If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
YANDEX cookie
Andy wrote:
So what is it and how did you get rid of it? Kerry I dont know what it is or what its called but it is acvtivated (and reactivated) by pulling those little gif images down from a handful of sites including Yandex.ru and nix.ru. The gif is then executed (thanks a lot MS!) and it appears to continue to pull updated info from those sites (and a couple of others). It creates smss.exe in the /windows dir also winlogon.exe in /windows but deletes the later after its done its work. Explore process is spawned by the dodgy smss so it can connect to web sites quietly. Other processes are spawn and they look for all manner of files including windows.exe in the "Program Files" dir... I could go on for hours, it is nasty, it is hard to identify with "normal tools" and is tricky to remove. Every so often it will send screen captures and data to a remote host.... bank passwords, email passwords, domain passwords.... you get the idea. I dont want to encourage script kiddies so I'll stop talking about it now.... but if anyone has had the same symptoms and wants to know what data of theirs is moving around the planet then let me know (your infected machine name via email) and I'll check for it (if and/or when I can). Andy. Thanks, I have seen similar. It can be a real pain to get rid of. The only sure way is to kill the system and start again. It's impossible to be 100% certain you got it all any other way. Kerry |
Ads |
#17
|
|||
|
|||
YANDEX cookie
I am having the same exact problem. I can clear cookies and delete files
until I am blue in the face. Everytime I launch Explorer and then look in the histroy folder, it tells me that I have gone to some Russian site (c893.narod.ru) and then there is a subpage in Russian that I have supposedly visited. I then look in cookies and the YANDEX cookie is there. I also have scanned my ssytem with Symantec, Adaware, Microsoft Anti Spyware, Ewido and SpyBot. Nothing kills this thing. Can you please tell me how you got rid of it? You mention that you changed your hosts file but I do not know how to do this. Help - this is driving me crazy. "Tom Leylan" wrote: Something is up but after searching the Internet for the last couple of days I can find nothing mentioning this specifically. Your may want to check your computer to see if you have the same thing going on. And if anybody can shed some light on the problem I'd be grateful. For some reason IE won't hold on to cookies any longer even those I need/want, giving me access to support sites and such. I cleared all the cookies to see if I could spot something and sure enough one cookie remains. It's named (where myaccount is my computer account) and no matter what I do (including deleting the cookie) that file returns. These are the contents: yandexuid 330739451136519475 yandex.ru/ 1024 685931392 30492323 1909715872 29758068 * Note the reference to a Russian site (the .RU) and YANDEX is apparently a large Russian ISP. Point is I don't go anywhere near them, I can delete all the cookies and this one just keeps reappearing. I've scanned my system a couple of times and found a couple of trojans but these have been removed yet my cookie problem remains. So I'm wondering if anybody else has this persistent cookie and/or knows where it comes from and how to get rid of it. I also need to find whatever it is that is stopping legitimate cookies from remaining on my machine. Thanks, Tom |
#18
|
|||
|
|||
YANDEX cookie
"Scott" wrote...
I am having the same exact problem. I can clear cookies and delete files until I am blue in the face. Everytime I launch Explorer and then look in the histroy folder, it tells me that I have gone to some Russian site (c893.narod.ru) and then there is a subpage in Russian that I have supposedly visited. I then look in cookies and the YANDEX cookie is there. I also have scanned my ssytem with Symantec, Adaware, Microsoft Anti Spyware, Ewido and SpyBot. Nothing kills this thing. Can you please tell me how you got rid of it? You mention that you changed your hosts file but I do not know how to do this. Help - this is driving me crazy. Oh good people are starting to notice :-) Here is what I did and would suggest you consider... Locate your "hosts" file. It should be at C:\Windows\System32\drivers\etc\hosts Add the following entries: 127.0.0.1 bs.yandex.ru 127.0.0.1 c893.narod.ru and while you are there you can add the following to block a bunch of stupid ads 127.0.0.1 ad.doubleclick.net At that point requests to those sites are redirected to your machine which clearly will fail. Erase the crazy cookies and empty the temporary folder to get rid of anything that came from those Russian sites. I think that alone takes care of it but I also dl'd the McAfee software. I can't tell who knows what, when or where these days but this software reported a number of problems and it did appear to remove them. Since then I've had no weird cookies, my browser behaves normally and I never have files from those sites appear again. Best of luck... in fact if it works perhaps you could post a follow-up. HTH, Tom |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Running out of memory - but I'm sure I have enough | molim | Performance and Maintainance of XP | 13 | January 6th 06 04:49 AM |
Very Strange Problem With MSN Cookie | lone_signal | Networking and the Internet with Windows XP | 4 | September 20th 05 12:31 AM |
Cookie list disappeared | Drew Moreland | The Basics | 0 | June 2nd 05 02:10 PM |
Undeletable "cookie" | Richard Cramer | Windows XP Help and Support | 9 | April 5th 05 02:09 PM |
Have infected cookie files | Shelly | Performance and Maintainance of XP | 4 | July 24th 04 10:13 PM |