[geeks] filtering out web base trojan?

Sridhar Ayengar ploopster at gmail.com
Sun Mar 16 12:15:34 CDT 2008


Geoffrey S. Mendelson wrote:
> I have a problem with a persistent web based trojan that infects one
> computer of mine. I can get rid of it once it infects the computer, my
> antivirus finds it and hijack this and windows defender catches any
> startup registry entries.
> 
> Occasionally it gets so bad I have to boot from a CD and remove the DLL
> it installs by hand.
> 
> This is getting tedious.
> 
> I'm using FireFox as my web browser with the noscript add-on.
> 
> However, it still gets through. 
> 
> It's the one that randomly pops up a "your computer may be infected with
> spyware, click here to make sure it is" window. Noscript prevents the
> window from coming up, but it still tries.
> 
> Is there a way to filter it out via a web proxy? Possibly an add on
> module for squid or apache? Something similar to Dan's Guardian? A
> better FireFox add on?
> 
> While I would prefer something that stopped it, even a program that
> detected and logged it would do. Then I can block the sites if they are
> referred to, or simply no longer use the one that is infected.
> 
> I think that it comes in from a content/location based advertising
> service, so the site that tries to infect me may not even be aware
> that this is happening. 

Have you tried creating a non-overwritable non-readable zero-length file 
in its place?

Peace...  Sridhar



More information about the geeks mailing list