469,270 Members | 1,059 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,270 developers. It's quick & easy.

How to navigate away from quicksand domains which hold your browser captive until you install their software?

Tom
How do we get out of the browser infinite loop quicksand when we navigate
to web pages designed to lock us in and force us to hit the "pay me" button
(whatever they want to force you to do)?

These are just a sample of nasty quicksand web pages I've run into which
lock your browser into a loop and won't let you get out until you hit the
"install" or "run" or "OK" button... (whatever it is they want you to do).

http://www.spywareiso.com
http://antivirus-scanner.com
http://findyourlink.net
http://www.findyourlink.net
http://spywareiso2008.com
http://www.spywareiso2008.com
http://www.immenseclips.com
http://antivirus2009-scanner.com
http://thecatalogfree.net
etc.

When you navigate to these quicksand links, you can not get out of their
infinite loop with your browser no matter what you do. I'm forced to
control alt delete and kill the browser from the task manager ... but I ask
....

Is there a more graceful way, after the fact, to navigate away from
quicksand domains which have a hold on your browser, other than control alt
deleting the browser process?
Jul 13 '08
103 6235
Tom wrote:
Behind the scenes, the magic of that simplicity is:
...to simply place a shortcut on your desktop - calling your text editor
to load HOSTS. Then all you have to do is save after you edit, and
bypass all those extra chores you've created for yourself.

--
-bts
-Friends don't let friends drive Windows
Jul 14 '08 #51
Tom presented the following explanation :
On Sun, 13 Jul 2008 17:03:54 +0100, hummingbird wrote:
>Afaik the only solution is to shut the browser down and
enter its name in your HOSTS file, so you never go there again.
Hummingbird has a great answer!
Here's what I did when I went to an HTML kwiksand domain just now on
Firefox 3.0 on WinXP with JavaScript and Java enabled ('cuz you need 'em
for other pages).
1. I opened a tab to http://thecatalogfree.net with Firefox 3.0 on WinXP
2. I tried to kill the tab -the html kwiksand prevented this
3. I tried to go to a new tab -the html kwiksand prevented this
4. I tried to kill firefox -the html kwiksand prevented this
5. Rather than kill the firefox process in the task manager ...
6. I now just type Start->Run->hosts and enter the domain
127.0.0.1 thecatalogfree.net
7. I then shift-reload my browser (to flush cache)
8. Voila! A shift-reload flushes cache & dumps the kwiksand page!
Note this one-time setup:
1. Copy hosts to host.txt and to hosts.bck
2. Start->Run->Regedit to add the following key-value pair:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
hosts.exe = c:\windows\system32\drivers\etc\hosts.txt
Do this every time you are caught in HTML kwiksand!
1. Go to the web page http://thecatalogfree.net
2. You'll note you are stuck on that page forever
3. Rather than control alt delete kill the Firefox browser session ...
4. Just type Start -Run -hosts
5. Enter the domain into that hosts.txt file
127.0.0.1 thecatalogfree.net
6. Write the hosts.txt file to hosts (overwriting the hosts file)
8. Quick out of your text editing session (I used vim freeware)
9. Shift Reload your browser
10. The kwiksand web page will disappear!
Woo hoo! Hummingbird found the solution to HTML kwiksand!!!!!!!!!!!!!!
For those who want another way to edit Hosts on the fly, use Hostman.

Drumstick
Jul 14 '08 #52
On 2008-07-13, hummingbird wrote:
On Sun, 13 Jul 2008 20:21:19 +0000, Chris F.A. Johnson wrote in <cefb0
$4*********************@TEKSAVVY.COM>:
>On 2008-07-13, Tom wrote:
On Sun, 13 Jul 2008 19:16:24 +0200, Hendrik Maryns wrote:

If I click on this in Firefox 3 (on Linux, but that shouldn¢t make a
difference), I get a page warning that it is a scam page, with a button
¡Get me out of here!¢.

That warning must be coming from the browser. That was an old link I gave
you (from my past experience).

What happened when you clicked on http://thecatalogfree.net (which I
verified today)?

Does http://thecatalogfree.net also give you that "get me outta'here"
warning?

No. I get:

Forbidden

You don't have permission to access / on this server.

I had no problems with the other links you posted, even when I
ignored FF's warning about the site.

Was any file installed.
Not if I didn't tell it to.
Did any malware appear in the browser cache?
What's malware?

--
Chris F.A. Johnson <http://cfaj.freeshell.org>
================================================== =================
Author:
Shell Scripting Recipes: A Problem-Solution Approach (2005, Apress)
Jul 14 '08 #53
Tom wrote:
Behind the scenes, the magic of that simplicity is:
...to simply place a shortcut on your desktop - calling your text editor
to load HOSTS. Then all you have to do is save after you edit, and
bypass all those extra chores you've created for yourself.

--
-bts
-Friends don't let friends drive Windows
Jul 14 '08 #54
Tom presented the following explanation :
On Sun, 13 Jul 2008 17:03:54 +0100, hummingbird wrote:
>Afaik the only solution is to shut the browser down and
enter its name in your HOSTS file, so you never go there again.
Hummingbird has a great answer!
Here's what I did when I went to an HTML kwiksand domain just now on
Firefox 3.0 on WinXP with JavaScript and Java enabled ('cuz you need 'em
for other pages).
1. I opened a tab to http://thecatalogfree.net with Firefox 3.0 on WinXP
2. I tried to kill the tab -the html kwiksand prevented this
3. I tried to go to a new tab -the html kwiksand prevented this
4. I tried to kill firefox -the html kwiksand prevented this
5. Rather than kill the firefox process in the task manager ...
6. I now just type Start->Run->hosts and enter the domain
127.0.0.1 thecatalogfree.net
7. I then shift-reload my browser (to flush cache)
8. Voila! A shift-reload flushes cache & dumps the kwiksand page!
Note this one-time setup:
1. Copy hosts to host.txt and to hosts.bck
2. Start->Run->Regedit to add the following key-value pair:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
hosts.exe = c:\windows\system32\drivers\etc\hosts.txt
Do this every time you are caught in HTML kwiksand!
1. Go to the web page http://thecatalogfree.net
2. You'll note you are stuck on that page forever
3. Rather than control alt delete kill the Firefox browser session ...
4. Just type Start -Run -hosts
5. Enter the domain into that hosts.txt file
127.0.0.1 thecatalogfree.net
6. Write the hosts.txt file to hosts (overwriting the hosts file)
8. Quick out of your text editing session (I used vim freeware)
9. Shift Reload your browser
10. The kwiksand web page will disappear!
Woo hoo! Hummingbird found the solution to HTML kwiksand!!!!!!!!!!!!!!
For those who want another way to edit Hosts on the fly, use Hostman.

Drumstick
Jul 14 '08 #55
Tom wrote:
On Sun, 13 Jul 2008 14:52:18 -0400, Ed Mullen wrote:
>Why are you jumping through all these hoops? The Windows "hosts" file
is a plain text file you can edit in Notepad.

I know, I know.

Microsoft put the c:\windows\system32\drivers\etc\hosts file in the most
ridiculous non-intuitive spot it could possibly find, deep in muck, deep
under large directories that take a while to load, and without a decent
extension so you have to grope for your text editor (mine is vim freeware).

So, rather than "jump thru hoops" each time just to edit the hosts file, I
add a one-time-only registry key "hosts" which opens up the TEXT file (so
that I have a backup if I need it).

When I type "Start -Run -hosts", vim opens up that
c:\windows\system32\drivers\etc\hosts.txt text file, where I edit and save
to "hosts" which it saves in the current directory (i.e.,
c:\windows\system32\drivers\etc\hosts).

That's a LOT easier than navigating deep into the windows hierarchy into
the least logical place MS could have placed the hosts file and then
fumbling around to get notepad to edit the file with no extension.
Nonsense!

You have detailed a process that does not work in my standard install of
WXP-SP3. You have further created a questionable process involving
editing the Windows Registry which is, at best, a questionable process
in and of itself, and hardly something to be posting to a newsgroup.

Further, you have not answered satisfactorily any questions of the links
you posted. And, your bizarre approach to a HOSTS file is ...
mind-blowingly stupid.

I deem this entire thread bogus at best, threatening at worst. I
encourage no one to do anything that "Tom" has recommended until he
demonstrates that he actually knows what he's doing by citing
authoritative references.

That HOSTS file and registry stuff is total nonsense and the product of
(at best) someone who has not a clue and who has been surfing and copied
suspect references.

IGNORE ALL OF THIS.

--
Ed Mullen
http://edmullen.net
A budget is just a method of worrying before you spend money, as well as
afterward.
Jul 14 '08 #56
Tom wrote:
On Sun, 13 Jul 2008 14:52:18 -0400, Ed Mullen wrote:
>And do a search on "hosts.exe" and you'll find things like this:

I know. I know.

Those who know the Windows registry know that, in Microsoft's infinite
wisdom, the "App Paths" key MUST end with "exe" for it to work.

There is no hosts.exe (I repeat) there is no hosts.exe.

The whole point of the App Paths key is to make the editing of hosts a
simple one-click affair.

But, Microsoft insists that ALL "Apps Paths" keys end with "exe" whether or
not the file you're trying to open ends with ".exe".

So, that's the ONLY reason the hosts App Path key is called "hosts.exe".

Please reply if you understand this 'cuz I feel badly that this was
misunderstood by a few of you.
You do not have a freaking clue. Your entire rant about the HOSTS file
management process in Windows is ignorant at best, damaging most likely,
possibly intent on some nefarious goal.
--
Ed Mullen
http://edmullen.net
There's no trick to being a humorist when you have the whole government
working for you. - Will Rogers
Jul 14 '08 #57
Tom wrote:
On Sun, 13 Jul 2008 13:45:20 -0400, C A Upsdell wrote:
>If Windows, Ctrl Alt Delete to call up the task manager; select the
browser; kill it.

Very inelegant.

When you have a dozen tabs open, killing the browser, kills all the tabs.

When you restart Firefox, it asks if you want to open all the old tabs,
but, of course, that will just open the quicksand site all over again.

So, without editing the hosts file and shift reloading, you're forced to
say NO to reloading your old tabs ... and you lose them all.

That's why you don't kill the browser session.

Luckily we found a single-click way to solve the problem (type "start ->
run -hosts, add the offending domain, and shift reload the browser). This
turns the quicksand URL into cement. Voila! Thanks to hummingbird!
No one should pay any attention to any posts by "Tom". This is idiotic
to the max.

And, by the way, what sites are you surfing to that redirect you to
these so-called "quicksand" sites? Is this a problem for anyone else?
Or for anything less than a miniscule percentage of users? I doubt it.
Is this a problem for anyone else? I doubt it.

This entire issue is bogus as are all of the posts from "Tom"

Hey, just my opinion. But, I post in the clear with a legitimate mail
address and have done so for many years. You all can make up your own
minds. I have marked "Tom" as a troll. A potentially dangerous one at that.

--
Ed Mullen
http://edmullen.net
Can you be a closet claustrophobic?
Jul 14 '08 #58
Tom wrote:
On Sun, 13 Jul 2008 14:52:18 -0400, Ed Mullen wrote:
>Why are you jumping through all these hoops? The Windows "hosts" file
is a plain text file you can edit in Notepad.

I know, I know.

Microsoft put the c:\windows\system32\drivers\etc\hosts file in the most
ridiculous non-intuitive spot it could possibly find, deep in muck, deep
under large directories that take a while to load, and without a decent
extension so you have to grope for your text editor (mine is vim freeware).

So, rather than "jump thru hoops" each time just to edit the hosts file, I
add a one-time-only registry key "hosts" which opens up the TEXT file (so
that I have a backup if I need it).

When I type "Start -Run -hosts", vim opens up that
c:\windows\system32\drivers\etc\hosts.txt text file, where I edit and save
to "hosts" which it saves in the current directory (i.e.,
c:\windows\system32\drivers\etc\hosts).

That's a LOT easier than navigating deep into the windows hierarchy into
the least logical place MS could have placed the hosts file and then
fumbling around to get notepad to edit the file with no extension.
Nonsense!

You have detailed a process that does not work in my standard install of
WXP-SP3. You have further created a questionable process involving
editing the Windows Registry which is, at best, a questionable process
in and of itself, and hardly something to be posting to a newsgroup.

Further, you have not answered satisfactorily any questions of the links
you posted. And, your bizarre approach to a HOSTS file is ...
mind-blowingly stupid.

I deem this entire thread bogus at best, threatening at worst. I
encourage no one to do anything that "Tom" has recommended until he
demonstrates that he actually knows what he's doing by citing
authoritative references.

That HOSTS file and registry stuff is total nonsense and the product of
(at best) someone who has not a clue and who has been surfing and copied
suspect references.

IGNORE ALL OF THIS.

--
Ed Mullen
http://edmullen.net
A budget is just a method of worrying before you spend money, as well as
afterward.
Jul 14 '08 #59
Tom wrote:
On Sun, 13 Jul 2008 14:52:18 -0400, Ed Mullen wrote:
>And do a search on "hosts.exe" and you'll find things like this:

I know. I know.

Those who know the Windows registry know that, in Microsoft's infinite
wisdom, the "App Paths" key MUST end with "exe" for it to work.

There is no hosts.exe (I repeat) there is no hosts.exe.

The whole point of the App Paths key is to make the editing of hosts a
simple one-click affair.

But, Microsoft insists that ALL "Apps Paths" keys end with "exe" whether or
not the file you're trying to open ends with ".exe".

So, that's the ONLY reason the hosts App Path key is called "hosts.exe".

Please reply if you understand this 'cuz I feel badly that this was
misunderstood by a few of you.
You do not have a freaking clue. Your entire rant about the HOSTS file
management process in Windows is ignorant at best, damaging most likely,
possibly intent on some nefarious goal.
--
Ed Mullen
http://edmullen.net
There's no trick to being a humorist when you have the whole government
working for you. - Will Rogers
Jul 14 '08 #60
Tom wrote:
On Sun, 13 Jul 2008 13:45:20 -0400, C A Upsdell wrote:
>If Windows, Ctrl Alt Delete to call up the task manager; select the
browser; kill it.

Very inelegant.

When you have a dozen tabs open, killing the browser, kills all the tabs.

When you restart Firefox, it asks if you want to open all the old tabs,
but, of course, that will just open the quicksand site all over again.

So, without editing the hosts file and shift reloading, you're forced to
say NO to reloading your old tabs ... and you lose them all.

That's why you don't kill the browser session.

Luckily we found a single-click way to solve the problem (type "start ->
run -hosts, add the offending domain, and shift reload the browser). This
turns the quicksand URL into cement. Voila! Thanks to hummingbird!
No one should pay any attention to any posts by "Tom". This is idiotic
to the max.

And, by the way, what sites are you surfing to that redirect you to
these so-called "quicksand" sites? Is this a problem for anyone else?
Or for anything less than a miniscule percentage of users? I doubt it.
Is this a problem for anyone else? I doubt it.

This entire issue is bogus as are all of the posts from "Tom"

Hey, just my opinion. But, I post in the clear with a legitimate mail
address and have done so for many years. You all can make up your own
minds. I have marked "Tom" as a troll. A potentially dangerous one at that.

--
Ed Mullen
http://edmullen.net
Can you be a closet claustrophobic?
Jul 14 '08 #61
Tom wrote:
On Sun, 13 Jul 2008 13:45:20 -0400, C A Upsdell wrote:
>If Windows, Ctrl Alt Delete to call up the task manager; select the
browser; kill it.

Very inelegant.
Inelegant. But reliable, and safe.
Jul 14 '08 #62
Tom wrote:
On Sun, 13 Jul 2008 13:45:20 -0400, C A Upsdell wrote:
>If Windows, Ctrl Alt Delete to call up the task manager; select the
browser; kill it.

Very inelegant.
Inelegant. But reliable, and safe.
Jul 14 '08 #63
Tom
On Sun, 13 Jul 2008 23:43:02 -0400, C A Upsdell wrote:
>>If Windows, Ctrl Alt Delete to call up the task manager; select the
browser; kill it.

Very inelegant.

Inelegant. But reliable, and safe.
I agree. It's what I used to do before I found Hummingbird's more elegant
hosts file solution.

Thanks everyone,
Tom
Jul 14 '08 #64
Tom wrote:
On Sun, 13 Jul 2008 21:36:51 +0100, hummingbird wrote:
>>Rather after-the-fact isn't it?
He can use the hosts file to avoid going to that site

The whole point is to be able to get out of the quicksand without having to
kill the entire browser session (losing all your tabs).
You have not demonstrated that this is an issue. Most of the URLS you
posted died as a 403 or something. This is a non-issue for 99% of users
and I believe you are (at best) spamming, at worst trying to suck people
into your links. Well, ok, you could just be stupid.
>
If you kill the browser, yet you wanted the OTHER tabs (not the quicksand
tab), you can't ever start it again 'cuz you can only recover all the tabs
or none of the tabs.
What? You are clueless.
So, this hosts edit and then doing a shift reload, allows you to blank out
the one quicksand tab and move on with your life.

Elegant, isn't it?
Not!

Idiotic at best when considered in light of his other posts.
--
Ed Mullen
http://edmullen.net
A clear conscience is usually the sign of a bad memory.
Jul 14 '08 #65
Tom
On Sun, 13 Jul 2008 23:43:02 -0400, C A Upsdell wrote:
>>If Windows, Ctrl Alt Delete to call up the task manager; select the
browser; kill it.

Very inelegant.

Inelegant. But reliable, and safe.
I agree. It's what I used to do before I found Hummingbird's more elegant
hosts file solution.

Thanks everyone,
Tom
Jul 14 '08 #66
Tom wrote:
On Sun, 13 Jul 2008 21:36:51 +0100, hummingbird wrote:
>>Rather after-the-fact isn't it?
He can use the hosts file to avoid going to that site

The whole point is to be able to get out of the quicksand without having to
kill the entire browser session (losing all your tabs).
You have not demonstrated that this is an issue. Most of the URLS you
posted died as a 403 or something. This is a non-issue for 99% of users
and I believe you are (at best) spamming, at worst trying to suck people
into your links. Well, ok, you could just be stupid.
>
If you kill the browser, yet you wanted the OTHER tabs (not the quicksand
tab), you can't ever start it again 'cuz you can only recover all the tabs
or none of the tabs.
What? You are clueless.
So, this hosts edit and then doing a shift reload, allows you to blank out
the one quicksand tab and move on with your life.

Elegant, isn't it?
Not!

Idiotic at best when considered in light of his other posts.
--
Ed Mullen
http://edmullen.net
A clear conscience is usually the sign of a bad memory.
Jul 14 '08 #67

Tom wrote:
On Sun, 13 Jul 2008 13:45:20 -0400, C A Upsdell wrote:
>If Windows, Ctrl Alt Delete to call up the task manager; select the
browser; kill it.

Very inelegant.

When you have a dozen tabs open, killing the browser, kills all the tabs.

When you restart Firefox, it asks if you want to open all the old tabs,
but, of course, that will just open the quicksand site all over again.

So, without editing the hosts file and shift reloading, you're forced to
say NO to reloading your old tabs ... and you lose them all.

That's why you don't kill the browser session.

Luckily we found a single-click way to solve the problem (type "start ->
run -hosts, add the offending domain, and shift reload the browser). This
turns the quicksand URL into cement. Voila! Thanks to hummingbird!
If you have other tabs open that you want to keep viewing, then yes,
it's a good immediate, albeit 'temporary' solution to the problem. I
say temporary because using a Hosts file isn't a good solution. Many
malware sites scan and remove their listings from hosts files (and even
locking it via the read-only attribute won't protect you). They do it
by making you log into a benign site first (one that isn't blocked) and
using that to remove their entry from your Hosts file before redirecting
you and trapping your browser. Even running free FireFox addons such as
NoScript won't protect you unless you've been caught before and know not
to allow the site access to Java or JS. You should really be running
an IP blocking program like PeerGuardian or if that is too much hassle,
do what I do and use OpenDNS. I'm sure there are other solutions, those
two just spring to mind. My advice, if you don't want this happening
again and you're the type that's likely to run across sites like these
often, is to do a bit of research into blocking methods and choose the
one that best suits your need.
--
Me Here
I've started referring to the proposed action against Iraq as Desert
Storm 1.1, since it reminds me of a Microsoft upgrade: it's expensive,
most people aren't sure they want it, and it probably won't work. --
Kevin G. Barkes 2002
Jul 14 '08 #68

"Ed Mullen" <ed@edmullen.netwrote in message
news:oI******************************@comcast.com. ..
Tom wrote:
>On Sun, 13 Jul 2008 14:52:18 -0400, Ed Mullen wrote:
>>Why are you jumping through all these hoops? The Windows "hosts" file
is a plain text file you can edit in Notepad.

I know, I know. Microsoft put the c:\windows\system32\drivers\etc\hosts
file in the most
ridiculous non-intuitive spot it could possibly find, deep in muck, deep
under large directories that take a while to load, and without a decent
extension so you have to grope for your text editor (mine is vim
freeware).

So, rather than "jump thru hoops" each time just to edit the hosts file,
I
add a one-time-only registry key "hosts" which opens up the TEXT file (so
that I have a backup if I need it). When I type "Start -Run -hosts",
vim opens up that
c:\windows\system32\drivers\etc\hosts.txt text file, where I edit and
save
to "hosts" which it saves in the current directory (i.e.,
c:\windows\system32\drivers\etc\hosts).

That's a LOT easier than navigating deep into the windows hierarchy into
the least logical place MS could have placed the hosts file and then
fumbling around to get notepad to edit the file with no extension.

Nonsense!

You have detailed a process that does not work in my standard install of
WXP-SP3. You have further created a questionable process involving
editing the Windows Registry which is, at best, a questionable process in
and of itself, and hardly something to be posting to a newsgroup.

Further, you have not answered satisfactorily any questions of the links
you posted. And, your bizarre approach to a HOSTS file is ...
mind-blowingly stupid.

I deem this entire thread bogus at best, threatening at worst. I
encourage no one to do anything that "Tom" has recommended until he
demonstrates that he actually knows what he's doing by citing
authoritative references.

That HOSTS file and registry stuff is total nonsense and the product of
(at best) someone who has not a clue and who has been surfing and copied
suspect references.
Nonsense. This is a fine solution (though I can think of simpler ones ...
like just creating a shortcut to vim-edit the hosts file).
Jul 14 '08 #69

"Ed Mullen" <ed@edmullen.netwrote in message
news:X7******************************@comcast.com. ..
Tom wrote:
>On Sun, 13 Jul 2008 21:36:51 +0100, hummingbird wrote:
>>>Rather after-the-fact isn't it?
He can use the hosts file to avoid going to that site

The whole point is to be able to get out of the quicksand without having
to
kill the entire browser session (losing all your tabs).

You have not demonstrated that this is an issue. Most of the URLS you
posted died as a 403 or something. This is a non-issue for 99% of users
and I believe you are (at best) spamming, at worst trying to suck people
into your links. Well, ok, you could just be stupid.
>>
If you kill the browser, yet you wanted the OTHER tabs (not the quicksand
tab), you can't ever start it again 'cuz you can only recover all the
tabs
or none of the tabs.

What? You are clueless.
>So, this hosts edit and then doing a shift reload, allows you to blank
out
the one quicksand tab and move on with your life.

Elegant, isn't it?

Not!

Idiotic at best when considered in light of his other posts.
Hey Ed. Are you Bare Bottoms in disguise. Or just a wannabee?.
Jul 14 '08 #70

"Ed Mullen" <ed@edmullen.netwrote in message
news:oI******************************@comcast.com. ..
Tom wrote:
>On Sun, 13 Jul 2008 14:52:18 -0400, Ed Mullen wrote:
>>And do a search on "hosts.exe" and you'll find things like this:

I know. I know.

Those who know the Windows registry know that, in Microsoft's infinite
wisdom, the "App Paths" key MUST end with "exe" for it to work. There is
no hosts.exe (I repeat) there is no hosts.exe. The whole point of the App
Paths key is to make the editing of hosts a
simple one-click affair.

But, Microsoft insists that ALL "Apps Paths" keys end with "exe" whether
or
not the file you're trying to open ends with ".exe".

So, that's the ONLY reason the hosts App Path key is called "hosts.exe".

Please reply if you understand this 'cuz I feel badly that this was
misunderstood by a few of you.

You do not have a freaking clue. Your entire rant about the HOSTS file
management process in Windows is ignorant at best, damaging most likely,
possibly intent on some nefarious goal.
I think Ed is dead in the head.
Jul 14 '08 #71
Me Here wrote:
If you have other tabs open that you want to keep viewing, then yes,
it's a good immediate, albeit 'temporary' solution to the problem. I
say temporary because using a Hosts file isn't a good solution. Many
malware sites scan and remove their listings from hosts files (and even
locking it via the read-only attribute won't protect you).
What? You are gonna have to find reliable cites for that nonsense.
They do it by making you log into a benign site first (one that isn't
blocked) and using that to remove their entry from your Hosts file
before redirecting you and trapping your browser. Even running free
FireFox addons such as NoScript won't protect you unless you've been
caught before and know not to allow the site access to Java or JS.
More bollox.

--
-bts
-Friends don't let friends drive Windows
Jul 14 '08 #72

Beauregard T. Shagnasty wrote:
Me Here wrote:
>If you have other tabs open that you want to keep viewing, then yes,
it's a good immediate, albeit 'temporary' solution to the problem. I
say temporary because using a Hosts file isn't a good solution. Many
malware sites scan and remove their listings from hosts files (and even
locking it via the read-only attribute won't protect you).

What? You are gonna have to find reliable cites for that nonsense.
Google is your friend. I won't do your homework for you.

--
Me Here
Now each one of us, black or white, is a symbol. The war is out in the
open and the skin color is a uniform. All the deep and basic
similarities of the human condition are forgotten so that we can
exaggerate the few differences that exist. -- John D. MacDonald, The
Girl in the Plain Brown Wrapper
Jul 14 '08 #73

Beauregard T. Shagnasty wrote:
Me Here wrote:
>If you have other tabs open that you want to keep viewing, then yes,
it's a good immediate, albeit 'temporary' solution to the problem. I
say temporary because using a Hosts file isn't a good solution. Many
malware sites scan and remove their listings from hosts files (and even
locking it via the read-only attribute won't protect you).

What? You are gonna have to find reliable cites for that nonsense.
Oh, just so I don't get the wrong idea - are you saying that malware
can't change the hosts file or that you've never heard of it being done?

--
Me Here
"Your vote certainly counts. On the other hand, your vote may not be
counted." -- Robert Richie, Center for Voting and Democracy, commenting
on the 2000 Presidential election.
Jul 14 '08 #74

Beauregard T. Shagnasty wrote:
Me Here wrote:
>If you have other tabs open that you want to keep viewing, then yes,
it's a good immediate, albeit 'temporary' solution to the problem. I
say temporary because using a Hosts file isn't a good solution. Many
malware sites scan and remove their listings from hosts files (and even
locking it via the read-only attribute won't protect you).

What? You are gonna have to find reliable cites for that nonsense.
>They do it by making you log into a benign site first (one that isn't
blocked) and using that to remove their entry from your Hosts file
before redirecting you and trapping your browser. Even running free
FireFox addons such as NoScript won't protect you unless you've been
caught before and know not to allow the site access to Java or JS.

More bollox.
Ahh fuckit, I wasn't going to do your homework but I just couldn't help
Googling to see how many links popped up - so many I just shook my head
and laughed. Of course, wikipedia was among the top 3...

Here's two to start you off explaining why hosts files by themselves
aren't secure and how easily they get hijacked:

http://en.wikipedia.org/wiki/Hosts_file

and just in case you have doubts about the authenticity of information
in wikipedia:

http://www.virusbtn.com/resources/gl...hosts_file.xml
Once you've grasped that, then you may begin to realise why, if you use
a hosts file to block stuff, you need to run a hosts file manager (all
good hosts file managers monitor the hosts file for unauthorised
attempts at changing it) or else you're just pissing in the wind.

Next time, please Google and get your facts right before slighting
someone else's post.
--
Me Here
The speed is a pain, but better than a 1/2 hour drive across Munich. --
Bernhard Schneck, Re: disk NFS-mounted via PPP (1993)
Jul 14 '08 #75
Tom schreef:
On Sun, 13 Jul 2008 19:16:24 +0200, Hendrik Maryns wrote:
>If I click on this in Firefox 3 (on Linux, but that shouldn’t make a
difference), I get a page warning that it is a scam page, with a button
‘Get me out of here!’.

That warning must be coming from the browser.
Of course it is. In the Preferences: Security → ‘Tell me whether the
website I am visiting is a possible attack site’ and ‘Tell me whether
the website I am visiting is a possible spoof site’ or something similar
(I have a Dutch version).

H.
--
Hendrik Maryns
http://tcl.sfs.uni-tuebingen.de/~hendrik/
==================
http://aouw.org
Ask smart questions, get good answers:
http://www.catb.org/~esr/faqs/smart-questions.html
Jul 14 '08 #76

On Sun, 13 Jul 2008 19:09:43 -0700 'Tom'
wrote this on alt.comp.freeware:
>On Sun, 13 Jul 2008 21:58:18 +0100, hummingbird wrote:
>The HOSTS file is named exactly that: HOSTS
It has no file extension.

I know. I know. Of course it's named hosts.

I'll explain again. You can fumble around trying to find the hosts file
every time you have to edit it but I don't wish to be that inefficient.

I just type "hosts", I make my edits, and I save the results as "hosts" and
I'm done.
I can locate my HOSTS file on my system in about 2 seconds.
But then, I use a real filemanager (payware ZtreeWin).

>Behind the scenes, the magic of that simplicity is:
a) Typing "Start -Run -hosts" exercises the "hosts.exe" registry key
b) That hosts.exe registry key brings up the hosts.txt file
c) Saving that as "hosts" saves that file as the proper hosts file.
I do not have a file called hosts.exe on my system, never have
had. Nor is there anything in the registry by that name.
>It's that simple. You might prefer the lousy inefficient way and that's
just fine. Here's the horribly inefficient way to edit the hosts file.

a) Navigate to C:\windows (hosts belongs here)
b) Navigate to system32 (dunno why it's here)
c) Navigate to drivers (it's not a driver)
d) Navigate to etc (what's etc got to do with it?)
e) Right click on the hosts file to edit in Notepad
f) Save as hosts.bak (you should have a backup)
g) Save as hosts (this overwrites the original file)
This is where the hosts file is located in XP:
C:\WINDOWS\system32\drivers\etc\HOSTS
>So, you can do it either way. I think the method I proposed is elegant.
I think both methods will work.

BTW, there isn't any hosts.exe file.
Those who know the Windows registry know that, in Microsoft's infinite
wisdom, the "App Paths" key MUST end with "exe" for it to work. There is no
hosts.exe (I repeat) there is no hosts.exe. The whole point of the App
Paths key is to make the editing of hosts a simple one-click affair.

Hope this helps!

--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)
Jul 14 '08 #77
Tom
On Sun, 13 Jul 2008 22:48:05 -0400, Beauregard T. Shagnasty wrote:
Tom wrote:
>Behind the scenes, the magic of that simplicity is:

..to simply place a shortcut on your desktop - calling your text editor
to load HOSTS. Then all you have to do is save after you edit, and
bypass all those extra chores you've created for yourself.
That would work also. I prefer the registry App Paths (that's what it's
for) because I can export it and use it on multiple machines and use it
when I re-image my machine, etc. but there are more than a few ways to edit
a file that has no extension and all will work just fine.
Jul 14 '08 #78
Me Here wrote:
Beauregard T. Shagnasty wrote:
>Me Here wrote:
>>If you have other tabs open that you want to keep viewing, then yes,
it's a good immediate, albeit 'temporary' solution to the problem.
I say temporary because using a Hosts file isn't a good solution.
Many malware sites scan and remove their listings from hosts files
(and even locking it via the read-only attribute won't protect
you).

What? You are gonna have to find reliable cites for that nonsense.
>>They do it by making you log into a benign site first (one that
isn't blocked) and using that to remove their entry from your Hosts
file before redirecting you and trapping your browser. Even
running free FireFox addons such as NoScript won't protect you
unless you've been caught before and know not to allow the site
access to Java or JS.

More bollox.

Ahh fuckit, I wasn't going to do your homework but I just couldn't
help Googling to see how many links popped up - so many I just shook
my head and laughed. Of course, wikipedia was among the top 3...
Hey, I don't have to do homework; you are the one who made the
statements and I asked for cites. Why should I have to prove - or
disprove - your claims.
Here's two to start you off explaining why hosts files by themselves
aren't secure and how easily they get hijacked:

http://en.wikipedia.org/wiki/Hosts_file
Micha already answered the point about how a website hijacking the hosts
file isn't possible.

"A website alone doesn't do that. A good browser doesn't do that. An
appropriate system setup doesn't allow that. "
and just in case you have doubts about the authenticity of information
in wikipedia:

http://www.virusbtn.com/resources/gl...hosts_file.xml

Once you've grasped that, then you may begin to realise why, if you
use a hosts file to block stuff, you need to run a hosts file manager
(all good hosts file managers monitor the hosts file for unauthorised
attempts at changing it) or else you're just pissing in the wind.
My hosts file is located here: /etc/hosts
What host file manager would you recommend I use?
Next time, please Google and get your facts right before slighting
someone else's post.
<lol Next time, don't write statements like "Many malware sites scan
and remove their listings from hosts files" that aren't true.

And like Micha, I don't have any anti- anything software on my computer
either.

--
-bts
-Friends don't let friends drive Windows
Jul 14 '08 #79
Me Here wrote:
Beauregard T. Shagnasty wrote:
>Me Here wrote:
>>... Many malware sites scan and remove their listings from hosts
files (and even locking it via the read-only attribute won't
protect you).

What? You are gonna have to find reliable cites for that nonsense.

Oh, just so I don't get the wrong idea - are you saying that malware
can't change the hosts file or that you've never heard of it being
done?
And just so you don't think I have no knowledge of the subject, I'm
saying that your statement "Many malware sites ..." [I assume that means
web sites] is false. Subsequent infections by visiting those sites with
insecure browsers on unprotected Windows PCs may load something *else*
that could hijack a hosts file.

--
-bts
-Friends don't let friends drive Windows
Jul 14 '08 #80

On Mon, 14 Jul 2008 00:25:33 -0400 'Alfred Einstein'
wrote this on alt.comp.freeware:
>
"Ed Mullen" <ed@edmullen.netwrote in message
news:oI******************************@comcast.com ...
>Tom wrote:
>>On Sun, 13 Jul 2008 14:52:18 -0400, Ed Mullen wrote:

And do a search on "hosts.exe" and you'll find things like this:

I know. I know.

Those who know the Windows registry know that, in Microsoft's infinite
wisdom, the "App Paths" key MUST end with "exe" for it to work. There is
no hosts.exe (I repeat) there is no hosts.exe. The whole point of the App
Paths key is to make the editing of hosts a
simple one-click affair.

But, Microsoft insists that ALL "Apps Paths" keys end with "exe" whether
or
not the file you're trying to open ends with ".exe".

So, that's the ONLY reason the hosts App Path key is called "hosts.exe".

Please reply if you understand this 'cuz I feel badly that this was
misunderstood by a few of you.

You do not have a freaking clue. Your entire rant about the HOSTS file
management process in Windows is ignorant at best, damaging most likely,
possibly intent on some nefarious goal.

I think Ed is dead in the head.
Ded Mullet?
--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)
Jul 14 '08 #81

On Mon, 14 Jul 2008 14:23:03 +1000 'Me Here'
wrote this on alt.comp.freeware:
>Tom wrote:
>On Sun, 13 Jul 2008 13:45:20 -0400, C A Upsdell wrote:
>>If Windows, Ctrl Alt Delete to call up the task manager; select the
browser; kill it.

Very inelegant.

When you have a dozen tabs open, killing the browser, kills all the tabs.

When you restart Firefox, it asks if you want to open all the old tabs,
but, of course, that will just open the quicksand site all over again.

So, without editing the hosts file and shift reloading, you're forced to
say NO to reloading your old tabs ... and you lose them all.

That's why you don't kill the browser session.

Luckily we found a single-click way to solve the problem (type "start ->
run -hosts, add the offending domain, and shift reload the browser). This
turns the quicksand URL into cement. Voila! Thanks to hummingbird!
>If you have other tabs open that you want to keep viewing, then yes,
it's a good immediate, albeit 'temporary' solution to the problem. I
say temporary because using a Hosts file isn't a good solution. Many
malware sites scan and remove their listings from hosts files (and even
locking it via the read-only attribute won't protect you). They do it
by making you log into a benign site first (one that isn't blocked) and
using that to remove their entry from your Hosts file before redirecting
you and trapping your browser.
Good point MH. I've never experienced that trick, especially since
I started safe hexing, but I am aware it can happen.

These days, I seem to be safe with a hosts file to block unwanted
sites, plus a supplementary program or two (SpyWareBlaster etc).

>Even running free FireFox addons such as
NoScript won't protect you unless you've been caught before and know not
to allow the site access to Java or JS. You should really be running
an IP blocking program like PeerGuardian or if that is too much hassle,
do what I do and use OpenDNS. I'm sure there are other solutions, those
two just spring to mind. My advice, if you don't want this happening
again and you're the type that's likely to run across sites like these
often, is to do a bit of research into blocking methods and choose the
one that best suits your need.

--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)
Jul 14 '08 #82

Ed Mullen wrote:
>This is idiotic to the max.
>This entire issue is bogus
I have found that a simple filter removes all of the noise from
this newsgroup. I have set my filters to not display anything that
is crossposted to alt.comp.freeware. The remailing posts are all
high quality and on-topic.

--
Guy Macon
<http://www.GuyMacon.com/>

Jul 14 '08 #83

Beauregard T. Shagnasty wrote:
Me Here wrote:
>Beauregard T. Shagnasty wrote:
>>Me Here wrote:
If you have other tabs open that you want to keep viewing, then yes,
it's a good immediate, albeit 'temporary' solution to the problem.
I say temporary because using a Hosts file isn't a good solution.
Many malware sites scan and remove their listings from hosts files
(and even locking it via the read-only attribute won't protect
you).
What? You are gonna have to find reliable cites for that nonsense.

They do it by making you log into a benign site first (one that
isn't blocked) and using that to remove their entry from your Hosts
file before redirecting you and trapping your browser. Even
running free FireFox addons such as NoScript won't protect you
unless you've been caught before and know not to allow the site
access to Java or JS.
More bollox.
Ahh fuckit, I wasn't going to do your homework but I just couldn't
help Googling to see how many links popped up - so many I just shook
my head and laughed. Of course, wikipedia was among the top 3...

Hey, I don't have to do homework; you are the one who made the
statements and I asked for cites. Why should I have to prove - or
disprove - your claims.
>Here's two to start you off explaining why hosts files by themselves
aren't secure and how easily they get hijacked:

http://en.wikipedia.org/wiki/Hosts_file

Micha already answered the point about how a website hijacking the hosts
file isn't possible.
It *IS* possible, that's the point - websites can, and do, do that. Why
does *his* statement pass without so much as a cite whereas mine is
required to produce fact (which I gave). Where are *his* cites? Why do
you believe *his* statement and not mine? Because it supports *your*
point of view? READ the damn links I gave you and then do some damn
research yourself.

My hosts file is located here: /etc/hosts
What host file manager would you recommend I use?
There are several freeware ones I used to use before I changed to
OpenDNS. Google Hostfile manager and I'm sure you'll find them.
>
>Next time, please Google and get your facts right before slighting
someone else's post.

<lol Next time, don't write statements like "Many malware sites scan
and remove their listings from hosts files" that aren't true.
Of course it's true. Even the damn links I gave you proved it. Malware
isn't just downloaded programs you know..... or do you... hmmmm.

And like Micha, I don't have any anti- anything software on my computer
either.
It is true, there is a sucker born ever minute. It's only a matter of
time (if it hasn't happened yet) before you get bent over.
--
Me Here
After filing the largest corporate bankruptcy in history, Worldcom stock
closed at $0.14 on Monday which leaves consumers with the dilemma. Do
you buy one share of Worldcom stock, or 2 minutes of MCI long distance?
Dennis Miller Live 07/26/2002.
Jul 14 '08 #84

Beauregard T. Shagnasty wrote:
Me Here wrote:
>Beauregard T. Shagnasty wrote:
>>Me Here wrote:
... Many malware sites scan and remove their listings from hosts
files (and even locking it via the read-only attribute won't
protect you).
What? You are gonna have to find reliable cites for that nonsense.
Oh, just so I don't get the wrong idea - are you saying that malware
can't change the hosts file or that you've never heard of it being
done?

And just so you don't think I have no knowledge of the subject, I'm
saying that your statement "Many malware sites ..." [I assume that means
web sites] is false.
It's not false. You obviously have a problem with either reading or
English. If malware sites couldn't do anything to your computer, why
the hell are browser companies so worried about security now-a-days? Of
course malware sites can effect your computer.

Micha is right though, a properly secured browser reduces the chances of
this happening quite significantly.

As for ActiveX, only a fool runs that crap. Worst nightmare MS ever
introduced into the internet (IMHO).

--
Me Here
"First they came for the Communists but I was not a Communist so I did
not speak out. Then they came for the Socialists and the Trade
Unionists but I was not one of them, so I did not speak out. Then they
came for the Jews but I was not Jewish so I did not speak out. And
when they came for me, there was no one left to speak out for me."
Jul 14 '08 #85

hummingbird wrote:
On Mon, 14 Jul 2008 14:23:03 +1000 'Me Here'
wrote this on alt.comp.freeware:
>Tom wrote:
>>On Sun, 13 Jul 2008 13:45:20 -0400, C A Upsdell wrote:

If Windows, Ctrl Alt Delete to call up the task manager; select the
browser; kill it.
Very inelegant.

When you have a dozen tabs open, killing the browser, kills all the tabs.

When you restart Firefox, it asks if you want to open all the old tabs,
but, of course, that will just open the quicksand site all over again.

So, without editing the hosts file and shift reloading, you're forced to
say NO to reloading your old tabs ... and you lose them all.

That's why you don't kill the browser session.

Luckily we found a single-click way to solve the problem (type "start ->
run -hosts, add the offending domain, and shift reload the browser). This
turns the quicksand URL into cement. Voila! Thanks to hummingbird!

>If you have other tabs open that you want to keep viewing, then yes,
it's a good immediate, albeit 'temporary' solution to the problem. I
say temporary because using a Hosts file isn't a good solution. Many
malware sites scan and remove their listings from hosts files (and even
locking it via the read-only attribute won't protect you). They do it
by making you log into a benign site first (one that isn't blocked) and
using that to remove their entry from your Hosts file before redirecting
you and trapping your browser.

Good point MH. I've never experienced that trick, especially since
I started safe hexing, but I am aware it can happen.

These days, I seem to be safe with a hosts file to block unwanted
sites, plus a supplementary program or two (SpyWareBlaster etc).

>Even running free FireFox addons such as
NoScript won't protect you unless you've been caught before and know not
to allow the site access to Java or JS. You should really be running
an IP blocking program like PeerGuardian or if that is too much hassle,
do what I do and use OpenDNS. I'm sure there are other solutions, those
two just spring to mind. My advice, if you don't want this happening
again and you're the type that's likely to run across sites like these
often, is to do a bit of research into blocking methods and choose the
one that best suits your need.

As I said, a hosts file is great, so long as you protect it otherwise it
becomes pointless. Many programs out there now protect things like Home
pages and hosts files simply because security companies are aware that
they are easily hijacked with things like WSH or ActiveX (or even a
crappy FF addon).
--
Me Here
Don't let your education interfere with your intelligence. -- unknown
Jul 14 '08 #86
hummingbird wrote:
On Mon, 14 Jul 2008 07:53:16 -0400 'Beauregard T. Shagnasty'
wrote this on alt.comp.freeware:
>And like Micha, I don't have any anti- anything software on my
computer either.

You're out of your depth Shagnasty. Accept it and go fishing.
That's funny...
There are plenty of people who surf unprotected and are at risk of
getting clobbered by websites containing malware. A HOSTS file is no
absolute guarantee of safety.
Of course not, and I did not say it was.
[HEALTH WARNING]
If you switch off all your security s/w and surf to this website,
see what happens: www.pricelessware.org
Ok, I did. I see a ~1995-coding-style web site with many lists of free
Windows software. What was supposed to happen?

--
-bts
-Friends don't let friends drive Windows
Jul 14 '08 #87
Me Here wrote:
Beauregard T. Shagnasty wrote:
>And like Micha, I don't have any anti- anything software on my
computer either.

It is true, there is a sucker born ever minute. It's only a matter
of time (if it hasn't happened yet) before you get bent over.
You are apparently assuming I am using a Windows operating system.

--
-bts
-Friends don't let friends drive Windows
Jul 14 '08 #88

On Tue, 15 Jul 2008 00:16:33 +1000 'Me Here'
wrote this on alt.comp.freeware:
>
hummingbird wrote:
>On Mon, 14 Jul 2008 14:23:03 +1000 'Me Here'
wrote this on alt.comp.freeware:
>>Tom wrote:
On Sun, 13 Jul 2008 13:45:20 -0400, C A Upsdell wrote:

If Windows, Ctrl Alt Delete to call up the task manager; select the
browser; kill it.
Very inelegant.

When you have a dozen tabs open, killing the browser, kills all the tabs.

When you restart Firefox, it asks if you want to open all the old tabs,
but, of course, that will just open the quicksand site all over again.

So, without editing the hosts file and shift reloading, you're forced to
say NO to reloading your old tabs ... and you lose them all.

That's why you don't kill the browser session.

Luckily we found a single-click way to solve the problem (type "start ->
run -hosts, add the offending domain, and shift reload the browser). This
turns the quicksand URL into cement. Voila! Thanks to hummingbird!

>>If you have other tabs open that you want to keep viewing, then yes,
it's a good immediate, albeit 'temporary' solution to the problem. I
say temporary because using a Hosts file isn't a good solution. Many
malware sites scan and remove their listings from hosts files (and even
locking it via the read-only attribute won't protect you). They do it
by making you log into a benign site first (one that isn't blocked) and
using that to remove their entry from your Hosts file before redirecting
you and trapping your browser.

Good point MH. I've never experienced that trick, especially since
I started safe hexing, but I am aware it can happen.

These days, I seem to be safe with a hosts file to block unwanted
sites, plus a supplementary program or two (SpyWareBlaster etc).

>>Even running free FireFox addons such as
NoScript won't protect you unless you've been caught before and know not
to allow the site access to Java or JS. You should really be running
an IP blocking program like PeerGuardian or if that is too much hassle,
do what I do and use OpenDNS. I'm sure there are other solutions, those
two just spring to mind. My advice, if you don't want this happening
again and you're the type that's likely to run across sites like these
often, is to do a bit of research into blocking methods and choose the
one that best suits your need.


As I said, a hosts file is great, so long as you protect it otherwise it
becomes pointless. Many programs out there now protect things like Home
pages and hosts files simply because security companies are aware that
they are easily hijacked with things like WSH or ActiveX (or even a
crappy FF addon).
Yeah, I must think about protecting my own hosts file. I think
SpyWareBlaster offers this feature.

[rushes off to check]
--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)
Jul 14 '08 #89
On this special day, Tom wrote:
No. Nothing works except to kill firefox and not restart with all the same
tabs all over again.
Strange. I just looked at this presumed antivirus 2009 (with FireFox 3)
and closed the tab. No problems at all. I have Java (not JavaScript)
disabled generally and will allow exceptions only to specific sites
that I will list.

As soon as I had installed FF3, I opened the JavaScript Expanded Button
and unchecked all except for the topmost box, which is "move or resize
existing windows" (which can still be abused IMHO but cannot do much
harm - at least I do hope so)

Maybe this is the soluton.
Gabriele Neukam

Ga*************************@t-online.de

--
No I am not a troll. Just a beginner and lazy!!!!!!!!!!!
(leepeach in alt.comp.virus, asked why (s)he was repeatedly asking the
same question)
Jul 14 '08 #90
hummingbird wrote:
<snippage>
["trojan.systemposer"]
Anyway, I noticed what was happening at the time and shut down
the browser and ADSL connection within about 10secs.

I found 7-8 small programs on my system and wrapped them in
a zipfile for safety (later sent to SuperAntiSpyware guys for
analysis).

I then spent 2-3 hours running every piece of anti-malware s/w
I have, including several root kit programs. All came up clear.

Since then, I've seen no abnormal activity on my system using
packet sniffers and monitoring ports etc. My guess is that I
killed it before it had hardly got started doing its evil work.
Maybe you got lucky. Maybe it wasn't activated by its owner prior to
your shutting off your connection.

You do have a router and firewall, correct?
>Sure, almost everyone uses Windows. And the hackers love it because
of all the holes in it. ;-)

When I build my next system, I hope to install a version of *nix as
well as XP-Pro-SP3, probably using VMPC.
Try Ubuntu. You can also install it from within Windows using Wubi. For
testing and playing. I wouldn't recommend using any virtual machine for
a working installation, though.

--
-bts
-Friends don't let friends drive Windows
Jul 14 '08 #91

On Mon, 14 Jul 2008 16:45:26 -0400 'Beauregard T. Shagnasty'
wrote this on alt.comp.freeware:
>hummingbird wrote:
<snippage>
["trojan.systemposer"]
>Anyway, I noticed what was happening at the time and shut down
the browser and ADSL connection within about 10secs.

I found 7-8 small programs on my system and wrapped them in
a zipfile for safety (later sent to SuperAntiSpyware guys for
analysis).

I then spent 2-3 hours running every piece of anti-malware s/w
I have, including several root kit programs. All came up clear.

Since then, I've seen no abnormal activity on my system using
packet sniffers and monitoring ports etc. My guess is that I
killed it before it had hardly got started doing its evil work.

Maybe you got lucky. Maybe it wasn't activated by its owner prior to
your shutting off your connection.

You do have a router and firewall, correct?
s/w firewall = yes, router = no.

A router is for my next system in a few months.
>>Sure, almost everyone uses Windows. And the hackers love it because
of all the holes in it. ;-)

When I build my next system, I hope to install a version of *nix as
well as XP-Pro-SP3, probably using VMPC.

Try Ubuntu. You can also install it from within Windows using Wubi. For
testing and playing. I wouldn't recommend using any virtual machine for
a working installation, though.
Yep ok. Ubuntu is currently top of my list :-)
We have one or two folks here on ACF who know about that and
there's always the other groups WHEN (not if) I get stuck ;-)

Thanks for the suggestion...
--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)
Jul 14 '08 #92
On Mon, 14 Jul 2008 22:40:23 +0100, hummingbird wrote in <g5gkko.lg.1
@localhost.127.0.0.1>:
>
On Mon, 14 Jul 2008 16:45:26 -0400 'Beauregard T. Shagnasty'
wrote this on alt.comp.freeware:
hummingbird wrote:
<snippage>
["trojan.systemposer"]
Anyway, I noticed what was happening at the time and shut down
the browser and ADSL connection within about 10secs.

I found 7-8 small programs on my system and wrapped them in
a zipfile for safety (later sent to SuperAntiSpyware guys for
analysis).

I then spent 2-3 hours running every piece of anti-malware s/w
I have, including several root kit programs. All came up clear.

Since then, I've seen no abnormal activity on my system using
packet sniffers and monitoring ports etc. My guess is that I
killed it before it had hardly got started doing its evil work.
Maybe you got lucky. Maybe it wasn't activated by its owner prior to
your shutting off your connection.

You do have a router and firewall, correct?

s/w firewall = yes, router = no.

A router is for my next system in a few months.
>Sure, almost everyone uses Windows. And the hackers love it because
of all the holes in it. ;-)

When I build my next system, I hope to install a version of *nix as
well as XP-Pro-SP3, probably using VMPC.
Try Ubuntu. You can also install it from within Windows using Wubi. For
testing and playing. I wouldn't recommend using any virtual machine for
a working installation, though.

Yep ok. Ubuntu is currently top of my list :-)
We have one or two folks here on ACF who know about that and
there's always the other groups WHEN (not if) I get stuck ;-)

Thanks for the suggestion...
------FORGERY---------

--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)
--
....of all the things i've lost in my life ... i miss my mind the most
Jul 14 '08 #93
On Mon, 14 Jul 2008 20:51:20 +0100, hummingbird wrote in <g5ge89.1ts.1
@localhost.127.0.0.1>:
>
On Mon, 14 Jul 2008 14:33:18 -0400 'Beauregard T. Shagnasty'
wrote this on alt.comp.freeware:
hummingbird wrote:
'Beauregard T. Shagnasty' wrote:
<snippage>
>So that was a Windows trojan then?

The one in question is called "trojan.systemposer".
That is a nasty one. It's a rootkit as well, and - depending on what
else it downloaded and installed - nearly impossible to get rid of.
Experts suggest you flatten and reinstall to be totally sure you are rid
of everything.

Interesting.
I researched at the time but found conflicting descriptions.

Anyway, I noticed what was happening at the time and shut down
the browser and ADSL connection within about 10secs.

I found 7-8 small programs on my system and wrapped them in
a zipfile for safety (later sent to SuperAntiSpyware guys for
analysis).

I then spent 2-3 hours running every piece of anti-malware s/w
I have, including several root kit programs. All came up clear.

Since then, I've seen no abnormal activity on my system using
packet sniffers and monitoring ports etc. My guess is that I
killed it before it had hardly got started doing its evil work.
When I build my next system, I hope to install a version of *nix
as well as XP-Pro-SP3, probably using VMPC.
------FORGERY---------

hb

--
....of all the things i've lost in my life ... i miss my mind the most
Jul 14 '08 #94

On Mon, 14 Jul 2008 23:31:26 +0100
**THE FORGER*** wrote this on alt.comp.freeware:

>On Mon, 14 Jul 2008 22:40:23 +0100, hummingbird wrote in <g5gkko.lg.1
@localhost.127.0.0.1>:
>>
On Mon, 14 Jul 2008 16:45:26 -0400 'Beauregard T. Shagnasty'
wrote this on alt.comp.freeware:
>hummingbird wrote:
<snippage>
["trojan.systemposer"]
Anyway, I noticed what was happening at the time and shut down
the browser and ADSL connection within about 10secs.

I found 7-8 small programs on my system and wrapped them in
a zipfile for safety (later sent to SuperAntiSpyware guys for
analysis).

I then spent 2-3 hours running every piece of anti-malware s/w
I have, including several root kit programs. All came up clear.

Since then, I've seen no abnormal activity on my system using
packet sniffers and monitoring ports etc. My guess is that I
killed it before it had hardly got started doing its evil work.

Maybe you got lucky. Maybe it wasn't activated by its owner prior to
your shutting off your connection.

You do have a router and firewall, correct?

s/w firewall = yes, router = no.

A router is for my next system in a few months.
>>Sure, almost everyone uses Windows. And the hackers love it because
of all the holes in it. ;-)

When I build my next system, I hope to install a version of *nix as
well as XP-Pro-SP3, probably using VMPC.

Try Ubuntu. You can also install it from within Windows using Wubi. For
testing and playing. I wouldn't recommend using any virtual machine for
a working installation, though.

Yep ok. Ubuntu is currently top of my list :-)
We have one or two folks here on ACF who know about that and
there's always the other groups WHEN (not if) I get stuck ;-)

Thanks for the suggestion...

------FORGERY---------

You are the forgery, moron.
--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)
Jul 14 '08 #95
..oO(Me Here)
>Beauregard T. Shagnasty wrote:
>>
Micha already answered the point about how a website hijacking the hosts
file isn't possible.

It *IS* possible, that's the point - websites can, and do, do that. Why
does *his* statement pass without so much as a cite whereas mine is
required to produce fact (which I gave). Where are *his* cites? Why do
you believe *his* statement and not mine? Because it supports *your*
point of view?
Just think logically:

1) What is a website? It's HTML and CSS. It's a document, not a program.
You can display it in various formats, but it can't gain kind of an own
life to do funny things to your computer outside its rendering context.

Logical conclusion: A website alone doesn't do that.

2) A browser is just a viewer to display these HTML documents. Even if
there might be some active content like JS embedded into it, it's run in
a sandbox-like environment inside the browser, which itself runs in user
space and doesn't have anything to do with the operating system nor a
way to manipulate it.

Logical conclusion: A good browser doesn't do that.

3) Even if there might be a way to break out of the browser sandbox due
to a buggy plugin or a broken JS implementation, and even if there would
be a way to download and execute some software without the user taking
notice, there's still the operating system (in the Windows world this
means NT/2k/XP - we don't have to talk about the toys 95/98/ME), which
prevents unauthorized accesses to its most important entrails like libs
and system configuration files. The hosts file is not write-accessible
for any regular user, only the system itself and the admins/root are
granted access to modify it.

Logical conclusion: An appropriate system setup doesn't allow that.

Q.E.D.
Of course if you do your daily work with admin privileges (or root on
*nix), then you should never (really never!) complain about problems
with malware or a screwed-up system. Even though it sounds harsh, it's
mostly your own fault and you get what you deserve. Of course you can
also thank MS for not enforcing the creation of a non-privileged user
account on Windows installation, but that's just a part of the problem.
>My hosts file is located here: /etc/hosts
What host file manager would you recommend I use?

There are several freeware ones I used to use before I changed to
OpenDNS. Google Hostfile manager and I'm sure you'll find them.
He's not using Windows, but some kind of *nix system. There all system
configuration files are stored in the /etc folder (you can guess where
MS stol^Wgot the name for its hosts directory from ...)
>And like Micha, I don't have any anti- anything software on my computer
either.

It is true, there is a sucker born ever minute. It's only a matter of
time (if it hasn't happened yet) before you get bent over.
The last virus on my workstation was called Sunday. It's been quite a
while since these old MS-DOS days.

Micha
Jul 15 '08 #96

On Mon, 14 Jul 2008 23:36:48 GMT

***The FORGER Franklin***, using the name hummngbird wrote:

--nothing--
--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)
Jul 15 '08 #97
On Mon, 14 Jul 2008 18:59:49 -0500, Michael Fesser <ne*****@gmx.dewrote:
Just think logically:

1) What is a website? It's HTML and CSS. It's a document, not a program.
You can display it in various formats, but it can't gain kind of an own
life to do funny things to your computer outside its rendering context.

Logical conclusion: A website alone doesn't do that.
Micha...this premise is just wrong. Websites can and do contain all kinds
of scripts.
--
Bear Bottoms
Freeware website: http://bearware.info
Jul 15 '08 #98
..oO(Bear Bottoms)
>On Mon, 14 Jul 2008 18:59:49 -0500, Michael Fesser <ne*****@gmx.dewrote:
>Just think logically:

1) What is a website? It's HTML and CSS. It's a document, not a program.
You can display it in various formats, but it can't gain kind of an own
life to do funny things to your computer outside its rendering context.

Logical conclusion: A website alone doesn't do that.

Micha...this premise is just wrong. Websites can and do contain all kinds
of scripts.
Correct, but I consider them just additions to a website. They are
always optional (like images and CSS) and not interpreted by every
browser. But I also mentioned those scripts in my second point.

Micha
Jul 15 '08 #99

Beauregard T. Shagnasty wrote:
Me Here wrote:
>Beauregard T. Shagnasty wrote:
>>And like Micha, I don't have any anti- anything software on my
computer either.
It is true, there is a sucker born ever minute. It's only a matter
of time (if it hasn't happened yet) before you get bent over.

You are apparently assuming I am using a Windows operating system.
Tue, probably because Windows is the most prevalent system, however,
that aside, malware is not limited to Windows systems alone. Most are,
but not all.

--
Me Here
Here we have a country whose urban population happily inhales a
bewildering cocktail of combustion fumes on a daily basis; 12 per cent
of whose male population under the age of 35 will die prematurely as a
result of smoking tobacco (a more unpleasant death than anthrax, which
is mostly shock); not to mention that anthrax is harder to contract than
lung cancer, with both a cure and a vaccine. Yet, let one man in Florida
die of that obscure ailment and suddenly war-surplus stores are selling
out of Israeli gas masks at 110 bucks a pop. -- John MacLachlan Gray,
Globe and Mail, October 17, 2001 commenting on the 2001 anthrax scares.
Jul 15 '08 #100

This discussion thread is closed

Replies have been disabled for this discussion.

By using this site, you agree to our Privacy Policy and Terms of Use.