 CWS Shredder 2.0 is now available from InterMute |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!
  |
  Oct 20 2004, 05:15 AM
Post
#1
|
|
 Security Reporter  Group: Members Posts: 509 Joined: 10-April 04 From: Roanoke, Virginia Member No.: 107  |
  What's New With CWShredder? Originally developed by Merijn Bellekom of the Netherlands, CWShredder is now owned and maintained by InterMute. CWShredder has been updated to include new CoolWebSearch variants. Use in conjunction with SpySubtract for the strongest defense against Spyware threats. CWS Shredder 2.0 is now available from InterMute http://www.intermute.com/spysubtract/cwshr...r_download.html -------------------- |
 |
 
|
|
Oct 22 2004, 04:54 PM
Post
#2
|
|
 Bleep Bleep! Group: Admin Posts: 33,231 Joined: 24-January 04 From: USA Member No.: 3 |
This new version of CWShredder targets a new variant that they call CWS.HiddenDLL. This HiddenDLL variant we assumed was for the Appinit_DLLs version.
It turns out that if you have certain entries in your Hosts file, it will say you have this HiddenDLL variant, and remove those entries from your hosts file. These entries are as follows: ad.ca.doubleclick.net ad.uk.doubleclick.net ads.x10.com leader.linkexchange.com ln.doubleclick.net m.doubleclick.net m2.doubleclick.net focusin.ads.targetnet.com ads-03.tor.focusin.ads.targetnet.com ads.fortunecity.com media19.fastclick.net media.fastclick.net media.popuptraffic.com adserv.internetfuel.com ads.specificpop.com iv.doubleclick.net banners.valuead.com webpdp.gator.com ads.specificclick.com a.tribalfusion.com These entries are common to find in HOSTS files and we are not sure why Cwshredder is seeing them as bad. For now I am seeing it as a false positive and am not advising people use this version as of yet, but continue to use the version found here: CWShredder 1.59.1 Download Link Please use this thread for discussing other issues you may find. This post has been edited by Grinler: Oct 23 2004, 08:48 PM -------------------- Lawrence
Become a BleepingComputer fan: Facebook Follow us on Twitter! How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this! |
|
|
|
|
Oct 25 2004, 11:57 AM
Post
#3
|
|
 Countermeasures Team Leader Group: Malware Response Team Posts: 214 Joined: 15-August 04 From: PHX., AZ. Member No.: 2,067 |
Here is a question I havn't seen addressed yet in the many threads I'm watching.............Does the new Shredder work on the old stufff? Variants we know the old one did? Guess I'll post this in the other forums too.
--------------------  Calendar of Updates Malware Advisor Blog HijackThis! Trusted Advisor Ultimate Countermeasures Page TeMerc Internet Countermeasures Remember, you can NEVER be OVERPROTECTED!!! Proud Member of the Alliance of Security Analysis Professionals  |
|
|
|
|
Oct 25 2004, 12:08 PM
Post
#4
|
|
|
Bleep Bleep! Group: Admin Posts: 33,231 Joined: 24-January 04 From: USA Member No.: 3 |
Thats a really good question. I am not sure too be honest. I have not put it to use on any of the older variants. If I run into one, I will give it a try and see how it works
-------------------- Lawrence
Become a BleepingComputer fan: Facebook Follow us on Twitter! How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this! |
|
|
|
|
Dec 12 2004, 04:00 AM
Post
#5
|
|
|
New Member Group: Members Posts: 2 Joined: 11-December 04 Member No.: 6,912 |
I received this information from someone:
Saturday 12-11-2004 From: Jack Gulley This morning I downloaded the CWShredder.exe version 2.11 file directly from the InterMute web site and ran a Scan on my system. It reported the following infections: CWS.Svchost32 CWS.Therealsearch CWS.Aboutblank CWS.Jksearch I think NOT! CWShredder v1.59.1 runs clean without any detection on the same system. I then removed my HOSTS file and ran a CWShredder v2.11 Scan again, and it showed no infections. Sounds like there is still a problem with "false positives" because of valid HOSTS file entries. My HOSTS file is dated 8-4-2003 when I last removed an entry from it, and is otherwise much older than that. A compare with a CD-R backup copy made a year ago shows no changes to my file. So there is no way any recent version of CWS could have altered my HOSTS file. Period. However, I then ran CWShredder v2.11 in FIX mode. It reported that if "fixed" the above listed infections. Hum... Nothing showed up in the Recycle Bin. Oops.. My 386K HOSTS file is now 677K in size. 15 blank lines have been added between every existing line including between the comments at the start of the file. Not good. It is hard to read now and wastes memory when loaded! And what is this??? CWShredder v2.11 at the same exact time created a HOSTS.BAK at 508K size with "only" seven blank lines between each original entry line. Go figure that game plan, of going from zero to 7 to 15 blank lines while destroying the original? Ooooh S**T.. There are a lot of entries missing from my now over bloated HOST file. Entries like: 0.0.0.0 ad.yahoo.com All YAHOO.COM entries are gone but not those like ad.img.yahoo.co.kr And a lot of others. Attitude = ON Restore HOSTS file from CD-R Add polite warning about CWShredder v2.11 to web page. http://users.adelphia.net/~jgulley/me/index.html#CWShredder Pour Stiff drink. |
|
|
|
|
Dec 12 2004, 11:14 AM
Post
#6
|
|
|
Countermeasures Team Leader Group: Malware Response Team Posts: 214 Joined: 15-August 04 From: PHX., AZ. Member No.: 2,067 |
I DLed standalone 2.11, ran a scan only, came up clean, nothing found. Most others have not found any troubles with it.
Here is another thread where they(CWShredder suppport) say what they are removing, tho, no one in the wild can validate that yet. http://forums.spywareinfo.com/index.php?showtopic=36207&st=0 And the one I mentioned about most not having troubles: http://forum.aumha.org/viewtopic.php?t=10023&highlight= -------------------- Calendar of Updates Malware Advisor Blog HijackThis! Trusted Advisor Ultimate Countermeasures Page TeMerc Internet Countermeasures Remember, you can NEVER be OVERPROTECTED!!! Proud Member of the Alliance of Security Analysis Professionals |
|
|
|
|
Jan 30 2005, 05:46 PM
Post
#7
|
|
|
New Member Group: Members Posts: 1 Joined: 30-January 05 Member No.: 10,926 |
I seem to have had the same false positives. I know that in the past certain entries in the hosts file that Spyblocker generates have caused problems for CWS...
Like CLJ's comment, though I'd checked the "save in Recycle bin", the bin is empty. I've got a few things that update the hosts file, in the main I think that it's Spyblocker, as from what I remember, IESPyAd & SpywareGuard/ Blaster work in a slightly different way. It would be interesting to know, of those who have had the false positives, what other software you have on the PC, as that might help to work out why most aren't having it. (I'm inclined to think that it's Spyblocker - as it's not free, fewer people have it than SpywareGuard etc.) |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 2nd September 2010 - 05:56 PM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.