Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Q: Dialers Trojans and dial up password

Reply
Thread Tools

Q: Dialers Trojans and dial up password

 
 
Mainlander
Guest
Posts: n/a
 
      02-09-2004
In article <uGEVb.38742$(E-Mail Removed)>,
http://www.velocityreviews.com/forums/(E-Mail Removed) says...
> Mainlander wrote:
> > What kind of web sites were they visiting that would install diallers?

>
> I went to one called stickdeath.com while looking for stick figure
> animations... about a million popups later I notice that one of them is
> for a pron dialler.
>
> I only visited this one for research for someone, they wanted to know
> how easy it would be for their machine to be hijacked.


Just get rid of IE and install Mozilla. Problem solved.

--
Full featured open source Win32 newsreader - Gravity 2.70
http://sourceforge.net/projects/mpgravity/
 
Reply With Quote
 
 
 
 
Peter Huebner
Guest
Posts: n/a
 
      02-09-2004
In article <slIVb.38964$(E-Mail Removed)>,
~misfit~@his_desk.com says...
> I've just checked my 'hosts' file today and it's full of porn-related stuff
> (and I hardly ever go to porn sites - honest). The problem is, I don't know
> what's supposed to be in there. I have 'Local host 127.0.0.0' or something
> similar, plus something AdSubtract put in ther but I don't know if anything
> else is needed for the comrrect running of my machine. Any ideas? I don't
> like all that other shite in there and I'm sure it can't be good for my
> machine.


The hosts file is a kind of local dns lookup. You can put sites in there
that you visit very frequently so your machine doesn't have to look up
the dns every time you want to go there.

There are/were 'utilities' around that watch your web-browsing and
automatically enter sites into the hosts file; styling themselves
browsing accelerator.

There are also spam filter programs out there, and downloadable hosts
files, that set well known spam sites to localhost: in other words you
get entries like

ads.doubleclick.net 127.0.0.1

etc - this is supposed to stop your computer from trying to load those
images.

Other than that, and generally speaking, you can delete your hosts file
entirely without anything bad happening.

XP also has a lmhost(s) file, I don't know what, if any, the difference
is.

h.t.h. -Peter
 
Reply With Quote
 
 
 
 
GraB
Guest
Posts: n/a
 
      02-09-2004
>I've just checked my 'hosts' file today and it's full of porn-related stuff
>(and I hardly ever go to porn sites - honest). The problem is, I don't know
>what's supposed to be in there. I have 'Local host 127.0.0.0' or something
>similar, plus something AdSubtract put in ther but I don't know if anything
>else is needed for the comrrect running of my machine. Any ideas? I don't
>like all that other shite in there and I'm sure it can't be good for my
>machine.
>
>Cheers,


There is a prog called Hostess. You can use this to map any
undesireable sites to you own machine. Kazaa Lite has a host.txt file
which does a similar thing. Anything mapped to you machine
(127.0.0.1) will not be downloaded because your PC will look on your
machine for the website. You can also download host files that
already contain hundreds or even thousands of such sites, which can be
porn, pop-up, or spy related.

Try this: Open your hosts file in Notepad or if it is too big (mine
is 421Kb) another text editor and add a line
127.0.0.1 www.*****.com
adding a known website that you use, then try going to that site.

You will have to remove that line afterwards, also close and reopen
your browser.
 
Reply With Quote
 
Gavin Tunney
Guest
Posts: n/a
 
      02-09-2004
On Sun, 8 Feb 2004 23:23:10 +1300, Mainlander <*@*.*> wrote:

>In article <riw868gys2i1$.1e1jki038s4vw$(E-Mail Removed)>,
>(E-Mail Removed) says...
>> Hi
>> Has anyone any experience with Dialers changing the dial up password?
>>
>> I have cleaned a friends mothers machine up, seems the dial up account has
>> changed password in the last 24 hours. An updated AVG found and healed 3
>> dialers and two trojans. Wondering if the two events are related.

>
>What kind of web sites were they visiting that would install diallers?


Probably porn sites Patrick. You know....smut, poontang. Why don't you
try visiting some, you'll probably find it more fun than prancing
through here like you've got a carrot up yer bum.

Gavin
 
Reply With Quote
 
Dave Taylor
Guest
Posts: n/a
 
      02-09-2004
"~misfit~" <~misfit~@his_desk.com> wrote in
news:slIVb.38964$(E-Mail Removed):

> 've just checked my 'hosts' file today and it's full of porn-related
> stuff (and I hardly ever go to porn sites - honest). The problem is, I
> don't know what's supposed to be in there


GOOD! if they all point to 127.0.0.1 or 0.0.0.0
Maybe you used Spy bot search and destroy to put in the hosts file block
list it has. It stops lots of ads too because the machine will chech for
an entry in hosts before doing a DNS lookup on the internet. Because the
hosts file redirects the call to the machine, nothing is downloaded from
the internet, hence lots of blank bits on many web pages where ads used
to be. (or porn site being unavailable)
Look here for more info
http://accs-net.com/hosts/what_is_hosts.html
Ciao, Dave
 
Reply With Quote
 
Steven H
Guest
Posts: n/a
 
      02-10-2004
On Mon, 9 Feb 2004 22:39:52 +1300, Mainlander wrote:


> Just get rid of IE and install Mozilla. Problem solved.


i use IE and have yet to have a dialler installed on my box


--
----------------------------------------------
Steven H .net Geek, Dunedin, New Zealand
 
Reply With Quote
 
Steve Robertson
Guest
Posts: n/a
 
      02-10-2004
I have seen a virus/pornsite/spyware(cant remeber which) make
changes to the hosts file to redirect internet (been a while cant remember details)
Ran AV scan & spybot/adaware scan (in safe mode) just to b sure
 
Reply With Quote
 
Lebowski
Guest
Posts: n/a
 
      02-10-2004

"Steven H" <(E-Mail Removed) - wont work anyway > wrote in
message newsjw6vmfmpkxs$(E-Mail Removed)...
> On Mon, 9 Feb 2004 22:39:52 +1300, Mainlander wrote:
>
>
> > Just get rid of IE and install Mozilla. Problem solved.

>
> i use IE and have yet to have a dialler installed on my box
>
>


Me too. It's likely that some users are often a danger to themselves. Choice
of web browser is a non-issue.


 
Reply With Quote
 
Uncle StoatWarbler
Guest
Posts: n/a
 
      02-10-2004
On Tue, 10 Feb 2004 05:36:27 +0000, Steve Robertson wrote:

> I have seen a virus/pornsite/spyware(cant remeber which) make changes to
> the hosts file to redirect internet (been a while cant remember
> details) Ran AV scan & spybot/adaware scan (in safe mode) just to b sure


Watch out for the stuff at (girliename)XX.tripod.cl

We've just been analysing them and they're quite nasty, using encrypted
javascript _AND_ hostile flash .SWF files to achieve installation of their
payloads.

 
Reply With Quote
 
~misfit~
Guest
Posts: n/a
 
      02-10-2004
Dave Taylor wrote:
> "~misfit~" <~misfit~@his_desk.com> wrote in
> news:slIVb.38964$(E-Mail Removed):
>
>> 've just checked my 'hosts' file today and it's full of porn-related
>> stuff (and I hardly ever go to porn sites - honest). The problem is,
>> I don't know what's supposed to be in there

>
> GOOD! if they all point to 127.0.0.1 or 0.0.0.0
> Maybe you used Spy bot search and destroy to put in the hosts file
> block list it has. It stops lots of ads too because the machine will
> chech for an entry in hosts before doing a DNS lookup on the
> internet. Because the hosts file redirects the call to the machine,
> nothing is downloaded from the internet, hence lots of blank bits on
> many web pages where ads used to be. (or porn site being unavailable)
> Look here for more info
> http://accs-net.com/hosts/what_is_hosts.html
> Ciao, Dave


Yep, that's it. Thanks Dave.
--
~misfit~


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Report - all dialers and trojans are deleted Joseph Ladovic Computer Security 0 06-01-2005 11:16 PM
Re: Why I can not remove all dialers after "remove"-I have two anti-dialers programs Joseph Ladovic Computer Security 3 05-26-2005 03:00 AM
Remove harmful adware, spyware, trojans, dialers, and worms AC Parker Computer Security 3 08-26-2004 12:37 AM



Advertisments