38 users online (2 members and 36 guests)  

View Poll Results: I have unknowingly been hijacked by Gator...

Voters
1114. You may not vote on this poll
  • I have run Spybot search and destroy or Adaware and did not find Gator on my system at all

    248 22.26%
  • I have run Spybot search and destroy or Adaware 1 time and did find Gator

    146 13.11%
  • I run Spybot search and destroy or Adaware frequently and rarely find Gator on my computer

    84 7.54%
  • I run Spybot search and destroy or Adaware frequently and find Gator almost everytime has infected my computer

    636 57.09%

Thread: Delete Gator


Page 5 of 8 First 1 2 3 4 5 6 7 8 Last
  Results 61 to 75 of 117

Related

  1. how to delete duplicate row fom table    Forum: Databases
    Replies: 0
  2. cant delete/add my schools    Forum: Myspace Forum
    Replies: 3
  3. Confirmation box before delete    Forum: HTML Forum
    Replies: 4
  1. #61
    nitewing's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Sep 2002
    Location
    Panama City, Florida
    Posts
    139
    It looks like your active x was disabled (by you) and it unistalled it as fast as it installed?

    IE's ActiveX security level is 0 (enable)...Aborting.
    Set end-msg: IEAXNOVS (SecLvl=0) , I read this as: IE active x not -----open?

    Removing Trust entries....
    No Trust entries found.
    Uninstalling this plugin...
    Module 05110000 filename is "C:\WINDOWS\DOWNLOADED PROGRAM FILES\IEGATOR.DLL"
    Unregistering DLL....SUCCEEDED

    Apparently you are protected from it. Try dumping your temp files as that is a good place for these modules and installers to hide out.

    No clue as to where it came from but I don't think it has a thing to do with fastclick and doubleclick cookies as these are normally used to track the hits to the ads that are being served by each.
    Ann/nitewing

  2. #62
    nitewing's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Sep 2002
    Location
    Panama City, Florida
    Posts
    139
    Why not put a gator .com disallow in your hosts file?
    webpdp.gator.com/v3/download/trickler_3210.ex_"
    I would use this so it would be looking for trickler on your own machine and not the web which would effectively block it with a 404
    Ann/nitewing

  3. #63
    benzden's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Feb 2002
    Location
    San Antonio, Texas
    Posts
    652
    [Just lost the damn reply via the Esc key - the Ctrl-Z retrieve process didn't work.]

    Anyway, I've updated my hosts.sam file to follow the xupiter.com file placed there previously with both trickler_3210.ex_ and trickler_3210.exe - but I'm afraid that file has many more names than that at gator's server.

    Is there a way to designate a prefix within the hosts.sam file - such as trickler*.* in order to catch all of them?

  4. #64
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel
    I could be wrong but isnt the host.sam the sample version of the host file?

    Dave
    AHFBWEB Less customers per server, more power for you!

    Business Class Shared Hosting

  5. #65
    nitewing's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Sep 2002
    Location
    Panama City, Florida
    Posts
    139
    If you are using a file called hosts.sam you need to rename it to simply, hosts, no extension, for it to work.

    http://www.cexx.org/spysites.htm

    There's a list of addresses to block all manner of things, gator included.

    From my research I would say that the gator plug in actually comes from the gator site itself and not from the site you are visiting. The site you visit will have the "code" for the pop up and then calls the download from gator.

    A very interesting list....I already have all those and more.

    Edit: Do not use the listed IP addresses just the url...the IPs are used for blocking with other methods than the HOSTS file.
    Last edited by nitewing; 01-23-2003 at 01:07 AM.
    Ann/nitewing

  6. #66
    benzden's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Feb 2002
    Location
    San Antonio, Texas
    Posts
    652
    Originally posted by nitewing

    Edit: Do not use the listed IP addresses just the url...the IPs are used for blocking with other methods than the HOSTS file.
    Here's the contents of the hosts.sam file found on my computer:

    # Copyright (c) 1998 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP stack for Windows98
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host


    The IP tied into each is presumably a dummy that forces the attempt to go nowhere rather than on one's computer - right?
    Last edited by benzden; 01-23-2003 at 10:04 AM.

  7. #67
    nitewing's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Sep 2002
    Location
    Panama City, Florida
    Posts
    139
    Okay, not sure if I can explain this

    #1. Hosts.sam is utterly useless...it is a SAMPLE of a host file.

    #2. Comments are used to exclude without deleting the entry which you might want to reuse later.

    #3. Using the IP # allows your surfing to go faster as IE consults the host file first and goes to the IP address shown in the file.

    #4. Using the host ip 127.0.0.1 allows the browser to consult the host file see that the url is pointed to your local machine and sends a file not found.

    Such as: 127.0.0.1 Gator.com will let the browser search YOUR hard drive for this and gives a file not found.

    If you comment it out:#127.0.0.1 Gator.com it will then look first at the host file and go back to the web to search for the server of gator.com

    REPEAT, HOSTS.sam Hosts.sam or hosts.sam is COMPLETELY USELESS. It MUST be renamed or a new Hosts file, no extension, put in.

    I hope this helps to clear it up.
    Ann/nitewing

  8. #68
    benzden's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Feb 2002
    Location
    San Antonio, Texas
    Posts
    652
    Should have mentioned that I did clone the hosts.sam file to C:\windows\hosts - using the former for documentation of what's in the much briefer latter file. Will be checking back in to report how many items have to be deleted via Adaware, now.

    Thanks for the information, by the way - I would have been using the hosts.sam to no avail.

  9. #69
    nitewing's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Sep 2002
    Location
    Panama City, Florida
    Posts
    139
    Here is a small sample of my hosts file...the doubleclick entries here barely scratch the surface. The Gator ones are all I have come up with so far. I also have an extensive list of comet cursor domains on it.

    If you would like a copy just sticky me your email address and I will send it to you as an attachment....no virus.

    # Doubleclick (Netgravity)

    127.0.0.1 ad.ae.doubleclick.net
    127.0.0.1 ad.ar.doubleclick.net
    127.0.0.1 ad.at.doubleclick.net
    127.0.0.1 ad.au.doubleclick.be
    127.0.0.1 ad.au.doubleclick.net
    127.0.0.1 ad.be.doubleclick.be
    127.0.0.1 ad.be.doubleclick.net
    127.0.0.1 ad.br.doubleclick.net
    127.0.0.1 ad.bs.doubleclick.net
    127.0.0.1 ad.ca.doubleclick.be
    127.0.0.1 ad.ca.doubleclick.com

    # Gator

    127.0.0.1 bannerserver.gator.com
    127.0.0.1 beasley.gator.com
    127.0.0.1 dns.gator.com
    127.0.0.1 dns2.gator.com
    127.0.0.1 gator.com
    127.0.0.1 gator29.gator.com
    127.0.0.1 gi.gator.com
    127.0.0.1 gs.gator.com
    127.0.0.1 gw-rwc.gator.com
    127.0.0.1 map.gator.com
    127.0.0.1 NS.JUMP.net
    127.0.0.1 outsidedns.gator.com
    127.0.0.1 rs.gator.com
    127.0.0.1 scriptserver.gator.com
    127.0.0.1 trickle.gator.com
    127.0.0.1 ts.gator.com
    127.0.0.1 webpdp.gator.com
    127.0.0.1 xww.gator,co.uk
    127.0.0.1 xww.gator,com
    127.0.0.1 xww.gator,net
    If you use these replace the, with a . after gator and the x with a w in the above urls as they were making a link so I had to break it.

    Persistant damn software...keeps wanting to link!
    Last edited by nitewing; 01-23-2003 at 02:51 PM.
    Ann/nitewing

  10. #70
    HTML's Avatar
    Administrator

    Status
    Offline
    Join Date
    Aug 2000
    Posts
    3,445

    Follow HTML On Twitter Add HTML on Facebook Add HTML on Google+ Add HTML on Linkedin Visit HTML's Youtube Channel
    FYI, when you do not want something to link, simply hit the "post reply" button and do not use the quick reply at the bottom of threads.

    After clicking post reply you will see a checkbox that says "Automatically parse URLs: automatically adds [ url] and [/url ] around internet addresses." make sure it is not checked.

    Dave
    AHFBWEB Less customers per server, more power for you!

    Business Class Shared Hosting

  11. #71
    nitewing's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Sep 2002
    Location
    Panama City, Florida
    Posts
    139
    Thanks, Dave.

    Learn something new everyday!
    Ann/nitewing

  12. #72
    benzden's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Feb 2002
    Location
    San Antonio, Texas
    Posts
    652
    Thanks nitewing,

    I've got PM turned off but you can get my email address at http://email.jamrent.com

  13. #73
    nitewing's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Sep 2002
    Location
    Panama City, Florida
    Posts
    139
    It's off to the email addy listed there.

    You can add to or comment out anything you wish.
    Last edited by nitewing; 01-23-2003 at 09:13 PM.
    Ann/nitewing

  14. #74
    benzden's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Feb 2002
    Location
    San Antonio, Texas
    Posts
    652
    Thanks. I just checked and retrieved it. Your computer appears to be safer than Fort Knox.

  15. #75
    nitewing's Avatar
    Senior Member

    Status
    Offline
    Join Date
    Sep 2002
    Location
    Panama City, Florida
    Posts
    139
    Yeah,

    I got tired of restore and reformat...so I decided to educate myself!

    Using Sygate personal firewall and it is great.
    Deleted all the spying HP entries from the reg, installed socklock, use hijack this and s&b on reg basis...check startup list regularly and use avg virus protect plus BOdetect for trojan detection and BHO demon. And of course, there is the handy dandy hosts file.

    Sygate has me in stealth mode... undetectable from the web.

    Maybe I went overboard but your remarks made it all worthwhile.


    Nitewing
    Last edited by nitewing; 01-24-2003 at 11:32 AM.
    Ann/nitewing



Page 5 of 8 First 1 2 3 4 5 6 7 8 Last

Tags for this Thread