nellie2 Posted July 3, 2004 Report Share Posted July 3, 2004 As you are no doubt aware, some of the major problems that are around on the internet at the moment are what's known as Coolweb infections. Merijn Bellekom's CoolWeb Shredder has been an excellent tool for dealing with this up to now but these infections are getting more and more complicated and difficult to remove.This is some of what Merijn has to say about it;We are pretty sure now CoolWebSearch is part of a new strain of trojans that have recently been identified that all have one thing in common: they install through the ByteVerify exploit in the MS Java VM and change the IE homepage, search page, search bar, etc. See here for more.Merijn has posted information on his site about how to uninstall MS Virtual Machine and install Sun Java.see here Quote Link to comment Share on other sites More sharing options...
Big Elf Posted July 3, 2004 Report Share Posted July 3, 2004 :) I'm downloading Sun Java now (14.6MB on dialup :( ) and I'm going to follow his advice Quote Link to comment Share on other sites More sharing options...
-pops- Posted July 3, 2004 Report Share Posted July 3, 2004 I'm unable to get to the site above either as the link given or from spywareinfo as a key in Google.Is it me or is it them? Quote Link to comment Share on other sites More sharing options...
Redhat Posted July 3, 2004 Report Share Posted July 3, 2004 pops: i can reach it :( Quote Link to comment Share on other sites More sharing options...
Scarecrow Man Posted July 3, 2004 Report Share Posted July 3, 2004 Neither link worked for me. :unsure: Quote Link to comment Share on other sites More sharing options...
bluesman821 Posted July 3, 2004 Report Share Posted July 3, 2004 This could be a DOS attack.I can't reach this site either. Quote Link to comment Share on other sites More sharing options...
nellie2 Posted July 3, 2004 Author Report Share Posted July 3, 2004 Both links are ok at the minute and they were earlier. Try this link http://209.133.47.200/~merijn/index.html. Quote Link to comment Share on other sites More sharing options...
Scarecrow Man Posted July 4, 2004 Report Share Posted July 4, 2004 notching nellie.but I can get to merjin's site fine manually. although, everything is going terribly slow. Quote Link to comment Share on other sites More sharing options...
-pops- Posted July 4, 2004 Report Share Posted July 4, 2004 Still unable to contact.I am tempted to ask, though: If this Coolweb tning is using a weakness of a MS utility, why aren't MS doing something about it? Where's the critical update to stop this? Or is Bill Gates still suffering a fit of pique because he's lost, or losing, a legal battle with Sun systems? Quote Link to comment Share on other sites More sharing options...
moon Posted July 4, 2004 Report Share Posted July 4, 2004 All of the above links terminate in the White Screen of Temporal Uncertainty. Quote Link to comment Share on other sites More sharing options...
-pops- Posted July 4, 2004 Report Share Posted July 4, 2004 the White Screen of Temporal Uncertainty.I like that :D Quote Link to comment Share on other sites More sharing options...
mark2 Posted July 4, 2004 Report Share Posted July 4, 2004 Both links in Nellie's 1st post working fine here (at present ) Quote Link to comment Share on other sites More sharing options...
moon Posted July 4, 2004 Report Share Posted July 4, 2004 I like that biggrin.gif:D Just doing my bit for a geek-free universe. Quote Link to comment Share on other sites More sharing options...
Chris Posted July 4, 2004 Report Share Posted July 4, 2004 Still unable to contact.I am tempted to ask, though: If this Coolweb tning is using a weakness of a MS utility, why aren't MS doing something about it? Where's the critical update to stop this? Or is Bill Gates still suffering a fit of pique because he's lost, or losing, a legal battle with Sun systems?Well I think to an extent if this was a major problem then it would be looked at but by who?I thought Microsoft were not allowed MS VM anymore because of the Sun Jave case?So who would fix it.Installing Sun Java is the easiest thing around it [uninstalling MSVM even].But and i cn only speak for myself, MSIE and MSVM no infection what-so-ever.I think its all down to what websites you visit if you know what i mean. Quote Link to comment Share on other sites More sharing options...
-pops- Posted July 4, 2004 Report Share Posted July 4, 2004 If there are computers with MSVM installed (which, undoubtedly there are) and it is causing a problem, BG should arrange for removal. It appears that MSVM is possibly being used illegally or, at least against Mr Sun's wishes.The Coolweb thing is not causing me a problem, nor would I like it to so, to this end, I would wish to have the means at my disposal for it to remain that way. Hence my wish to contact the relevant website and do what I can to grant my wish.N.B. I do have Sun Java installed as an add-on to Opera. It isn't used as far as I'm aware. Quote Link to comment Share on other sites More sharing options...
nellie2 Posted July 4, 2004 Author Report Share Posted July 4, 2004 I am tempted to ask, though: If this Coolweb tning is using a weakness of a MS utility, why aren't MS doing something about it?No Critical update because MSVM is not supported, MS have done something, I think SP1a actually uninstalls MSVM... but probably not because of cool web but because of the legal implications with Sun. Quote Link to comment Share on other sites More sharing options...
Chris Posted July 4, 2004 Report Share Posted July 4, 2004 I am tempted to ask, though: If this Coolweb tning is using a weakness of a MS utility, why aren't MS doing something about it?No Critical update because MSVM is not supported, MS have done something, I think SP1a actually uninstalls MSVM... but probably not because of cool web but because of the legal implications with Sun. SP1a does not even include MSVM. Quote Link to comment Share on other sites More sharing options...
djohn Posted July 4, 2004 Report Share Posted July 4, 2004 I got through via nels link yesterday and did a print-off of the removal instructions of MSVM so if anyone needs it I can post here. :unsure: Quote Link to comment Share on other sites More sharing options...
-pops- Posted July 4, 2004 Report Share Posted July 4, 2004 That would be useful, Djohn. I've tried the link and Google again and still there is the White Screen of Temporal Uncertainty. Quote Link to comment Share on other sites More sharing options...
djohn Posted July 4, 2004 Report Share Posted July 4, 2004 From nels link:- removing the Ms java VM.1) Click Start/run and enter:RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall2) Click "Yes" to confirm the uninstall and restart your system when complete.3) Delete the following if they are still present:The Folder C:\windows\javaC:\windows\inf\java.pnfC:\windows\system32\jview.exeC:\windows\system32\wjview.exe4) Click Start/Run and enter "regedit" to start the registry editor.5) Browse to the following keys, highlight them and delete.HKEY_LOCAL_MACHINE\Software\Microsoft\Java VMHKEY_LOCAL_MACHINE\Software\Microsoft\InternetExplorer\AdvancedOptions\JAVA_VMFor Windows NT4 and Windows 2000, replace C:\windows with. C:\winntFor Windows 95-98-98SE and ME, replace C:\windows\system32 with. C:\windows\systemYou can now download the Sun Java from here.http://www.java.com/[Edit] Comma's and spaces are intended and copied as is from the link. Quote Link to comment Share on other sites More sharing options...
-pops- Posted July 4, 2004 Report Share Posted July 4, 2004 Thanks Djohn. :) Quote Link to comment Share on other sites More sharing options...
djohn Posted July 4, 2004 Report Share Posted July 4, 2004 Your welcome -pops-! :) Quote Link to comment Share on other sites More sharing options...
-pops- Posted July 4, 2004 Report Share Posted July 4, 2004 Before doing anything positive to my current machine about this, I thought I'd do a search for the MS VM. Nothing was found anywhere.My old machine, though, does have it and that alone has decided for me that I will reformat and reinstall. Oh, lordy, what a job :( I'm sure that a number of machines I've built will also have MSVM and I think most of the owners won't want a re-install so the info given will be very useful. Quote Link to comment Share on other sites More sharing options...
nellie2 Posted July 4, 2004 Author Report Share Posted July 4, 2004 Hmmm.... well I have just done a log on another site that was infected with CoolWeb and they had Sunjava installed!! :huh: I can only assume that they didn't uninstall MSVM... as that stays as the default unless you take it off! Quote Link to comment Share on other sites More sharing options...
Scarecrow Man Posted July 4, 2004 Report Share Posted July 4, 2004 quick question regarding DJohn's post.I could not manage to get past step 1. :D This, I assume, is because I have windows XP SP2 RC2?Also, I have never installed MSVM, so unless it's on by default, I don't have it?Also, would it be on my win2k partition? Win2k SP4. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.