Re: [Full-Disclosure] Cool Web Search

["Gregh" <chows@xxxxxxxxxxxxxx>]

----- Original Message ----- 
From: "JacK" <jack@xxxxxxxxxxxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxx>
Sent: Friday, July 30, 2004 10:20 AM
Subject: Re: [Full-Disclosure] Cool Web Search


> On Friday, July 30, 2004 1:03 AM [GMT+1=CET],
> full-disclosure-request@xxxxxxxxxxxxxxxx
> <full-disclosure-request@xxxxxxxxxxxxxxxx> écrivait:
>
>
> > So, for those of you who don't think Nanog is full of "Gods of
> > Correctness",
> > if you are having probs with removal of CWS, get HiJackThis, let it scan
> > and
> > then you will see, sticking out like a wart on your......nose :)........
> > the
> > entries you need to delete in order to properly rid that machine of CWS.
> > It
> > wasn't hard using that prog.
>
> HijackThis has its limits : it cannot get rid of some variants, for
instance
> which one with a hidden value regenereting the entry
>
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
> NT\CurrentVersion\Windows\AppInit_DLLs
>
> using  Backdoor.Agent.ba to install itself and laucnchin a random name
exe.
>

I don't know if you fully understand HiJackThis or maybe I was just unclear.

HiJackThis wasn't used by me to get rid of CWS as, for example, running
Adaware gets rid of tracking cookies and some installed spyware progs. It
was used by me to list various entries in registry which, when lumped
together like that, show off CWS quite easily. Once they are there, removing
them and the progs started by some of them is easy.

That is all you have to do. Don't expect HiJackThis to magically get rid of
it all at the flick of a button. You *DO* have to have a small amount of
registry knowledge in order to ID which entries are seriously bull and which
are honest BHOs etc. I am not a registry "expert" but claim a small amount
of registry knowledge so even to ME it was obvious what was what.

Greg.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html