CWS Hijacker trojans

???

umm…does avast find those nasty browser hijack trojans?
if not can it be added to avast someday?

Got any examples

Better Backdoor/Trojan detection is always a expected feature. Maybe the WISHLIST will be the best place to ask for a specific thing. :wink:

untill then be sure to have a good backup scanner like F-Secure

Overview
Summary: Hijacker that runs a Java applet. Requires older or unpatched version of Microsoft Internet Explorer. Some variants (eg., CWS.Vrape) will redirect to adult sites or invoke dialers.
Alias: Blackbox Trojan, Cool Web Search, Exploit-ByteVerify, Java/Shinwow.F.Blackbox.Trojan, JS.Exception.Exploit, PopMonster, Trojan.Bootconf, Trojan.Qhosts.A, Trojan.Qhosts.B, Verify
Category: Hijacker: Any software that resets your browser’s settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Homepage Hijackers will change your home page to some other site. Error Hijackers will display a new error page when a requested URL is not found.

Variants: CWS.AddClass
CWS.AFF.IEDLL
CWS.AFF.MadFinder
CWS.AFF.WinShow
CWS.AlFaSearch
CWS.Bootconf
CWS.Ctfmon32
CWS.DataNotary
CWS.DNSRelay
CWS.DReplace
CWS.Dwinf
CWS.GoogleMS
CWS.IEFeats
CWS.LoadBAT
CWS.MSConfd
CWS.MSInfo
CWS.MSOffice
CWS.Msspi
CWS.MSwsc10
CWS.MUpdate
CWS.OEMSysPNP
CWS.OSLogo
CWS.QTTasks
CWS.Svchost32
CWS.Svcinit
CWS.TapiCFG
CWS.TheRealSearch
CWS.Vrape
CWS.XPlugin

i did have this nasty bugger in my other comp “CWS.GoogleMS”
avast did not find it,i did use CWShredder and it did cut that trojan to million pieces :stuck_out_tongue:

would be great if Avast would detect those browser hijackers(dont know does it detect some of those but CWS.GoogleMS did fool Avast-

check this site up

http://www.pestpatrol.com/pestinfo/c/cws.asp

there is plenty of info about those nasty buggers

i just realised that my comp is infected with CWS.GoogleMS.3 after doing a scan with pest patrol >:(…despite i’m having spywareblaster…spywareguard…spybots&d and ad-aware

i did have this nasty bugger in my other comp "CWS.GoogleMS" avast did not find it,i did use CWShredder and it did cut that trojan to million pieces :P

cwshredder doesn’t work for me! :cry:

any help?

People often don’t know how to remove virusses/trojans/hijackers in the correct way. Causing the virus/hijacker to return after the reboot. Some virusses simply will not be removed completely because people try to remove them while they are still in use. I created a easy 5 step way to clean a system from then all. http://members.home.nl/edeijl/acred/cleaning.htm I hope this site will help solve the problems for many people.

thanks artras…i tried it in safe mode…doesn’t work…or is it a false positive??? ???

http://forums.computeractive.co.uk/thread.jsp?forum=5&thread=29045

http://computercops.biz/postp137708.html

the problem is whenever i change my IE homepage from msn.com to a blank page…ad-aware picks up something

Vendor:Possible Browser Hijack attempt
Category:Malware
Object Type:RegData
Size:-
Location:Software\Microsoft\Internet Explorer\Main “Start Page” (“about:blank”)
Last Activity:17/5/2004
Risk LevelMedium
Comment:Possible browser hijack attempt
Description:Possible attempt to control\redirect the browser. This object refers to a “blacklisted” site.

when i quarantined it with ad-aware…then my homepage is back to msn.com ???..this is an endless loop!!!

i.e. …i can’t have my IE homepage set to blank page with ad-aware catches me changing the homepage!!!

anyone with the same problem?

since no one got the same problem as me…can someone please kindly help me do a scan at pest patrol?

http://www.pestscan.com/ScanOrTrial.asp

and see if it’s a false positive…thanks! :smiley:

Yes shgoh, I experienced the same thing. Since one of the most recent ref-files, Ad-aware detects the “about:blank” as a possible browser homepage hijack.

They are right in a certain way, because one of the CWS-variants does hijack your homepage and sets it to “about:blank”. The disappointing thing is that Ad-aware cannot detect the hijack from a manual setting.

As a solution (or rather work-around) you can add this item in Ad-aware to your ignore list so it won’t bug you the next time.