[wplug] Windows - Is this happening to you too?

A. McCullough amccullg at hotpop.com
Sat May 29 13:51:52 EDT 2004


Happening in Windows XP too.
In fact, there's another new exploit - since Bill Gates decided to make Windows
a giant web portal, so to speak. Any version of Windows that uses compiled help
files (help files with a .chm extension) are open to attack on that front now -
I've just spent two weeks cleaning out my significant other's WindowsXP box from
a trojan that started with an unauthorized download of an innocuous file called
"start.chm"; it allowed a .dll to download that constantly reset his browser's
home page to a porn site. All he did was look at a web page (wasn't even the
page he was trying to find) and all h#ll broke loose. He's running antiviral
software, a firewall, and several anti-adware programs and it still got in.

What worries me is that if Linux catches on to the extent Windows has,
eventually the same thing will happen to Linux. Sooner or later there'll be some
clever s.o.b. who'll figure out how to annoy the h*ll out of Linux users too.

Cheers,
Anna

----- Original Message ----- 
From: "Robert E. Coutch" <robert.coutch at verizon.net>
To: <wplug at wplug.org>
Sent: Friday, May 28, 2004 10:40 PM
Subject: [wplug] Windows - Is this happening to you too?


> Hi all,
>
> I'm sooooooo glad I'm running Linux.
>
> I've have been innundated with Windows 98 PC's lately with pretty much the
> same problem.
>
> They all have ads, toolbars and other unsolicited software installed.
>
> After spending DAYS working on the problem here's what I have found.
>
> Spy-bot, Adaware, and virus checkers do not cure the problem.
>
> Adaware finds most of the problems and removes them but then they reappear
> after reboot. Even after cleaning up the registry and other startup files.
>
> The folks who write this crapware to infect Windows PC's are getting better at
> their craft.  It's no longer enough to clean out a few registry keys and
> remove a few program files off the hard drive.
>
> It seems they have started using dll files that look like normal system files
> to load the unwanted software.  Some of these dll's look like part of the
> printing subsystem but are actually downloading and installing toolbars,
> search links and so on.
>
> So far I've only seen this on PC's running Windows 98.
> I want to know if anyone has seen this sort of nonsense going on with other
> versions of Windows.
>
> None of the tools I've found have the ability to fully remove and block this
> stuff. Does anyone have any suggestions that I should try.
>
> I've been cleaning out the registry by hand one suspicious class id at a time.
> This is a very looooong and tricky process.
>
> The wife is actually considering switching to Linux because while her machine
> was down, she used mine.  She's also considering a Mac.
>
> I don't think my paying clients will even consider going Linux or Mac but I
> don't want to recommend they "upgrade" to XP unless I can be sure this is not
> happening (yet) with that version of Windows.
>
> Can any of you help me or point me in the right direction?
>
>
>
> Thanks,
>
> Bob
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>





More information about the wplug mailing list