Spyware Warrior

JVMA · Posted: Fri Jul 23, 2004 4:56 am Post subject:

anyone know how I can ifected by Cool web search?

I have ejecuted this in my VMware machine:

*.chm (for example http://81.211.105.37/sh/online.chm)
*.exe (are inside the .chm)
*.dll (the *.exe drops the .dll)
sp.htm (homepage)

when the .chm is executed the *.chm and *.exe are deleted and only droop in the sistem the .dll and sp.htm.

how is executed the *.chm? I think that are inside some .htm in a website or by some exploit.

why sometimes the url of the *.chm are inside the hijackthis log's and other no?

Regards
JVMA
_________________
Regards

JVMA

Moore · Posted: Fri Jul 23, 2004 6:29 pm Post subject:

Hi JVMA , The forum here is for helping people to remove infections , not helping them to get infected.

I think you should join one of the Anti-spyware classrooms if you're intentions are to help in dissecting and removing these types of things.

http://forums.tomcoyote.org/index.php?showtopic=1421/

http://forums.spywareinfo.com/index.php?showtopic=34

Theres a lot of good CWS info at the Webhelpers ste:
http://www.webhelper4u.com/CWS/index.html
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts |