Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Why does SPYBOT continue to remain vulnerable to HIJACKING?

  1. #1
    Junior Member
    Join Date
    Nov 2007
    Posts
    12

    Arrow Why does SPYBOT continue to remain vulnerable to HIJACKING?

    Hi, I'd like firstly to thank SPYBOT for being such a WONDERFUL program. Please don't interpret my remarks as an attack on the authors of this powerful software; I'm just trying to understand why the program remains vulnerable to hijacking. Also, let's acknowledge one fact before we discuss this: SPYBOT is in the business of cleaning up that most notoriously buggy of web browsers --> Microsoft's INTERNET EXPLORER. If I have any anger at my present infected circumstance, Microsoft owns it. SPYBOT didn't create a browser with the unique characteristic of being the World's Welcoming Committee for every species of malware conceivable, Microsoft did. I'd have to be truly mean to criticize SPYBOT for making every effort to clean up a miss it didn't create in the first place. I curse this browser. I only continue to be suffered to use it because, like a cruel joke upon me, it happens to do the best job of rendering my Adobe Acrobat PDF's to look exactly as they are supposed to look. I have no need to upgrade my OS, and so am stuck in the global Hell that Microsoft sends all of us to by not allowing IEx 7 to be backward compatible with Windows 2000. I think that puts the proper perspective on this thread; here's why I'm posting:

    Many years ago I used SPYBOT but had to discontinue using it because of a persistent issue the program had with attracting mischief to my Explorer version 6.x. Then, as now, I'm on Windows 2000 Pro, fully service packed, rolled-up and regularly patched. The immediate presence of SPYBOT on my computer coincided with the hijacking of (you guessed it) Explorer 6. I would download only the latest version of SPYBOT, install it to a new build, Immunize, select my properties, and only then upgrade the program. SPYBOT would find the malware, fix it, and immunize me against it . . . and the next day the malware would be right back. I had to install HIJACK THIS to remove it.

    So some years later I am disappointed to find that the same thing has happened with a new install. The Trojan I am infected with is the Win32.Small.afk Trojan, which alters your IEx start page to a site in China named nb4f.com.cn, and delivers the following love note to you upon attempting to access IEx's Options:
    This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.
    It installs to the registry key
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\Userinit
    and scripts a file called lwisys16_071115.dll to run, as follows:
    C:\WINNT\system32\inf\svchost.exe C:\WINNT\system32\lwisys16_071115.dll start
    I assume complete responsibility for the unforgivable oversight of not disabling SCRIPTING in IEx before first installing & updating SPYBOT. This oversight on my part invited the first line of mischief, and it was entirely preventable.

    Having said that, I was alarmed that after immunizing myself through SPYBOT this Trojan came right back. Growing increasingly desperate, I ran AVG FREE Anti-Virus . . . which (if anyone doubts what SPYBOT is up against) couldn't even find this Trojan in the first place.

    So I did a little research on USENET and discovered that another person had this same issue about a year ago with IEx 6 and its notorious patches and service packs. The gentleman was advised to run HIJACK THIS to fix the Trojan. He did so, but it kept coming back. Having ascertained that my only other reliable fix for a persistent HIJACK attempt -- HIJACK THIS -- was apparently, itself, cracked, I was alarmed to next read -- even at this late date -- a poster who wrote words to the effect that "one of the most popular programs to expose yourself to an IEx HIJACK is SPYBOT."

    I haven't downloaded/installed HIJACK THIS because I anticipate having the same experience as this other gentleman. I'll ask this with all the humility I can summon: If neither SPYBOT nor HIJACK THIS can get rid of this Trojan permanently, does this mean I need to completely reinstall my computer?

    MISS CHIEVOUS

  2. #2
    Junior Member
    Join Date
    Nov 2007
    Posts
    1

    Default

    erm. that was a long post. but very detailed. ^_~

    just curious, why did you use IE if you knew it sucks?

    ..
    \(^o^)/ YUKI

  3. #3
    Junior Member
    Join Date
    Nov 2007
    Posts
    12

    Red face Why use IEx if I know it's buggy?

    Because I had to render some PDF's off of some websites, and as I explained above IEx does a better job of this than any other browser I've used (most particularly Firefox).

    I finally rid myself of this Trojan by just restoring my entire C drive from the (daily) backups I make of the both the drive and the system state through Windows 2000.

    But the question remains: Why can't SPYBOT close these vulnerabilities that it exposes the user to every time they update SPYBOT? I ask it in all seriousness: Is this just something that SPYBOT cannot code itself around? Something that cannot ever be permanently fixed?

    MC

  4. #4
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Quote Originally Posted by MISS CHIEVOUS View Post
    "one of the most popular programs to expose yourself to an IEx HIJACK is SPYBOT."
    could you give us a link to the source of this statement? It appears to be someones personal opinion unless it is backed by justified explanation on how Spybot S&D lowers the security.


    But the question remains: Why can't SPYBOT close these vulnerabilities that it exposes the user to every time they update SPYBOT? I ask it in all seriousness: Is this just something that SPYBOT cannot code itself around? Something that cannot ever be permanently fixed?
    MC
    Which vulnerablities are you refering to? Connection to the internet? Sadly but true, a connection to the internet always causes risks to a computer, especially for a Microsoft Windows based computer.
    Spybot S&D has 2 ways in which it can be updated, the first one is the integrated updater and the second is the manual update. The manual update has the advantage that you can download it with a safe/uninfected computer using your favorite webbrowser and then copy it to the computer where Spybot S&D is installed. That way a possibly infected computer does not need to connect to the internet for Spybot S&D updates.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  5. #5
    Junior Member
    Join Date
    Nov 2007
    Posts
    1

    Default

    You seem particularly concerned about security and integrity... and yet you use IE6 on Windows 2000. For someone who makes daily backups of their HD's, I'm surprised at this. If IE6 is the only browser that can accomplish a specific task (which I'm far from believing), then it would probably behoove you to have a sandbox Virtual Machine that is specifically for this purpose.

    There is a modicum of personal responsibility inherent in the acquisition and removal of spyware, virii, et. al; it is impossible for developers to account for every possible corner case, especially for people who are using antiquated software with known security vulnerabilities.

  6. #6
    Junior Member
    Join Date
    Oct 2007
    Location
    USA
    Posts
    7

    Default

    If neither SPYBOT nor HIJACK THIS can get rid of this Trojan permanently, does this mean I need to completely reinstall my computer?
    HJT(HijackThis) is a detection software and only has limited capability for fixing certain entries not the infecton. Here ( Edit. Removed link ) is a tutorial on HJT.
    Last edited by tashi; 2007-11-24 at 18:39. Reason: Removed link
    "I love being married.
    It is so great to find that one special person you want to annoy, for the rest of your life."
    -tg1911 at BleepingComputer

  7. #7
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Anyone contemplating the use of HJT at this site is directed here:
    "BEFORE you POST"(READ this Procedure before Requesting Assistance)

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  8. #8
    Junior Member
    Join Date
    Nov 2007
    Posts
    12

    Default

    Quote Originally Posted by MISS CHIEVOUS View Post
    So I did a little research on USENET and discovered that another person had this same issue about a year ago with IEx 6 and its notorious patches and service packs. The gentleman was advised to run HIJACK THIS to fix the Trojan. He did so, but it kept coming back. Having ascertained that my only other reliable fix for a persistent HIJACK attempt -- HIJACK THIS -- was apparently, itself, cracked, I was alarmed to next read -- even at this late date -- a poster who wrote words to the effect that "one of the most popular programs to expose yourself to an IEx HIJACK is SPYBOT."
    Quote Originally Posted by Yodama View Post
    could you give us a link to the source of this statement? It appears to be someones personal opinion unless it is backed by justified explanation on how Spybot S&D lowers the security.

    Which vulnerablities are you refering to? Connection to the internet? Sadly but true, a connection to the internet always causes risks to a computer, especially for a Microsoft Windows based computer.
    Spybot S&D has 2 ways in which it can be updated, the first one is the integrated updater and the second is the manual update. The manual update has the advantage that you can download it with a safe/uninfected computer using your favorite webbrowser and then copy it to the computer where Spybot S&D is installed. That way a possibly infected computer does not need to connect to the internet for Spybot S&D updates.
    Hi Yodama! I'll be more than happy to hunt down that post. I'm pretty sure it was on Usenet, but it may have been a legitimate website. I could kick myself for not writing down the source — and really, it's unfair of me to quote it . . . and then not provide the source.

    Give me some time and I'll try to find it for you.

    I lost my computer a few days after posting this thread (never use ACRONIS backup software! never! it so perfectly mutilated my boot partition as to render it unrecoverable UGH) so needless to say I can't easily access my tracks from the week prior, but I'll try to locate it and provide it.

    MISS CHIEVOUS
    Last edited by MISS CHIEVOUS; 2007-11-30 at 00:18.

  9. #9
    Junior Member
    Join Date
    Nov 2007
    Posts
    12

    Default

    Quote Originally Posted by Antiproton View Post
    You seem particularly concerned about security and integrity... and yet you use IE6 on Windows 2000. For someone who makes daily backups of their HD's, I'm surprised at this. If IE6 is the only browser that can accomplish a specific task (which I'm far from believing), then it would probably behoove you to have a sandbox Virtual Machine that is specifically for this purpose.
    I'm sorry Antiproton but . . . are you being facetious? or is this a legitimate technology?

    However frivolous you may consider my motives, I repeat my assertion: Microsoft's IEx does a better job at rendering PDF's than Firefox. Doubtless because it's loose enough to drive a forklift through tsk.

    A link please. Unless this was just a joke. I'd like nothing better than to never have to open IEx ever again.

    MC

  10. #10
    Member
    Join Date
    Dec 2007
    Posts
    54

    Default

    Quote Originally Posted by MISS CHIEVOUS View Post
    However frivolous you may consider my motives, I repeat my assertion: Microsoft's IEx does a better job at rendering PDF's than Firefox. Doubtless because it's loose enough to drive a forklift through tsk.
    You don't use the Adobe Acrobat Reader browser plugin to view PDFs? If not, why not?

    I didn't even know IE could render PDFs natively (without a plugin of any kind).

    Peace...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •