Potent malware link infects almost 300,000 webpages • The Register

Make sure your IE has the up-to-date patches (or switch to Firefox) and update to the latest Adobe Flash

Potent malware link infects almost 300,000 webpages • The Register.

A security researcher has identified a new attack that has infected almost 300,000 webpages with links that direct visitors to a potent cocktail of malicious exploits.

People who visit infected pages receive an invisible link that pulls code from a series of sites tied to 318x .com. The code looks for insecure versions of Adobe Flash, Internet Explorer, and several other Microsoft applications, and when they are detected it exploits them to surreptitiously install malware known as Backdoor.Win3.Buzus.croo. The rootkit-enabled program logs banking credentials and may do other nefarious bidding, Landesman said.

Another program which can help determine if you have all the latest updates and patches for your installed applications is Secunia PSI.

Faulting application iexplore.exe, version 6.0.2900.2180

Problem: User’s Internet Explorer crashing alot. Event log registered the following error message on numerous occasions:

Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version, fault address 0x00000000.



Almost ALWAYS, this error is caused by some third party adware app that’s installed. Sometimes it’s a fancy IE toolbar (not yahoo or google), such as some sort of “shopping assistant” , MyWebSearch, or HotBar toolbar. Stay away from these third party apps.  They claim they are not spyware or adware, but they are. In this particular user’s case, the user had screensaver software that they had downloaded from Screensaver.com.

Solution: Download SuperAntiSpyware, install it and update the definitions. Get yourself Revo Uninstaller and install it. Run Revo in safe mode, uninstall any third party toolbars or search assistant applications.  Revo scans and removes entries from the registry. Also in safe-mode, run a complete scan using SuperAntiSpyware. Next, check the MS System Configuration Utility (type “msconfig” at the run prompt – go to the Startup tab) to make sure there are no other unnecessary third party apps that run at startup.  Next, check the IE Add-ons (IE–>Tools–>Manage Add-ons) to make sure no unnecessary third party app is loaded when IE is launched. Finally, download and use HijackThis and the HijackThis Log Analyzer, if necessary, to remove the browser helper objects (BHO).

Note: User’s machine running Windows XP Service Pack 2