-=PCTechTalk=- Re: CWS.Xplugin

• From: "GFL" <g.f.lynch@xxxxxxxxxxx>
• To: <pctechtalk@xxxxxxxxxxxxx>
• Date: Sun, 17 Oct 2004 04:35:35 -0400

Here is the Information  for CWS.Xplugin
Good Luck,
GFL

Variant 18: CWS.Xplugin - 'Helping' you search the web
Approx date first sighted: November 11, 2003
Log reference: Not visible in HijackThis log!
Symptoms: Some links in Google results redirecting to umaxsearch.com or
coolwebsearch.com every now and then
Cleverness: 10/10
Manual removal difficulty: Involves some Registry editing
Identifying lines in HijackThis log:

Not visible in HijackThis log!


This variant is the first one that is not visible in a HijackThis log. It
works invisible, changing links from Google search results to other pages.
It took a while to find out how this variant works, since it doesn't use any
of the standard locations.
A file xplugin.dll is installed, which creates a new protocol filter for
text/html. In normal english, this means it reads most of the web pages
downloaded to your browser. It also randomly alters some links in Google
search results to pages on umaxsearch.com and coolwebsearch.com. It claims
to be made by something called TMKSoft.
It is unknown if deleting the file has no side-effects, but using CWShredder
or running regsvr32 /u c:\windows\system32\xplugin.dll (may vary depending
on Windows version) fixes the hijack completely.

From: " milady" <kg6ocz@xxxxxxxxxxxxx>
Subject: -=PCTechTalk=- CWS_xplugin
Date: Sat, 16 Oct 2004 11:37:37 -0700

I keep coming up with this THING , CWS_xplugin-during scan with my ISP
spyware finder  but I can't FIND it doing search in XP and spyware finder
runs thru so fast I can't get clue where the thing is--..all spyware does is
disable it but doesn't say where it is..neither Ad-aware or spybot find
it..I did a search for it and everythng coming up in google points me to
stuff I have to pay for..Is there ANYTHING that might find it?


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.778 / Virus Database: 525 - Release Date: 10/15/2004


To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/

For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk

• Follow-Ups:
  • -=PCTechTalk=- Re: CWS.Xplugin
    • From: milady
  • -=PCTechTalk=- Re: CWS.Xplugin
    • From: milady

Other related posts:

• » -=PCTechTalk=- Re: CWS.Xplugin
• » -=PCTechTalk=- Re: CWS.Xplugin
• » -=PCTechTalk=- Re: CWS.Xplugin
• » -=PCTechTalk=- Re: CWS.Xplugin
• » -=PCTechTalk=- Re: CWS.Xplugin
• » -=PCTechTalk=- Re: CWS.Xplugin
• » -=PCTechTalk=- Re: CWS.Xplugin
• » -=PCTechTalk=- Re: CWS.Xplugin
• » -=PCTechTalk=- Re: CWS.Xplugin

1. Home
2. pctechtalk
3. Archive
4. 10-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---