CWS..It Is All True

I apologise in advance for this posting.I know,I annoy a
great many people with my often muddled observations.

I am writing this because it *may* be of help to someone
out there.With regards to the new CWS variant.I can
confirm,it is more virulent than ever before,and utterly
unfixable by any means.

Please,take my advice and disable active scripting of any
kind in I.E.

I lower this setting in order to be able to post
here,because the net interface will not work without it.I
also needed to lower scripting controls to access Windows
Update,since I purchased and installed Microsoft Works
earlier.

I felt certain,this product must be in need of security
patches immediately after the install,like any other from
Microsoft.(No,those aren't hateful words,I just know the
drill)I had no idea where to find any...

Suffice to say,Spybot Search And Destroy's Tea-Timer
alerted me to an attempted registry alteration.I denied
the change.I am also running Spyware Guard.Believe
me,aside from the scripting,my I.E. advanced settings are
secure to the max.

The hijack took place,nonetheless.All Javacool's Spyware
Blaster and Spybot Search And Destroy were able to do was
block whatever pornographic filth might've shown up in
the search pane,which as I write this,displays an Action
Cancelled page.

HijackThis! did not show any evidence of the search
engine hijack.I ran CWS Shredder,which flagged the
CWS,then returned a fixed result.I ran it a second
time,as is customary,and CWS Trojan.2 attempted to shut
it down...

There is no entry in the hosts file causing redirects.Ad-
Aware,a-squared,nor any of the battery of armaments I
have at my disposal can touch it.They can't even detect
it.

Running XP SP 2 RC 1 Beta.About to reinstall.Hope this
report was useful to someone,somewhere.

Sadie

Have you try downloading this program

http://download.broadbandmedic.com/...f/VX2Finder.exe

run it and post the log file here.

This help remove spywares that HiJackthis and CWShredder can't clean.


On Wed, 19 May 2004 10:38:50 -0700, "Sadie"
<anonymous@discussions.microsoft.com> wrote:

>I apologise in advance for this posting.I know,I annoy a
>great many people with my often muddled observations.
>
>I am writing this because it *may* be of help to someone
>out there.With regards to the new CWS variant.I can
>confirm,it is more virulent than ever before,and utterly
>unfixable by any means.
>
>Please,take my advice and disable active scripting of any
>kind in I.E.
>
>I lower this setting in order to be able to post
>here,because the net interface will not work without it.I
>also needed to lower scripting controls to access Windows
>Update,since I purchased and installed Microsoft Works
>earlier.
>
>I felt certain,this product must be in need of security
>patches immediately after the install,like any other from
>Microsoft.(No,those aren't hateful words,I just know the
>drill)I had no idea where to find any...
>
>Suffice to say,Spybot Search And Destroy's Tea-Timer
>alerted me to an attempted registry alteration.I denied
>the change.I am also running Spyware Guard.Believe
>me,aside from the scripting,my I.E. advanced settings are
>secure to the max.
>
>The hijack took place,nonetheless.All Javacool's Spyware
>Blaster and Spybot Search And Destroy were able to do was
>block whatever pornographic filth might've shown up in
>the search pane,which as I write this,displays an Action
>Cancelled page.
>
>HijackThis! did not show any evidence of the search
>engine hijack.I ran CWS Shredder,which flagged the
>CWS,then returned a fixed result.I ran it a second
>time,as is customary,and CWS Trojan.2 attempted to shut
>it down...
>
>There is no entry in the hosts file causing redirects.Ad-
>Aware,a-squared,nor any of the battery of armaments I
>have at my disposal can touch it.They can't even detect
>it.
>
>Running XP SP 2 RC 1 Beta.About to reinstall.Hope this
>report was useful to someone,somewhere.
>
>Sadie

>-----Original Message-----
>I apologise in advance for this posting.I know,I annoy a
>great many people with my often muddled observations.
>
>I am writing this because it *may* be of help to someone
>out there.With regards to the new CWS variant.I can
>confirm,it is more virulent than ever before,and utterly
>unfixable by any means.
>
>Please,take my advice and disable active scripting of
any
>kind in I.E.
>
>I lower this setting in order to be able to post
>here,because the net interface will not work without
it.I
>also needed to lower scripting controls to access
Windows
>Update,since I purchased and installed Microsoft Works
>earlier.
>
>I felt certain,this product must be in need of security
>patches immediately after the install,like any other
from
>Microsoft.(No,those aren't hateful words,I just know the
>drill)I had no idea where to find any...
>
>Suffice to say,Spybot Search And Destroy's Tea-Timer
>alerted me to an attempted registry alteration.I denied
>the change.I am also running Spyware Guard.Believe
>me,aside from the scripting,my I.E. advanced settings
are
>secure to the max.
>
>The hijack took place,nonetheless.All Javacool's Spyware
>Blaster and Spybot Search And Destroy were able to do
was
>block whatever pornographic filth might've shown up in
>the search pane,which as I write this,displays an Action
>Cancelled page.
>
>HijackThis! did not show any evidence of the search
>engine hijack.I ran CWS Shredder,which flagged the
>CWS,then returned a fixed result.I ran it a second
>time,as is customary,and CWS Trojan.2 attempted to shut
>it down...
>
>There is no entry in the hosts file causing redirects.Ad-
>Aware,a-squared,nor any of the battery of armaments I
>have at my disposal can touch it.They can't even detect
>it.
>
>Running XP SP 2 RC 1 Beta.About to reinstall.Hope this
>report was useful to someone,somewhere.
>
>Sadie
>.
>
I believe the folks at www.spywareinfo.com are working on
this as we speak.

Thanks for the replies,but,I've completed the reinstall.I
wasn't about to take any chances with something that
could add child porn links in my favourites.

Good to know the guys at spyware info are working on it.

VX2Finder had nothing on this beaut.

Anyway,nice clean reformatted drive and reinstalled
O.S.,can't complain.At least now,I've seen a hijack for
real!

Sadie
>-----Original Message-----
>Have you try downloading this program
>
>http://download.broadbandmedic.com/...f/VX2Finder.exe
>
>run it and post the log file here.
>
>This help remove spywares that HiJackthis and CWShredder
can't clean.
>
>
>On Wed, 19 May 2004 10:38:50 -0700, "Sadie"
><anonymous@discussions.microsoft.com> wrote:
>
>>I apologise in advance for this posting.I know,I annoy
a
>>great many people with my often muddled observations.
>>
>>I am writing this because it *may* be of help to
someone
>>out there.With regards to the new CWS variant.I can
>>confirm,it is more virulent than ever before,and
utterly
>>unfixable by any means.
>>
>>Please,take my advice and disable active scripting of
any
>>kind in I.E.
>>
>>I lower this setting in order to be able to post
>>here,because the net interface will not work without
it.I
>>also needed to lower scripting controls to access
Windows
>>Update,since I purchased and installed Microsoft Works
>>earlier.
>>
>>I felt certain,this product must be in need of security
>>patches immediately after the install,like any other
from
>>Microsoft.(No,those aren't hateful words,I just know
the
>>drill)I had no idea where to find any...
>>
>>Suffice to say,Spybot Search And Destroy's Tea-Timer
>>alerted me to an attempted registry alteration.I denied
>>the change.I am also running Spyware Guard.Believe
>>me,aside from the scripting,my I.E. advanced settings
are
>>secure to the max.
>>
>>The hijack took place,nonetheless.All Javacool's
Spyware
>>Blaster and Spybot Search And Destroy were able to do
was
>>block whatever pornographic filth might've shown up in
>>the search pane,which as I write this,displays an
Action
>>Cancelled page.
>>
>>HijackThis! did not show any evidence of the search
>>engine hijack.I ran CWS Shredder,which flagged the
>>CWS,then returned a fixed result.I ran it a second
>>time,as is customary,and CWS Trojan.2 attempted to shut
>>it down...
>>
>>There is no entry in the hosts file causing
redirects.Ad-
>>Aware,a-squared,nor any of the battery of armaments I
>>have at my disposal can touch it.They can't even detect
>>it.
>>
>>Running XP SP 2 RC 1 Beta.About to reinstall.Hope this
>>report was useful to someone,somewhere.
>>
>>Sadie
>
>.
>