Posted 30 June 2006 - 06:40 AM
since saturday i have had 7 different rootkits - all coming from the same isp, but the malware is coming from japan, china, australia, syria, tunesia, and the usa(traced with traceroute). i wrote the isp and got this lie back from them: (Due to certain privacy concerns and legal restrictions, we often can not share with you the outcome of our investigation or the specific steps we take to address your oncerns). the company is Fast Colocation with help from Swift Ventures. i use a hosts file and i have run hijack this, clean up, cwsshredder, adaware, spyware doctor, spybotsd, a2squared, blacklight and icesword, as well as ewido. ewido is the only one to find these wankers and here is a sample of one of their hidden cookies, note the very beginning, that is a ramdom invisible directory (they use a different one for each cookie - sunday i had 15 of these cookies all from different locations, and i blanked out the user part of the path, so i dont show my user name to the whole world, in this post)
:mozilla.16:C:\Documents and Settings\ Application data\Mozilla\Firefox\Profiles\ryiqa33p.default\cookies.txt -> Spyware.Cookie.Spylog - this one came from anchorage. some of the other names of the spyloggers are: bridgestat, onestat, hitslink, questionmarket, and spyware.cookie.com. now to get back on track. each of these 7 infestations has resulted in a format, well that is ok when i decide to do it but not when dictated by a bunch of lame wankers. i did try a system repair, to no avail. is there any way to refresh/restore my system files and maintain my apps?