Крымский форум (Crimea-Board) Поиск Участники Помощь Текстовая версия Crimea-Board.Net
Здравствуйте Гость .:: Вход :: Регистрация ::. .:: Выслать повторно письмо для активации  
 
> Рекламный блок.
 

Реклама на форуме
 
> Ваша реклама, здесь
 
 
 

  Start new topic Start Poll 

> I-Lookup Toolbar, описание уязвимости в новостях вирусняка
Подписка на тему | Сообщить другу | Версия для печати | Добавить в закладки
bredonosec |
Дата 27 Июня, 2004, 18:26
Quote Post



Unregistered


К теме о Ошибки IE используются для распространения pop-up тулбара
Цитата :
вот полез в Google и нарыл инфу по удалению этого тулбара:

http://groups.google.com/groups?selm=%23GA...FTNGP09.phx.gbl

From: Jim Byrd (jrbyrd@spamlessadelphia.net)
Subject: Re: I-Lookup.Com Bar
View: Complete Thread (11 articles)
Original Format
Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser
Date: 2004-05-27 13:26:48 PST


Hi Mark - Courtesy of S. Ramesh.

Download the iLookup killer from here: [All Variants]
http://www.mvps.org/sramesh2k/utils/ilookup_kill.exe

http://www.i-lookup.com/uninstall.exe [Old]
http://www.i-lookup.com/uninstall2.exe [New Variants]

To remove the Toolbar: Use ToolbarCop:
http://www.mvps.org/sramesh2k/utils/ToolbarCop.exe

Manual Removal:
http://doxdesk.com/parasite/ILookup.html

Also, use Ad-Aware (www.lavasoftusa.com) to scan for any other spyware.
* Update the pattern file first, using "WebUpdate" feature *

References: [Variances of this spyware;manual removal procedure]
http://www.pestpatrol.com/PestInfo/i/ilookup_sbus.asp
http://www.pestpatrol.com/PestInfo/i/ilookup_ineb.asp

Ramesh - Microsoft MVP
http://www.mvps.org/sramesh2k



and from me:

Note that this symptom often indicates the possibility of other malware. You
might want go to this page at Jim Eshelman's site, here:
http://aumha.org/a/noads.htm and wait a little bit (be patient), while an
analysis of a number of possible parasites on your machine will be made to
help you identify and remove them. NOTE: You will need to disable Ad
Blocking in Zone Alarm 3.x, if present or any other Ad Blocking software
which interferes with Java Scripting for this scan to work. You should get a
message between the two lines of **** giving the results of the scan.

For the general hijack case, the best way to start is to get Ad-Aware 6.0,
Build 181 or later, here: http://www.lavasoftusa.com/support/download/.
UPDATE and run this regularly to get rid of most "spyware/hijackware" on
your machine. If it has to fix things, be sure to re-boot and rerun AdAware
again and repeat this cycle until you get a clean scan. The reason is that
it may have to remove things which are currently "in use" before it can then
clean up others.

Another excellent program for this purpose is SpyBot Search and Destroy
available here: http://security.kolla.de/ SpyBot Support Forum here:
http://www.net-integration.net/cgi-bin/for...s/ikonboard.cgi. I recommend
using both normally. After UPDATING and fixing things with SpyBot S&D, be
sure to re-boot and rerun SpyBot again and repeat this cycle until you get a
clean "no red" scan. The reason is that SpyBot sometimes has to remove
things which are currently "in use" before it can then clean up others.



Note that sometimes you need to make a judgement call about what these
programs report as spyware. See here, for example:
http://www.imilly.com/alexa.htm



A currently common parasite which can cause this symptom is some malware
called CoolWebSearch. Do the following:


Download, UPDATE before running, and run:
http://209.133.47.200/~merijn/files/CWShredder.exe to remove the parasite.
Be sure to close all instances of IE and OE. You may also get it here if
that link is blocked: http://www.zerosrealm.com/downloads/CWShredder.zip

You will need to disable System Restore and then reboot your system

in order to clear the CWS garbage from the backups. After rebooting, then

re-enable System Restore.

The following link gives instructions on how to disable it:

http://service1.symantec.com/SUPPORT/tsgen...=&osv=&osv_lvl=



Then download and run:
http://www.kellys-korner-xp.com/regs_edits...s/iegentabs.reg to restore your
tabs and remove any restrictions that the parasite has put in place.

Be sure that you also download and install hotfix Q816093, here:

http://support.microsoft.com/?kbid=816093#appliesto

which blocks the exploit upon which this parasite family depends.

Now download and run:
http://www.kellys-korner-xp.com/regs_edits...toreSearch2.REG to restore
your search functions.



Once you get things cleaned up, you might want to consider installing the
SpywareBlaster and SpywareGuard here to help prevent this kind of thing from
happening in the future:

http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it UPDATED) The latest version as of this writing
will prevent installation or prevent the malware from running if it is
already installed, and it provides information and fixit-links for a variety
of parasites.

http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
install malware) Keep it UPDATED. Both Very Highly Recommended.



--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP


мне пока неактуально насчет удаления, зато интересный ресурсик среди этого нарыл - http://www.doxdesk.com/parasite/
1/   
« Предыдущая тема | Software | Следующая тема »

Topic Options Start new topic Start Poll 

 



[ Script Execution time: 0.0113 ]   [ 12 queries used ]   [ GZIP включён ]






Политика конфиденциальности

Powered by Invision Power Board © 2003 IPS, Inc. Registered to: Crimea-Board
Top