 jsouthJsouth
join:2000-12-12
Wichita, KS | This sucks.... I hope someone picks up this great tool. | |
|
 | Sven77
join:2000-10-17
Worcester, MA | Re: This sucks.... i let somone use my computer and it got infected with the CWS virus. tried everything i could to remove it. Grisoft AVG and Spybot no help. (Did not have teatimer on tho). Finally found the offending .dll file and could not delete it. Went to DOS prompt, could not delete it. Booted in Knoppix, still could not delete it. Used CWShredder and HijackThis, problem was gone !  | |
|
 japPremium
join:2003-08-10
038xx
1 edit | Too bad - I guess we didn't send him enuf $ We need strong legislation so endusers & software makers can go after these creeps. What's the next-best anti-hijack (browser) tool that's being actively maintained? | |
|
|  nklbPremium
join:2000-11-17
Ann Arbor, MI
kudos:2 | Re: Too bad - I guess we didn't send him enuf $ The company that owns CWS is in Russia, so not much American legislation can do about that.
--
for all your Linux questions | |
|
| | japPremium
join:2003-08-10
038xx
1 edit | Re: Too bad - I guess we didn't send him enuf $ said by nklb:
The company that owns CWS is in Russia, so not much American legislation can do about that.
That they are in Russia impedes enforcement, but there has to be an established law-breaking before things like imposed blockage of an offshore IP can be setup, or rights to operate trade in the US can be suspended. Granted, there's no way to stop but these are always games of multi-front resistance = attrition rather than outright stoppage. Laws help raise the resistance factor - in fact that's all they ever do. | |
|
| | | | | Re: Too bad - I guess we didn't send him enuf $ I think we are missing the point. CWS and others of their ilk are only the tip of the iceberg, the supporting advertisers put up the $$$$ to support spyware development. It's those same ADVERTISERS' pop-ups that you see. Take away 'Madison Avenue' and the spyware crafters have no resources to support thrie evil ways! IMHO | |
|
| | | |  fireflierCoffee. . .Need CoffeePremium
join:2001-05-25
Limbo | Re: Too bad - I guess we didn't send him enuf $ I couldn't agree more. Why are we spending so much time wringing our hands trying to stop jerks that write this stuff when we could be going after those financing it which I'd think would be much simpler? I'd think for a company to do business this way, they have to have a money trail so you can actually pay them for the merchandise they're peddling. Follow the trail and nail the company for using this kind of advertising.
Granted some companies simply make mistakes and may not intend for their advertising to end up like this.
--
Famous last words: "Who are you kidding, we both know that thing isn't loaded!" | |
|
| | |  keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | we blacklist spammers all the time Naw, we blacklist spammers all the time, and that is blocking by IP address. | |
|
| | | | japPremium
join:2003-08-10
038xx
1 edit | Re: we blacklist spammers all the time said by keith2468:
Naw, we blacklist spammers all the time, and that is blocking by IP address.
I wasn't clear: block an operator's IP or range on the national level. My position is we need a broader front to present to malware originators: private-sector tech alone won't do it - but we still need the tech component too. | |
|
| |  KrKHeavy Artillery For The Little GuyPremium
join:2000-01-17
Tulsa, OK | The trick is to find who benefits from CWS, and then hit them. | |
|
| | | keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | Re: Too bad - I guess we didn't send him enuf $ Finding out who benefits from CoolWebSearch is easy: let a computer get infected and then surf on it.
CWS delivers pop-ups and search hijacks that favor its customers -- few of which are located offshore. | |
|
| | | | japPremium
join:2003-08-10
038xx | Re: Too bad - I guess we didn't send him enuf $ Right - the money starts & ends mostly in N.America: the offshore component is the malware-for-hire layer. With good legislation users &/or regulatory (FTC) could go after the businesses that hire CWS. | |
|
| | thank you Merijn thank you for your knowledge and efforts in helping all of us i for one appreciate your efforts.  | |
|
| | |  Re: thank you
| |
|
| |
| |  gplutt
join:2002-10-25
Seattle, WA | Re: thank you Unfortunately the links for cwshredder are hosted on their own site, not Merijns. | |
|
 lilhurricaneCrunchin' For CuresPremium,Mod
join:2003-01-11
Purple Zone
kudos:51 | Thank You.... Amazing that a student managed to assist us for this long.
Much thanks to him for all he's done thus far. | |
|
| | | Re: Thank You.... said by lilhurricane:
Amazing that a student managed to assist us for this long.
Much thanks to him for all he's done thus far.
Here Here!
--
My Weather Page | |
|
|  ArchAngel21xWaiting For iPhone 5Premium
join:2001-10-28
Lincoln, NE | For me this just = another reason to stick with Firefox. | |
|
| |  tcp1Premium
join:2000-04-17
Herndon, VA
 ·Verizon FiOS
| Re: Thank You.... Sigh.
Would you folks get off it? Every thread I've read in the past week has had a smug one-line post that read..
"Just another reason to use [insert your alternative open source software here]"
Hey, sport, you're not being clever or witty, and you haven't stumbled upon some morsel of wisdom that everyone else is just too stupid to realize. Get over it.
Consider this.. if everyone started using Firefox, there would be Firefox exploits up the wazoo. In life, like in dodgeball, the guy that everyone loves to hate gets pelted. Unlike in middle school, however, in the Web world everyone loves to hate the most successful player. You know that.
There have been "alternative players" that have been better than the big boys or had a modicum of niche popularity for YEARS. They often do not succeed.
Ever hear of:
PC-DOS
OS/2
GEOS
WordPerfect
Lotus 123
..and many others..
All were serious contenders in their day; some were better than the counterpart that "won". We will always have to deal with software that isn't "perfect" being the most popular, because it's not quality that dictates popularity.
With that being said, however.. going to Firefox, Mozilla, Linux.. Dumping IE.. NONE of these things will stop malware. PLEASE GET THIS THROUGH YOUR THICK HEADS, BECAUSE IGNORING THIS FACT WILL DO A LOT OF DAMAGE IN THE LONG RUN!
I know a lot of folks who haven't been online long (and I mean us folks who first dialed in with a 300bps acoustic coupler; if your earliest internet experience has you lament on how NetZero used to be free, you haven't been online a "long time"!) think that the answer to stopping this stuff is as easy as switching over to the newest "bulletproof" open source alternative software...
I will tell you from experience.. Once software becomes popular, you will be quick to find your beloved Firefox or Mozilla is not so "bulletproof" after all.
There weren't (many - there were some!) Netscape exploits when Netscape was dominant (remember that?) because the Web was still fledgling and there was no way to make significant money off these things, and political lines weren't yet established for those writing malware for that purpose.
However, please, please mark my words!! Going to Mozilla or Firefox will gain you a temporary reprieve at best!.. The end result? If IE remains dominant, we'll still have problems with IE. If tons of people switch to Firefox, you will start to see malware being written that affects Firefox. NO software is unbreakable. Ask Larry Ellison!
So please, don't be naive. The only way to prevent malware is to practice "safe computing", be educated, and know what you're doing. The same old rules of computing still apply, even though people ignore them these days...
1) If you don't know what it is or what you're doing, don't mess with it. (Installing random crap)
2) If it sounds too good to be true, it probably is (Kwabe Mfume from Nigeria wants to send you $3mil.. He just needs your bank account number, since he can't mail you a money order.)
3) Don't just click like a blind idiot. Check out what you're doing and where you're going. (Phishing, activeX controls)
4) Run A/V software and other preventative measures, keep them updated.
5) Patch religiously and regularly
6) Encrypt your sensitive files
7) Backup, backup, backup!
Malware doesn't exist because Microsoft is a bunch of ninnies who enjoy watching their customers get ravaged by CoolWebSearch -- as much as a lot of the basement dwellers would like you to think that that's the case. It exists because n% of the population is cruel and heartless and p% of the population is naive and clueless. Just be glad that n+p != 100%, and make sure you're not part of n or p! | |
|
| | | | | Re: Thank You....Geez...........did you get up on the wrong side of the bed this morning?  | |
|
| | | | tcp1Premium
join:2000-04-17
Herndon, VA Reviews:
·Verizon FiOS
| Re: Thank You.... No, Mr. anonymous!
I don't think what I said is mean spirited, like you're implying! I'm just tired of people looking in the wrong places to try and solve this really lousy problem we've got.. And it is a big problem.
It's irresponsible to tell everyone that simply switching to some new alternative software will cure all the world's ills. That IS the way Firefox and Mozilla has been touted on DSLR as of late -- that it's just plop, plop, fizz fizz -- and with the installation of Mozilla away goes all your cares about security, viruses, worms and malware.
It just ain't so, and it's a BAD THING to make it out like it is.
There's no quick fix, there's no simple answer. If we try and go for the easiest solution of "Just stop using IE", we'll be back at square one in a couple of years -- with twice as many malevolent crapware authors with two more years of experience under their belts.
Internet users, as a whole, do not understand security. They'll shy away from sharing floppy disks and downoading legitimate shareware -- thinking that's what spreads worms and viruses (it does not), while they go a year between patches and run AV software from 1999.
Then, when their machine gets infected and they lose everything, they blame Microsoft. After that, someone chimes in "Well, if you had just used Firefox.." and I just smack my head in disbelief.
GENERALLY, worms and viruses do not just jump onto your machine unannounced. Despite what was said in initial reports, patched machines were NOT susceptible to this latest worm outbreak (Which really did turn out to be underwhelming, didn't it?). As a matter of fact, it's been surmised now that this worm was installed on servers by means of -physical access- in some cases. HUH!?
I saw the arguments last week about how the problem wasn't the fact that admins were lazy about patching their servers or had no idea what theye were doing -- but that "IIS was crap, you shouldn't use it."
Ok, fine. Apache, in general, may be more secure than IIS 4. IIS 5+ is nowhere near as bad. And I can guarantee you that if Apache was created by a huge company that everyone loved to hate, there'd be plenty of exploits as well. (That, and if people were running Apache/Win32, which is nowhere near as stable as the Unix version of Apache.)
This is NOT THE ANSWER! The answer is more diligence, education, and responsibility. That's my point, and I don't see what's so bad about it! | |
|
| | | | | | | Re: Thank You....You Said: "Internet users, as a whole, do not understand security. They'll shy away from sharing floppy disks and downoading legitimate shareware -- thinking that's what spreads worms and viruses (it does not), while they go a year between patches and run AV software from 1999.
Then, when their machine gets infected and they lose everything, they blame Microsoft. After that, someone chimes in "Well, if you had just used Firefox.." and I just smack my head in disbelief.
GENERALLY, worms and viruses do not just jump onto your machine unannounced."
I have a very well protected system, with the latest virus/firewall updates and have updated all the Microsoft patches, etc. OK, I agree about Firefox, but I do blame Microsoft for some of the problems.
I recently went to a previously, but not recently, visited freeware website! I was immediately attacked. The only thing that couldn't be resolved was my browser being hijacked! I did everything that was recommended to get rid of the hijacker, and nothing worked! CWShredder is what got rid of it, in a blink of an eye! I do not go to questionable sites, but as you know more and more legit sites are being hacked, and that is how a lot of us are being attacked.
In other words, I did all I could to protect my system, therefore I have to blame Microsoft for a 'hole' in their software.
And, in other words, my system WAS invaded unannounced!
BTW, my reference to you getting up on the wrong side of the bed was not because of what you said... but HOW you said it.
Cheers | |
|
| | | | | | | Sure there are no 100% secure solutions that don't involve turning your computer off and leaving it that way or pulling the plug to the internet and stop installing or using other software than what you already have on your computer...
BUT that doesn't mean that switching to more secure software won't help - It will .. A LOT.
While switching to an alternative browser (It doesn't have to be Firefox, just because many people prefer that, it doesn't necessarily mean you will) won't end all malware it will make your internet use WAY more safe.
My cousin and brother are part of the %p group .. the naive and clueless (at least when it comes to computers) and I have had to clean their PCs of hundreds of malware programs.
.. That is until I one year ago installed Firefox on both their computers.
My cousin took to it immediately liking it from the start .. my brother was more stubborn and believed that I couldn't possibly know better than a huge international company like Microsoft - If there really was something better , then everybody would be using it, and since "everybody" was using IE then I had to be wrong.
Still after using it for about a month he came to love using Firefox.
And my life wasn't invaded anymore by family members crying to me, that their PCs was doing weird things they didn't tell it to do and that it was generally extremely slow.
They haven't had a single piece of malware since that time one year ago.
Now sure if they had not been %p's I wouldn't have had to do anything , but not everybody are computer wiz's and even if they were using more secure software would be a barrier for malware to workaround.
Other browsers don't support ActiveX so they are 100% to all the many ActiveX exploits.
And they are also less likely to be attacked because they are underdogs and malware programmers do not target them .. as you point out this won't keep them safe for all time if they gain popularity , but even then then market would be more diverse consisting of not just one major browser but more .. and whatever malware specifically target one browser won't harm the rest .. there is strength in numbers .. even when you're hiding in the minority.
But the biggest reason that browsers that are not IE are more secure is that they are constantly being developed on.
IE is dead in the water .. it's not being actively developed on.
That is why the need for CWShredder and programs like it exist, because microsoft is not doing enough to provide a safe computer-experience for users of their software.
Meanwhile malware programmers are ever busy ..
Use browsers whose developers are busy preventing the success of the malware programmers !
Don't choose a browser whose development team have fallen asleep on the job or have been assigned to other projects.
I can only so well understand why Merijn Bellekom is calling it quits .. it's hard standing up to malware as an individual programmer , especially when the company that should be helping, isn't.
Its wrong saying the saying that switching your browser away from IE is a cure-all solution , but it's equally wrong to give the impression that it wont matter ..
I recommend that people try out an alternative browser like Firefox , Opera , Safari , Shiira , K-Meleon , Camino , etc .. just for a month or two .. If you don't like it you can always change back. | |
|
| | | | IGGYNo Guru Just Here To HelpPremium,MVM
join:2001-03-30
Chatham, IL | No - they got up on the right said side of the bed, And had the guts to state the truth when it isn't popular to do so. That said Microsoft does need to tighten things down. I think they are trying with SP2. Holes / exploits what ever name you want to give them need to be addressed. Hardening your software against attack these days. Isn't as easy as some would like to make you think.
--
Test Your Security Team Z Member Cable Modem Diagnostics | |
|
| | | | | Wow, just what I've been waiting to read, a truly intelligent post! I absolutely concur with everything you said. I too have been around long enough to hear of such things as PC DOS etc. Pay attention, young bloods, he speaketh the truth! | |
|
| | | ArchAngel21xWaiting For iPhone 5Premium
join:2001-10-28
Lincoln, NE Reviews:
 ·Internet Nebraska
| I wasn't telling other people to use Firefox. I was just saying that this article reinforces my personal decision to switch. If you love IE and want to continue using it then by all means do just that.
--
Digitally Imported Radio. The real reason the Internet was invented. Just ask Al Gore. | |
|
| | | | | Yes. Everyone switching en masse to Firefox or Mozilla or Opera or [insert browser here] will not solve the problem. Any single browser that gains the same market dominance IE has will surely be subject to the same problems. However, if some of the competing browsers begin to gain a foothold, and gain users, then we might see improvements.
First, it will dilute the numbers of IE users, and result in smaller numbers of problems. The reason I say this is, while there very well may prove to be as many flaws in the alternative browsers (nobody shoot me, I don't honestly believe this to be the case!), the resources of the people authoring these exploits will be strained, as there will be more code to examine, more languages to learn, etc.
Second, the effect of exploits that ARE written will be mitigated by the fact that it is fairly unlikely that any two products will be vulnerable to the the same exploit.
Third, Open Source groups are proven to be much more responsive with regards to publishing patches than Microsoft. IE vulnerabilities have gone for months after publishing before a patch is released.
Furthermore, given a real competitive threat, Microsoft might actually DO something with IE..like make it more secure, patch it more quickly...um, actively develop it (imagine that, right?). We might wind up with a more secure IE than the one which exists now.
Merely the act of switching to an alternative browser won't fix the problem. The market forces created by more people switching away from IE might. | |
|
kenyg
join:2001-02-09
Hatboro, PA | CWShredder I've used his CWShredder tool - he's saved many a pc.
Hope someone keeps his work alive.
- Ken
--
aye aye captain! | |
|
 dpPremium,MVM
join:2000-12-08
Greensburg, PA
kudos:7 | Thanks! Thank you Merijn for all your hard work and efforts you put into CWS. It was appreciated
--
Write your questions down on the back of a $20 dollar bill and send them to me | |
|
 stetVolitar Prime
join:2002-03-08
Warren, MI | required for IE only I'm assuming this is a tool only needed if you insist on continuing to use IE. I've never had my home page hijacked or other strange hijacking happen with Mozilla.
--
Where can I run? How can I hide the Silmarils? Gems of treelight, their life belongs to me. Oh it's sweet how the darkness is floating around. | |
|
|
See 10 replies to this post |
|
| | DIE CWS Now dont anybody laugh at me but i have an idea.
Idea 1 -
We make a community to track down and research CWS and ways of removal for newer crapware.
Idea 2 - We have a forum and suggest new spyware/adware ideas [YES! We actually be the demonic ones to conjure new evil ideas!] So everybody gets to be imaginative! Then we find cures for our own ideas before CWS or any other spyware producers can launch..
And i am sure Idea 2 would be more preferable for the people who do not program and such but have a very good understanding of virii, trojans, spyware/adware!
Anybody with me? | |
|
|  MellowPremium
join:2001-11-16
Salisbury, MD | Re: DIE CWS said by Improfane:
Now dont anybody laugh at me but i have an idea.
Idea 1 -
We make a community to track down and research CWS and ways of removal for newer crapware.
Idea 2 - We have a forum and suggest new spyware/adware ideas [YES! We actually be the demonic ones to conjure new evil ideas!] So everybody gets to be imaginative! Then we find cures for our own ideas before CWS or any other spyware producers can launch..
And i am sure Idea 2 would be more preferable for the people who do not program and such but have a very good understanding of virii, trojans, spyware/adware!
Anybody with me?
»Security
--
Ocean City, MD Surfing Gallery | |
|
| | | Sounds good.
I think being pro-active in that is very good.
Just the execution of the ideas will need a lot of cooperation. | |
|
 Boomer86never say roadkillPremium
join:2002-10-18
Walden, NY |  Just download Sun Java and be done...
www.java.com | |
|
|
| | | Re: I hope I think he knows about BBR.
»www.spywareinfo.com/~merijn/forums.html
said by Merijn.org:
DSLReports Forums: This has got to be one of the busiest forums. They are quick to respond, accurate, and everything else.
| |
|
| |  DavidNow accepting new patientsPremium,VIP
join:2002-05-30
Granite City, IL
kudos:70 | Re: I hope Well that is good. Hope he keeps us in mind in either finding a new suitor for the job or what.... | |
|
 BIGbadjohnJFK, Thank-you SirPremium
join:2003-03-05
Ireland |  Bye and Thanks Merijn
--
"A friend is one who knows you and loves you just the same." -Elbert Hubbard | |
|
| keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | Re: Bye and Thanks Merijn Thanks Merjin. Maybe this is a project you can return to later. | |
|
 mau108MauPremium
join:2001-10-07
Thornhill, ON | hijackthis i found hijackthis to clean out alot of junk!
the new version is out i believe
--
»www.djmau108.com | |
|
|
See 7 replies to this post |
|
| |  Hand SALUTE!
Kudos on your front line service against these spyware filth.
If I had a freedom medal I'd send it to you.
We thank you for your efforts.! | |
|
| |
 pleekmoTriptoe Through The TulipsPremium
join:2001-09-14
Manchester, CT | Hardening I think this may cause the anti-spyware community to harden their positions and the more radical elements of this community may now become more vociferous. We may begin to see a shift toward greater radicalness. | |
|
| | | Re: Hardening True.
You know Russia's a pretty wild country.
it should be possible to physically locate and..deal with these *ssholes.
Maybe Putin will help us out! | |
|
| Reviews:
 ·Mediacom
| said by pleekmo:
I think this may cause the anti-spyware community to harden their positions and the more radical elements of this community may now become more vociferous. We may begin to see a shift toward greater radicalness.
Killing everyone related to coolwebsearch.com ?
I think that would be a good start... | |
|
| |  Doctor FourMy other vehicle is a TARDISPremium
join:2000-09-05
Dallas, TX | Re: Hardening The death penalty for Cool Web Search creators is an easy
way out. Do they still have Gulags in Russia, like they
had when the Communists were in power? I say sentence them
to a life of hard labor at one of them (or the nearest
equivalent). Make 'em think every day about the peoples'
computers they've exploited.
--
"Kayura or Badamon, whichever you are, you should know that I will never give up this battle. By the will of the Ancient, I shall succeed!" - Shuten (Anubis) from the Ronin Warriors. | |
|
| | | jsouthJsouth
join:2000-12-12
Wichita, KS | Re: Hardening Forget Gulags. How about hard labor in Siberia? | |
|
keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | Merjin has made himself many times more employable Merjin has made himself many times more employable than any 100 virus authors combined.
It is one thing to throw stones through a window, it is another to find a solution to the problem.
CWShredder looks very good on his resume.
Employers will realize that the CWS crew is making money off of what they are doing, and that Merjin can't be expected to carry on developing counter-measure after counter-measure for free. There is no problem with moving onto paying work.
Hopefully someone in the next generation of students will pick up where Merjin left off.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
|
| | | Re: Merjin has made himself many times more employ just downloaded firefox, it seems pretty good to me, I think I'll stick with it instead of IE now
anyone know how to turn off the autocomplete in the url window though?
I turned it off in the options and it still tries to match all the urls in my history when I type in a new url..
really annoying. | |
|
 JEJE 's BACK BABYPremium
join:2000-12-15
East Orange, NJ | CWShred++++++++ EXCELLENT POST, FIREFOX basher..... I agree with you 100%
I have used CWShredder and the other one, and they saved me when I was panicky and in need of survival.
JE
--
BLAZIN' FAST OOL @: 9400/971Can Your ISP Go This FAST? VRoOoOoOoOm!-- I Have: AVG 7.0 | ZA 4.5.538.001 | ICQ: 16705298 |AIM: EdGei365i -- | |
|
Hickerx2God Bless The U.S. Military
join:2001-03-04
Franklinville, NY | Ho Hum.... Merjin was a great help to lots of people.
As usual though, the party ends......
I've removed CWS from literally hundreds of machines, I've never used CWS shredder once.
I guess people are going to have to learn a bit more than how to push a button now.
It's sad, but computer use indeed requires some basic knowledge.
--
Kerry for President? Is this Saturday Night Live? | |
|
 ssj4androidRedefining Reality
join:2002-04-14
Wyoming, MI | Anyone have a list of all the companies? That support this scumware. We can first off boycott them (I doubt anyone on here actually does buisiness with them, so this won't do much). Then we could bombard them with calls saying how much they suck for supporting this scum. | |
|
| |
 FobulousPremium
join:2002-08-14
Missouri City, TX | Just use spybot the New Spybot S&D is awesome i like it more than Ad-aware and with it's built-in immunize function and if you get spywareblaster along with S&D then you are all set! | |
|
| keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | Re: Just use spybot Spybot S&D is good, and so is Ad-aware, and CWShredder, in the security forum we recommend all 3 plus AV scans before running HijackThis.
They catch a lot of things, but sometimes there are new things that haven't been added to their detection lists yet. That is where HJT comes in.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
|
 ff1324Everybody Goes HomePremium
join:2002-08-24
On Four Day
·AT&T Southwest
| Mousetraps This has gone on for ages....Build a better mouse, build a better mousetrap. Since the beginning of viruses. Not computer viruses, live viruses.
Thanks to Merijn for CWShredder, you are an international asset. As far a development of the software, would SourceForge be inappropriate because of the sensitive nature of the code? If the CWS bastards saw how CWShredder removed their software, they could alter their installation schemes.
--
The funny thing about firemen...night and day they're always firemen | |
|
|
|
·
·
