Guest BlackSun Posted September 17, 2005 Report Share Posted September 17, 2005 The people who distribute the CWS trojan have added SpywareInfo and Lavasoft's support site to victims' HOSTS files in a vain attempt to prevent their victims from receiving assistance in removing the trojan. Specifically, spywareinfo.com, www.spywareinfo.com, lavasoftsupport.com, and www.lavasoftsupport.com are redirected to a **homework** site on infected machines. CWS is a trojan horse virus that exploits a flaw in Microsoft Java VM to infect victims. Once infected, the victim's web browser will have its start and search settings redirected to one of numerous web sites with an affiliate relationship to coolwebsearch.com. Those web sites are search portals each with hundreds of pay-per-click links. The HOSTS file is the first place Windows goes to look up the IP address of a remote server to which your computer wants to connect, such as a web site or a gaming server. If it is not listed in the HOSTS file, then it will send a request to your ISP's DNS servers to look up the IP address of the server. By listing the SpywareInfo and Lavasoft web sites in the HOSTS file, infected machines will be unable to reach the sites in most cases. Thankfully, there is a simple workaround for this problem. The official addresses for HijackThis and CWShredder are http://www.spywareinfo.com/~merijn/files/c.../cwshredder.zip and http://www.spywareinfo.com/~merijn/files/h.../hijackthis.zip Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.