Jump to navigation
It all started this Saturday as I was trying to get my computer to read the DVD-RAM drive off my new digital camera. I was searching for a tool to help me decode the .vro files on the disk (the bundled software that came with the camera is not working right, but that's another story). I saw an article about ULead that said their software would read this file type, so off on a search for ULead. What I found was a website at http://cracks.st and I clicked on it ---
! For those of you who do not know, a "crack" is a term used to describe software code that will make copy protected software available for use freely (that means without registration or payment required). Sometimes is a piece of code that unlocks the copy protected software or sometimes it's the software itself.
I know what a crack is, before I clicked on this dastardly link. And I know that ULead software would not be found at this site (I found the right site). But being a computer
weenie and always interested in what's going on elsewhere, my curiosity made me click on this site. I will tell you right up front that this website does contain code that will unlock software, but the penalty associated with going to this site would be
disastrous for any novice. It caught me and it would catch you. So with one click, began my decent into computer hell.....
I've talked about this before in some earlier post to GrayScales, the drive-by installation of scumware software. If you're using MS Internet Explorer, you are vulnerable to this happening. All that is required, is that you get linked to a website that has these malicious scripts installed. Sometimes they'll warn you and ask permission to install themselves, but most of the time the bad guys don't ask, they install themselves with no warning from Internet Explorer nor from Microsoft Windows.
The infamous Gator (now known a Claria) is a good example of a program that uses
this type of installation method. This is downright unacceptable behavior (I'm really inclined to use more colorful language here) in regards to Microsoft. This type of attack installs dangerous programs, makes changes to your computer's critical registry files, and can literally take over your computer, violate your privacy, and right out piss you off! (okay, a little colorful... but I AM). This should be considered a virus, but it's not. A well updated anti-virus program will not protect you from this type of attack.
The result of my encounter with this drive-by scumware attack was that I had
a program call "FavoriteMan" installed. At least this is what I
believe was the first one installed, mainly because it's categorized by my
SpyBot program as code that will install other scumware after it has installed
itself. What (but not all) that I got hit with was Ezula (hijacks the keywords
on your websites), SaveNow (popup adware galore), PurityScan (supposedly
searches for adult content but really serves ads), PopNav (hijacks your browser
homepage), MySearch (hijacks your search sidebar and installs a toolbar), eAnthology
(supposedly a popup stopper, but results are worse that any popup), Bargain Buddy
(another ad server), BackWeb Lite (software that auto-updates your computer,
normally used by OEMs but can serve popups & ads), 2nd Thought (another
homepage hijacker), DyFuCa (a dialer program that connects you to pornographic
websites) and the worst yet XXXToolbar Pornographic IE Toolbar (it will redirect homepage and searches to
slotch.com. (http://www.xxxtoolbar.com). This thing
installed 119 porno site links into my Favorites folder in Internet Explorer.
There was much more that got installed on my computer and I won't go into all
the details, but for almost the entire weekend my computer was out of
commission. It seemed like every time I restarted it, these program would get
It took a combination of tools and techniques to clear this junk out and I'm
not 100% sure it's all gone (I'm really considering doing my annual reformat and
reinstall now). I ran my Spybot program (http://www.safer-networking.org),
and bought SpyHunter (http://www.enigmasoftwaregroup.com/)
for $29.99. Additionally, I manually searched my computer's registry file, my
computer's hard drive and tried to ferret out all instances of this scum. I did
discover another program that may help in preventing such attacks in the future.
There's a registry file that blocks all known "bad" ActiveX controls from running inside Internet Explorer by setting the "Kill bit".
show several methods, but the RegBlock file looks like a good alternative for
the non-technical folks. It allows you to select which program you want to block
from your system (for example, the Alexa ToolBar is considered to be spyware
among some circles). RegBlock is currently priced at $19.95 and you can reach
their order form at http://www.regnow.com/softsell/nph-softsell.cgi?item=4353-4&affiliate=20229
It's pretty simple to use, just download, install, run and select which programs
you want to block. I bought it and installed it myself. I'm crossing my fingers
that it will help against future attacks, but from a technical perspective it
made sense to me.
This is not something I'd like to see others go through, but I expect we'll
be hearing a lot about this kind of attack this year. Happy New Year...... Jim
I have two hjackers in my computer. TST. Toolbar and IST Bar can anyone help please I'm ready to throw computer through the window
Help! I have the same problem as Michelle with the slotch crap. I went through and deleted the installed software and even the cookies, but it still pops up when I go online, and I can hardly use IE. What can I do?? I have McAfee, is that enough?? I'm so fed up, I'm practically ready to reformat my whole computer. Would that even do it??
hello,every time i try to read my e-mails it comes up as spyware box and then it comes up with a search enging. i cannot read my e-mails or do verid other things!
i cant get rid of it either because it comes up in american dollas... pleae help
I have the slotch virus where I was hijacked and now I lost my homepage. I have tons casino ads and such popping up all the time now. I love to download mp3s so I need some help. Not only do I have IE, I also have the regular version of kazaa. I want to get kazaalite and I've searched for it numerous times for even up to an hour at a time but all the versions I find I have to pay for! I know that this program is free out there somewhere. Does anyone know if spybot search and destroy will kill my problems or only make them worse? I've read so many articles about people trying to rid themselves of the slotch crap and all they end up doing is making their computer really screwed up if not unusable. Please help I want this crap out!!!!!
Stay away from any freebies from the Internet unless you are absolutely sure what you are getting. If you want a good product check out http://www.pestpatrol.com.
PestPatrol, combined with AdAware cleans out just about every pest out there. Be warned though, these new malicious codes coming out are learning how to trash programs that are trying to protect you. There is this new blasted hijacker that takes you to about:blank. It's a page loaded with ads and have fun removing it. There are other about:blank's out there but this one is different. It creates a ton of backups and codes into your computer and even when you think you got your browser back, tadaa, back to the page it goes. Reformatting seems to be the cure. Just back up your most important data and forget the rest. If it gets in your system again you have to start from scratch. Microsoft finally came out with a small patch to handle this mess but it's not the cure. So beware of this CoolWebSearch hijacker. Stay away and just be careful. Sheesh you can't even surf the net anymore without getting trashed.
I want to know what is spyhunter, I had a virus on my computer, and I shut it down for two days, and I turned it on and spyhunter came on, and told me to click scan, and my computer started to work better then it had for a long time.
I want if I did something wrong, or not.
I'm Using Ad-Aware 6.0
get this program! Ad-Aware 6.0.
Keeps all the shit off your computer... I had the Claria "virus" and when I removed it, well Outlook express wont start up again... :(
i am fed up of pornographic progrms installed on my pc & want to get rid of it.Give me your suggestions
I have POPNAV taking over my emails. I cannot read them without this search engine showing up instead. I'm with MSN and they are at a loss as to what to do. Any suggestions?
Having 2 young adults and 1 teenager still at home, we have had our share of drive-by downloads. My oldest had recently been hijacked and sent to some very BAD sites. Warnings came up that verizon was monitoring him, but a link was attached to download a history killer. Seems to me they hijack you and then blackmail you at the same time. Somebody should go after these people.
Yeah we get tons of problems with this on secretaries machines. They download tons of crap. Now the CoolWWWsearch can kill spyware cleaning apps. This is one battle that is just beginning to heat up.
I have to agree. Anyone who still uses IE is knowingly asking for trouble. That browser has more security holes than a slab of swiss cheese, and MS is NOT doing anything about it. Run, Forest, run!
Hello there! Popnav...what is it? Is this a virus? I was curioused so when I got this on my browser I searched the view source and found this link --http://www.w3.org/TR/html4/...
I followed that link and found infos about the company and the people who work there, email addy included. I wonder if these are the maker of this popnav hijacker? What do you guys think?
Thanks Jim! I also went to this site, but did not stay nor click on anything. That could be why I was not infected with anything...or it could be because I NEVER use IE (unless a gun is to my head). Mozilla Firebird ignores ActiveX or VBA scripts. I searched my HD and registry for some of the things you listed and found none.
Everyone would be well advised to STOP using IE (unless the follow all rules at
and start using either Firebird or Opera. The sooner that everyone switches away from IE, the sooner this albatross will be out of our internet life.
Thanx Jim for the heads up. Sorry to hear you got hit by system hyjackers and it looks as though there is no such thing anymore as a peaceful drive in the cyber countryside. I will have to add these programs to my protection and repair arsinal.