ok check it..
the "Virus" of today has 2 goals.
First, crash your system.
Second, Pick your pocket.
When trojans are installed, specific dll's are overwritten. They are the orginal windows dlls, BUT they have been edited to create a headache for gurus who might be working on this infected system.
Thus, you kill/remove the threat program, then windows hacksup a hairball about some missing dll or application.
This is because the system files used by the malware are infact windows systemfiles.
SO.. if you remove the threat you compltely crash the windows system.
Now, go get a cup of coffee and sitdown, this is the part that gets good.
ALL of the VIRUS companies are hiding a critcal piece of information.
There is NO virus protection that works anymore. Sure they work on old threats but 99% of those threats dont exist anymore, we've taken care of all that.
Here is a really sudo version of what happens now.
You load a webpage (myspace is a great example), either by way of ajax or java the website pulls your system active process list, finds virus software and puts it to sleep, it also finds the windows system app called shell32. One of the things shell does is protects system files, running or not. Once these 2 programs are asleep the script over writes a few dll's. Next the script wakess shell32 and those new dll's are restarted by shell. The dll's now download and install trojans, keymappers, and usually a malware virus removal tool, that just so happens to know exactly where these new threats are, and costs 39.95/year. The dll's also wakeup your virus protection application which realises that is was asleep so it hurriedly starts a massive system scan (this is when the computer system crawls or seems to lockup), and finally the virus protection software pipes in and says you have ##threats found, and at this point a new malware app popsup and says the same thing. You can't remove the torjans or this new software you didnt install, because its installed and maintained by these dll's. And if you do manage to remove one or more of these dll's the above mentioned problem precipitates.
Furthermore, there will never be a software solution to this problem because the blackhats got smart, they are now using the federal system as their stalemate. These new "antispyware" tools are copywritten, thus making it illegal for any complany to target these files. We can thank spybot for this trend setter.
As of yet, i have yet to find no remedy to this issue outside of the following.
reload the system,
force the user to use the "user" account and not the "root" acount.
add the following to WINDOWS/system32/drivers/etc/->host
127.0.0.1
www.myspace.com
127.0.0.1 myspace.com
this wont stop the problem but will definately slow it down. You can add as many blacklisted sites* as you want to the host file. Just point "locallhost" to the primary domain, and then do it again to the subdomain. This insures you block both the primary domain and more importantly the subdomain.
**note
I had a running list of blacklisted pages on myspace and a few other sites like it in my private db. The number of blisted pages on myspace grew by an order of 10-15 new pages/day, thus this was creating a rather lengthy blist. so, I just blisted the whole domain.
**personal note
I would be willing to bet that myspace will be removed from the net with in the next 2 years and be foreced to remove the "freelance" privs given to its users.
I can go on and on about this topic for quite a while, as I have ALOT of experiance with dealing with it. If needed I will write an article on this problem and its various solutions/prevenstions.
Archived topic from Iceteks, old topic ID:5069, old post ID:38936
