WARNING - FSfreeware - Site infected my pc with trojan

[calypso 32]

This happened last week and I assumed I had already been infected from some other source.Happened again today after opening FSfreeware page. Trojan takes over your browser's home page among other things.Used CWShredder to get rid of it.You have been warned. :(

[Guest progrmr]

a 'Trojan' virus can only infect your system if you allow a program to be executed on your machine, and does much more than just change your home page. As a web developer, I can set your home page. I can also modify your favorites list. That is not a trojan virus though.Have you contacted FSfreeware that something wacky happened after you visited their site?

[vgbaron 3,627]

Went to the site and browsed around.Not a problem - no virus, no trojans, no warnings. You might want to look elsewhere for your problem.VicVisit the Virtual Pilot's Centerwww.flightadventures.comhttp://www.hifisim.com/images/as2004proudsupporter.jpg

[calypso 32]

Thanks Vic.Did you try browsing to FS2004 Aircraft ?

[W2DR 1,860]

John - I just browsed all over that site, including the FS2004 aircraft section. I don't see any problems at all. And, for sure, either NOD32 or TDS-3 would have caught any potential trojan or virus issues. I'm inclined to agree with Vic, I think the problem you're seeing probably isn't related to FSfreeware. What, exactly, is the message you seeing?Doug

[barryward12345 0]

I recently got the MSCONFIG version of the CWS trojan and it took me a long time to get rid of it - neither CWShredder or "Hijack This" could clean the machine completely. They did tell me what trojan they were cleaning -- but it kept coming back everytime I rebooted the machine and started IE6.I eventually tracked the problem to a BHO (Browser Helper Object) which was identified by Hijack This -- deletion of this fixed my problem. Unfortunately, while Hijack This identified the BHO, it did not exactly say that this particular BHO should be manually deleted. What you may be seeing with the return of the trojan everytime you go to FSfreeware may be simply co-incidental and simply means the CWShredder is not doing the full job. CWShredder has worked well for me in the past as I have had CWS trojans before -- but this time it failed to do the complete job. Took me a week to figure out the problem and could not get any assistance at any of the Security forums that I tried.Barry

[Tabs 2,790]

Sounds like you already had a browser hijacker infecting your system prior to going to the site. Sometimes they can trigger ads, virus downloads, etc by visiting random sites. Run AdAware and Spybot 1.3 on a regular basis to make sure you're not infected with any of this crap...

[calypso 32]

Thanks for all your help guys.I did run AdAware, Spybot, CWShredder and Pest Patrol before I went to FSfreeware and they had all reported a clean machine. Weird!

[Guest JoJoDawg]

Hey all,I recently had a CWS infection that Adware, Hijackthis, and CWShredder would pick up and would seem to delete, but it did not get rid of it. There was a hidden file that kept on reinfecting my pc. Give this site a try, the link below has the page with the instructions to get rid of the hidden file. It worked for me.http://www.spywareinfo.com/forums/index.php?showtopic=43492Hope you find the crap.Bill Mosser

[wb5okj 26]

I just now went to FSFreeware and surfed to the FS2004 downloads age and here is the trojan that EZ AntiVirus from Computer Associates said was a trojan and did indeed delete it.HTML.MHTMLRedir.exploit trojanIt was found in the Temporary Internet files folder.

[W2DR 1,860]

That explains why many of us didn't see the problem. Any system without the current Windows security fixes applied are likely to get bit by this and any number of other "thingies".Here's the issue (it may, or may not, be a problem):http://www3.ca.com/securityadvisor/virusin...s.aspx?id=38853And here's the link to the needed update:http://www.microsoft.com/technet/security/...n/ms04-013.mspx73 - DougEdited 'cause I can't spel

[Guest GeorgeDorkofikis]

I can't comment about the mentioned site, but I'm pretty sure you got the trojan from elsewhere.Unfortunately Internet Explorer is not secure to the least bit. Even at high security settings it has more security holes than the Emmental cheese!I only use Mozilla (it was Netscape's engine) and never ever had problems with security or unwanted actions. You know, like those anoying pop-ups that when you close one, three more just pop up... :-)The security of Mozilla is excellent (IMHO) and nothing passes through without me wanting to. You can even set it up to learn and you can allow sites that you know and respect (like AVSIM.com) to execute their scripts, but not others.There are sites out there that send you an exe file without you even knowing about it, execute it, and boom... You're infected.My advises :1. Get Mozilla and only use MS Internet Explorer to sites you know and trust.2. Keep your antivirus up to date.3. Install a good firewall. There is a nice freeware firewall called SyGate (search downloads.com) that personally I found it to be 3 times better than Zonealarm.4. Disable Javascript when you are visiting sites that you don't trust. You may loose some of the site's functionality, but that's how they send out the executables.5. Go through the advanced settings of Internet Explorer and make sure you check the option not to allow installation of 3rd party software or plug-ins. Or at least set it to ask you first.6. Run SpyBot Search & Destroy at least once a month and don't forget to update its engine and definitions via the web update.7. In addition to Spybot, also run AdAware. There are some spyware missed by Spybot, and some that are missed by AdAware. So when using both you get more chances to catch up any possible intruders.8. Some emails simply redirect you to a web site. Then from there you catch the trojan or virus. Do not even preview suspicious looking emails.9. And last but not least, keep the antivirus auto-protect enabled at all times!Hope this helps someone out there...George DorkofikisAthens, Greecehttp://www.precisionmanuals.com/images/forum/betaimg.jpg

[ginoc1 4]

To back up others and to add a couple thoughts and opinions.CWS trojans are continually evolving and becoming harder to destroy. It's worth the money to take necessary precautions. The necessities are:Antivirus - get a REALLY good one that doesn't eat resources like mad. I chose NOD32 - simply incredible and based on various tests is the best at catching the bad stuff. www.nod32.com Do the research - you won't find a better, more thorough, or less intrusive program out there. This is what Microsoft (pretty sure) uses before posting downloads.Anti-trojan - specifically to identify and clean trojans that are becoming more and more clever and tough to identify with antivirus programs. Probably the best 2 are BOClean and TDS-3. TDS-3 is the champ as NOTHING can get past it. I chose BOClean, which is different in that is monitors files (like .exe) that are opened or run and if this launches a trojan it will detect and clean it for you. Very easy and very reliable and virtually fool-proof.Anti-spy - yes...adaware and spybot are freeware. Yes, spybot is more thorough on default. If properly set up, thought, adaware really is very thorough. And - apparently - spybot has been compromised recently. In fact - I recently upgraded to spybot 1.3 rc4 and this is when I actually contracted the CWS trojan myself. Coincidence? Maybe - but I'll never use it again. Now I only use SpySweeper - it's cleaning up on ALL the tests and reviews.Hope this helps someone. It does pay to be proactive and it also pays to do the research and get the better stuff that isn't bloatware. Your system will love you for it.Gcough

[Cruachan 705]

Hi,"Now I only use SpySweeper - it's cleaning up on ALL the tests and reviews.".....glad you mentioned SpySweeper! I was beginning to feel a little uneasy as I progressed through this thread. Seems to do a very good job on my system - just checked and, following a recent update, it has 24,522 software fingerprints loaded. Highly recommend it. Unfortunately the full version is not free but certainly worth it for that elusive peace of mind.Mike

[Toys_R_Us 0]

I've had problems with this "hijacker". Several websites list a manual removal proceedure including manually pulling out the registry keys.It is true that unless you get it all, it will reinfect. That is why I went manual, and that worked.I have heard the above listed programs (Ad-aware & CWShredder used in combination will clean it also.)Bob (Lecanto, Fl)