a very nasty surprise.
They mutated the DNSRelay variant (number 8 at the site above) to include a hosts file hijack, including these lines:
O1 - Hosts: 64.135.204.60 spywareinfo.com
O1 - Hosts: 64.135.204.60 www.spywareinfo.com
O1 - Hosts: 64.135.204.60 lavasoftsupport.com
O1 - Hosts: 64.135.204.60 www.lavasoftsupport.com

Effectively disabling people from downloading HijackThis and CWShredder from their normal download-links and getting support at some of the most renowned anti-spyware-forums.

If you experience problems downloading both these programs and fear you have been hit by this hijack, please use this link:
http://216.180.252.218/~spywareinfo.com/downloads/tools/hijackthis.zip

Then unzip, double-click HijackThis.exe and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log as a .txt file, and copy and paste its contents into your next post.

Most of what it lists will be harmless, so do not fix anything yet.

Regards,

Pieter
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top