My IE got "Raped"

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

JK - 28 Dec 2005 06:09 GMT

Hi there,
My IE just got "raped" by the systemwarming.com!! It somehow forces me to
use it as the homepage even after I ahve tried to reset it a few times and to
Blank. Can any one help? Many thanks!!

Reply to this Message

Galen - 28 Dec 2005 16:08 GMT

My reply is at the bottom of your sent message:

> Hi there,
> My IE just got "raped" by the systemwarming.com!! It somehow forces
> me to use it as the homepage even after I ahve tried to reset it a
> few times and to Blank. Can any one help? Many thanks!!

I'd start here:

Malware Cleaning:
http://kgiii.info/windows/all/general/malwarefix.html

I suspect that changing browser settings is the least of what the site did.

Signature

Galen - MS MVP - Windows (Shell/User & IE)
http://dts-l.org/
http://kgiii.info/

"We approached the case, you remember, with an absolutely blank mind,
which is always an advantage. We had formed no theories. We were simply
there to observe and to draw inferences from our observations." -
Sherlock Holmes

Reply to this Message

Charlie Tame - 29 Dec 2005 00:05 GMT

Wow that was sophisticated... I like this bit that was hardcoded :)

Attention! Your system is under control of remote computer with IP
address 227.4.167.118. The remote computer has access to the following
folders on your PC:

DUH!

Anyway JK here's a few more links but if they don't find anything (and I
will be surprised) post back.

Signature

SpyBot Search and Destroy
http://www.safer-networking.org/en/download/
Microsoft Antispyware
http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd
-dbf62eda9671&displaylang=en
Ad Aware
http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html?p
art=dl-ad-aware&subj=dl&tag=top5
Important - LSP-Fix
http://www.cexx.org/lspfix.htm

Be aware that using either of these to actually remove spyware can result in
some programs refusing to work, in other words "Free" programs that you
downloaded on condition you accepted ads and so called "Research" may get
broken and you might want to uninstall them first. Some spyware actually
breaks Windows trying to force it's way in and you should arm yourself with
LSP-Fix before starting in case you lose internet connectivity.

http://www.broomeman.com/spyware/
http://www.nsclean.com/nws-root.html

Charlie

> My reply is at the bottom of your sent message:
>
[quoted text clipped - 10 lines]
> I suspect that changing browser settings is the least of what the site
> did.

Reply to this Message

Galen - 29 Dec 2005 01:53 GMT

My reply is at the bottom of your sent message:

> Wow that was sophisticated... I like this bit that was hardcoded :)
>
[quoted text clipped - 31 lines]
>> simply there to observe and to draw inferences from our
>> observations." - Sherlock Holmes

Ah, yes, change it to an "N" instead... *chuckles* Boy the level of
sophistication at that site is amazing eh? I didn't, well, get anything
interesting or nasty. Not even a mild-mannered prompt or two from my
security software. I'll load a VM and see if it breaks something... Hmm...
No? Sheesh... Ah well. I even tried it without a firewall - mind you I'm not
going to go downloading any of the links from the site - I don't have THAT
much free time or beer... Well, no, I've got plenty of beer now that I think
about it, alas no time.

Signature

Reply to this Message

Charlie Tame - 29 Dec 2005 02:57 GMT

> Ah, yes, change it to an "N" instead... *chuckles* Boy the level of
> sophistication at that site is amazing eh? I didn't, well, get anything
[quoted text clipped - 4 lines]
> THAT much free time or beer... Well, no, I've got plenty of beer now that
> I think about it, alas no time.

Hehe, well I did get one kinda gray looking window that looked like an alert
box but just closed it due to lack of time... it did get the browser right,
and the IP and the download link tries a plugin with Firefox.

Equally inept privacy policy :) Shown here for amusement only since it is
not much use for anything else... jeez, you'd think they would proof read
their "Security" website eh?

Privacy Policy

The MalwareWipe software is dedicated to protect the home user's privacy.
This privacy statement explains our privacy practices for our site
www.APPNAME.com. We feel it is important that visitors are fully
knowledgeable about the use of their personal information. By using our
website and/or purchasing our product, you expressly consent to the terms of
this policy.
Personal Information
The MalwareWipe allows you to visit the website without revealing any
personal information about yourself. Your visit to this website is
anonymous. We will only collect your contact information (first name, last
name, billing address, phone number, email address and any other relevant
information provided by you) as well as financial information (account or
credit card numbers), with your permission and for the sole purpose of
processing orders. If you make a purchase from our website, you will be
asked to provide your name, billing address, email and credit card
information (if you have chosen credit card as payment method). The
MalwareWipe will use such information only for processing your order and to
send important product specific information such as receipt, invoice or
registration key. The information you provide will not be used for any
commercial purposes and will not be sold, rented, leased or otherwise
forwarded to any third party. We do not distribute or share your personal
information beyond what is strictly necessary to fulfill our obligations to
you, and then only with partners who adhere to The {appname}'s commitment to
protecting your privacy and data. The MalwareWipe may provide your personal
information if necessary, in The {appname}'s good faith judgment, to comply
with laws or regulations of a governmental or regulatory body or in response
to a valid subpoena, warrant, or order or to protect the rights of The
MalwareWipe or others.

Reply to this Message