Virus? LOP? ss-hosting related??

**3Dfx** · 22-09-2003, 12:52 PM

Ok, a friend of mine has a problem on his computer...

It changes his homepage to porn sites, adds crapo to his favourites etc etc... u get the just, standard virus/lop stuff... but nothing detects the source of the problems

Norton
Ad-aware
Search & Destroy
McAfee
and free scans from Symantec & Pandaware (or summet).

They say the PC is clean, but its not.

in the reg we found a cookie (well several, but one seem significant)

Its called "magic" in regedit and in the internet address column it reads "http://ss-hosting.com/filez/magic.txt"

and that "magic" thing is seen elsewhere with a data value of "31"....

theres also cookies from "http://ss-hosting.com" but he aint been to this site...

ive checked "ss-hosting" and its a teen pornsite tho on google it shows as a Domain for sale or summet...

I havent had a good look at the laptop, cos he only brought it to work for a brief minute...

anyone else came across this problem???

Cheerz

**Moby-Dick** · 22-09-2003, 02:40 PM

thats odd - it sounds like the sort of thing that Search & Destroy picks up. Have you updated the search& destroy definitions recently ?

**3Dfx** · 22-09-2003, 03:46 PM

yes

**robbiehall** · 22-09-2003, 11:09 PM

I don't know what the ss-hosting site does, but I have had similar problems, and I delete files & cookies and repair IE - that usually sorts it out.

Cheers
Rob

**Jiff Lemon** · 23-09-2003, 08:50 AM

Did a quick google for SS-Hosting - found an interesting link.

Check the Cached version on google (it's on page 3)

http://www.google.co.uk/search?q=cac...hl=en&ie=UTF-8

Looks like its some form a traffic script. Didn't go to the actual site as it'll probably trip the works proxy into overload

**3Dfx** · 23-09-2003, 12:42 PM

nice one cheerz

**Lead_Head** · 23-09-2003, 07:34 PM

LOP normally gets into your PC / Laptop when u download things that "some" people look down on (e.g. mp3 albums and the like).

Normally Ad-Aware gets rid of it tho?

Has he managed to get rid of it then?

Nick

**Rory** · 23-09-2003, 09:32 PM

I'm sure you could just bar that webpage from being viewed so it can't access it.

**RocketmanX** · 26-09-2003, 11:52 PM

Had a similar problem with my Sisters comp here in the office.

SpyBot found a lot of the standard spyware but didn't get rid of the popups and home page changes etc.....

I did manage to find what turned out to be the offending .dll's. I couldn't delete them either until I went into safe mode when they weren't loaded.

I found them pretty easily, well easy considering the number of files in Winodws. I went to all the usual .dll directories like, System32, windows, etc..... and did a arrange icons by date. Then I went to the newest files, since these files always get accessed each time the comp runs, and looked for the ones with funny names and current dates. Then I chaecked the versions in properties and the files always show the wierd name they give these things. I had started a list of these files since I've done several machines now like this but can't find it right now.

Good Luck,

Spyware blows bigtime

Forgot to mention that after you find them and delete them you need to search throught the registry for these and also go into all the entries for IE and change everything back since most change your default search page etc.... in the registry.
Also, disconnect your box from the net until you're sure you have all the files and reg entries cause if you miss one the software goes on the net in the background and starts the whole process over again

**RocketmanX** · 27-09-2003, 12:04 AM

I found that Spyremover finds more than Spbot does and it looks identical to Spybot ironically.

Spyremover

Don't know if your friend runs free/shareware but if he does delete it first. It's one of the biggest offenders for getting spyware on your box

Also a lot of good info here-

Spwareinfo

Thread: Virus? LOP? ss-hosting related??

LinkBack

Thread Tools

Virus? LOP? ss-hosting related??

Thread Information

Users Browsing this Thread

Posting Permissions