Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tracking Cookie?


  • Please log in to reply
9 replies to this topic

#1 Seasick

Seasick

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 22 January 2012 - 02:38 PM

When I run certain executable files this alert will prompt. It seems to be generating different .txt files each time, which seems to indicate symptoms of a type of worm infection. I will submit an image of the encounter. I have ran full scans on the following, AVG, Malwarebytes' Anti-malware, CCLeaner. Any help in regards to this is topic will be greatly appreciated.

Posted Image

Thanks,

Seasick

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:15 PM

Posted 22 January 2012 - 03:19 PM

Hello Seasick,these are cookies and not a worm.

A cookie is a text string that is included with Hypertext Transfer Protocol (HTTP) requests and responses. Cookies are used to maintain state information as you navigate different pages on a Web site or return to the Web site at a later time. This article provides information about cookies.

http://support.microsoft.com/kb/260971/?sd=RMVP

Why we remove them..

In addition to the privacy issues, cookies carry security implications as well. Many sites use cookies to implement access control schemes of various sorts. For example, a subscription site that requires a user name and password might pass a cookie back to your browser the first time you log in. Thereafter, the site will give you access to restricted pages if your browser can produce a valid cookie, basically using the cookie as an admission ticket. This can have several advantages for the site, not the least of which is that it can avoid the overhead of looking up your user name and password in a database each and every time you access a page.

However, unless this type of system is implemented carefully, it may be vulnerable to exploitation by unscrupulous third parties. For instance, an eavesdropper armed with a packet sniffer could simply intercept the cookie as it passes from your browser to the server, using it to obtain free access to the site. Because browsers use the domain name system (DNS) to determine what cookies belong to a server, it is possible to trick a browser into sending a cookie to a rogue server by temporarily subverting the DNS. If the cookie is persistent, of course, it is also vulnerable to being stolen from the user's cookie database file.

http://www.w3.org/Security/Faq/wwwsf2.html#CLT-Q10
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Seasick

Seasick
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 22 January 2012 - 04:03 PM

So, how do I find out where these are being generated from? AVG has just recently been alerting me, but I've done nothing different or accessed unfamiliar web sites or even recently accessed a website I don't ordinarily go to. I just want to make sure this isn't masking something that is actually malicious, or something I should be concerned with, or how to stop the alerts.

Thanks,

Seasick

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:15 PM

Posted 22 January 2012 - 04:30 PM

that's why you just remove them. I remove them every two weeks.

You can Google "How to Manage Cookies in Internet Explorer"
You need to add your version.

Cookies cannot execute code.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Seasick

Seasick
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 22 January 2012 - 05:02 PM

I usually remove them every week, or sometimes more often with CCleaner. I'm currently using Firefox as my default browser. I just found it strange that only now I'm actually receiving alerts for cookies. I appreciate the help and resources provided.

Thanks,

Seasick

#6 buddy215

buddy215

  • BC Advisor
  • 12,997 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:15 AM

Posted 22 January 2012 - 05:49 PM

You can block the Third Party / Ad cookies from installing. In Firefox simply uncheck accept third party cookies.
Tools> options> Privacy tab> uncheck accept third party cookies

You should block DOM storage, too. See info in link below.
How to Disable a New Kind of Cookie called Dom Storage

the atdmt cookie shows up when opening Hot Mail or MSN. The other two at almost any popular website.

Once you have blocked the cookies from installing you will need to remove the ones presently installed.

Ccleaner is a good tool but I don't think it vacuums Firefox. One program that I use on both Windows 7 and
Linux is BleachBit. If you have never vacuumed Firefox then you will be surprised at how much it will remove.
Download BleachBit for Windows | BleachBit

If you are not using NoScript addon....you should be. Best protection from driveby installs of malware and many other threats.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 Seasick

Seasick
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 22 January 2012 - 08:00 PM

I appreciate the help and advice! I'll look into both of those. If there is any other security features or software you recommend, please let me know!

Thanks,

Seasick

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:15 PM

Posted 22 January 2012 - 09:01 PM

This is also a good tool that euns in the background using very little resources. It needs to be updated weekly unless you buy it.
SpywareBlaster

Prevent the installation of spyware and other potentially unwanted software!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Seasick

Seasick
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 22 January 2012 - 09:13 PM

Thanks, do you know of anything that will clean out old and deprecated update versions?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:15 PM

Posted 22 January 2012 - 09:37 PM

You may want REVO
This is also handy.

How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector

Here is how to use Revo Uninstaller:

1) First we download it from here: Revo Uninstaller Free Version. You can skip this Step if you already have it installed. However, you may need to update it. If you have it installed already, and you need to update it, go ahead and open it up and click the AutoUpdate Icon next to Help. The use of this program makes registry changes based upon what you select for removal from the Registry. Before running Revo Uninstaller please run ERUNT before proceeding to back up your registry in case you make a mistake.

2) Select the Program to remove from the list of programs and click the Uninstall button:

Posted Image



3) After selecting the program you want to remove, and confirming you want to uninstall the program, then you will want to select the Advanced Option:

Posted Image



4) Click Next. This will start the uninstaller for the application you picked. When the uninstaller is done, and it proves to be successful, and a reboot is required, then select NO and continue the below steps.

5) Follow the prompts during the uninstallation of the application. Once it closes you will be at this window:

Posted Image



6) Click Next again. Once the window is done scanning for files and other things that did not get removed, you will be presented with this window:

Posted Image

.

You will want to select only the bolded items, then click on Delete. If any entries-usually the last thing listed and not in bold-have a + sign click on the + until you see more bolded items. Once done, click Next.

If it asks you to delete other files, then do so, but pay attention to the warnings.

Edited by boopme, 22 January 2012 - 09:50 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users