Results 1 to 10 of 10

Thread: Virus? LOP? ss-hosting related??

  1. #1
    Banned
    Join Date
    Aug 2003
    Location
    England
    Posts
    771
    Thanks
    0
    Thanked
    0 times in 0 posts

    Unhappy Virus? LOP? ss-hosting related??

    Ok, a friend of mine has a problem on his computer...

    It changes his homepage to porn sites, adds crapo to his favourites etc etc... u get the just, standard virus/lop stuff... but nothing detects the source of the problems

    Norton
    Ad-aware
    Search & Destroy
    McAfee
    and free scans from Symantec & Pandaware (or summet).

    They say the PC is clean, but its not.

    in the reg we found a cookie (well several, but one seem significant)

    Its called "magic" in regedit and in the internet address column it reads "http://ss-hosting.com/filez/magic.txt"

    and that "magic" thing is seen elsewhere with a data value of "31"....

    theres also cookies from "http://ss-hosting.com" but he aint been to this site...

    ive checked "ss-hosting" and its a teen pornsite tho on google it shows as a Domain for sale or summet...

    I havent had a good look at the laptop, cos he only brought it to work for a brief minute...

    anyone else came across this problem???


    Cheerz

  2. #2
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,664
    Thanks
    53
    Thanked
    385 times in 314 posts
    thats odd - it sounds like the sort of thing that Search & Destroy picks up. Have you updated the search& destroy definitions recently ?
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  3. #3
    Banned
    Join Date
    Aug 2003
    Location
    England
    Posts
    771
    Thanks
    0
    Thanked
    0 times in 0 posts
    yes

  4. #4
    Member
    Join Date
    Aug 2003
    Location
    Wellingborough, Northants
    Posts
    158
    Thanks
    7
    Thanked
    0 times in 0 posts
    I don't know what the ss-hosting site does, but I have had similar problems, and I delete files & cookies and repair IE - that usually sorts it out.


    Cheers
    Rob
    The older I get, the faster I was.

  5. #5
    Oh no!I've re-dorkalated! Jiff Lemon's Avatar
    Join Date
    Jul 2003
    Location
    Sunny MK
    Posts
    2,504
    Thanks
    80
    Thanked
    44 times in 41 posts
    Did a quick google for SS-Hosting - found an interesting link.

    Check the Cached version on google (it's on page 3)

    http://www.google.co.uk/search?q=cac...hl=en&ie=UTF-8

    Looks like its some form a traffic script. Didn't go to the actual site as it'll probably trip the works proxy into overload

  6. #6
    Banned
    Join Date
    Aug 2003
    Location
    England
    Posts
    771
    Thanks
    0
    Thanked
    0 times in 0 posts
    nice one cheerz

  7. #7
    Senior Member
    Join Date
    Jul 2003
    Location
    Nott'm, East Midlands
    Posts
    1,954
    Thanks
    0
    Thanked
    0 times in 0 posts
    LOP normally gets into your PC / Laptop when u download things that "some" people look down on (e.g. mp3 albums and the like).

    Normally Ad-Aware gets rid of it tho?

    Has he managed to get rid of it then?

    Nick

  8. #8
    Senior Member
    Join Date
    Jul 2003
    Posts
    220
    Thanks
    0
    Thanked
    0 times in 0 posts
    I'm sure you could just bar that webpage from being viewed so it can't access it.
    Signature is 57 % complete. Please check back later.

  9. #9
    Registered User
    Join Date
    Jul 2003
    Location
    Indiana, USA
    Posts
    183
    Thanks
    0
    Thanked
    0 times in 0 posts
    Had a similar problem with my Sisters comp here in the office.

    SpyBot found a lot of the standard spyware but didn't get rid of the popups and home page changes etc.....

    I did manage to find what turned out to be the offending .dll's. I couldn't delete them either until I went into safe mode when they weren't loaded.

    I found them pretty easily, well easy considering the number of files in Winodws. I went to all the usual .dll directories like, System32, windows, etc..... and did a arrange icons by date. Then I went to the newest files, since these files always get accessed each time the comp runs, and looked for the ones with funny names and current dates. Then I chaecked the versions in properties and the files always show the wierd name they give these things. I had started a list of these files since I've done several machines now like this but can't find it right now.

    Good Luck,

    Spyware blows bigtime


    Forgot to mention that after you find them and delete them you need to search throught the registry for these and also go into all the entries for IE and change everything back since most change your default search page etc.... in the registry.
    Also, disconnect your box from the net until you're sure you have all the files and reg entries cause if you miss one the software goes on the net in the background and starts the whole process over again
    Last edited by RocketmanX; 27-09-2003 at 12:07 AM.

  10. #10
    Registered User
    Join Date
    Jul 2003
    Location
    Indiana, USA
    Posts
    183
    Thanks
    0
    Thanked
    0 times in 0 posts
    I found that Spyremover finds more than Spbot does and it looks identical to Spybot ironically.

    Spyremover

    Don't know if your friend runs free/shareware but if he does delete it first. It's one of the biggest offenders for getting spyware on your box

    Also a lot of good info here-

    Spwareinfo
    Last edited by RocketmanX; 27-09-2003 at 12:13 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •