I believe if you input xxx into your browsers url area it will take you to a site that lets one download xxx.exe and if activex is enabled it downloads xxx.dll to your computer, as it prompts one to do so, I am wondering how to add this to my hosts file as I have the LocalHost 127.0.0.1 there and 3 space counts and then the IP, however neither xxx nor xxx blocks when just inputing the ip, I looked it up, no matches on google, and when resoloving the ip to url, it just says that ip, anyone to help, or get that IP removed from the World Wide Web. so no other spyware or trojans, or viruses, can use that url...



Edited by moderator to remove IPs, URLs and executable specifics

Hello hithere,

You cannot block an IP with a Hosts file. You can, however, block an IP with a rules-based firewall. Some browsers/browser add-ons also offer the possibility of blocking IPs/IP content. For example, you can add an IP to your Internet Explorer restricted sites zone.

firewall, thank you. I'll try, and it worked, however firefox says that the page reset while loading.. , anyway I got rid of IE, and all other stuff associated with it, almost all, as I used IEradicator, and i use 98FE, plus I found out that it was owned by two companies, I furthered investigated with dnsstuff.com, and one was plastic card company, and another I forgot, oh well...

Hello hithere (aka the OP),

Since you are using Firefox, you may be interested in a couple of security-related Firefox extensions that are similar in function to IE's security zones:

*noscript - Allows you to "whitelist" web sites so that javascript runs only on those sites you trust:

http://www.noscript.net/whats

*policymanager - Allows you to set web site policies - similar to IE's security zones:

http://piro.sakura.ne.jp/xul/_policymanager.html.en

This appears to be relatively new . Virustotal only comes up with this :


STATUS: FINISHEDComplete scanning result of "webview.exe", received in VirusTotal at 10.14.2006, 08:00:16 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.30 10.13.2006 no virus found
Authentium 4.93.8 10.13.2006 no virus found
Avast 4.7.892.0 10.13.2006 no virus found
AVG 386 10.13.2006 no virus found
BitDefender 7.2 10.14.2006 no virus found
CAT-QuickHeal 8.00 10.12.2006 no virus found
ClamAV devel-20060426 10.13.2006 no virus found
DrWeb 4.33 10.14.2006 no virus found
eTrust-InoculateIT 23.73.22 10.13.2006 no virus found
eTrust-Vet 30.3.3131 10.13.2006 no virus found
Ewido 4.0 10.13.2006 no virus found
Fortinet 2.82.0.0 10.14.2006 no virus found
F-Prot 3.16f 10.13.2006 no virus found
F-Prot4 4.2.1.29 10.13.2006 no virus found
Ikarus 0.2.65.0 10.13.2006 no virus found
Kaspersky 4.0.2.24 10.14.2006 no virus found
McAfee 4873 10.13.2006 no virus found
Microsoft 1.1603 10.14.2006 no virus found
NOD32v2 1.1803 10.13.2006 no virus found
Norman 5.90.23 10.13.2006 no virus found
Panda 9.0.0.4 10.14.2006 Suspicious file
Sophos 4.10.0 10.13.2006 no virus found
TheHacker 6.0.1.097 10.13.2006 Backdoor/IRC.Zapchast
UNA 1.83 10.13.2006 no virus found
VBA32 3.11.1 10.13.2006 no virus found
VirusBuster 4.3.7:9 10.13.2006 no virus found

The installer drops a folder c:\webview . The folder contains two files webview.dll and Install.exe . It also drops a file C:\windows\system32\webview.dll .

They all scan clean .

Hex editing reveals a file atlfire.dll . This file is not on my system .

Hex editing reveals two guids : 479B29EF-9A2C-11D0-B696-00A0C903487A and FD28FA91-BE41-4358-B325-35433BEE0AF5 . Google only generated hijackthis logs for the first one and the second turns up no hits .

solved and since you have it already downloaded, can you please send it to the virus companies listed above and/or spyware companies, if not already done so.

AND by the way I doubted the QUICKNESS of no firewall and an totaly open computer could in fact be crashed or hijacked in less that 4hrs. I was IP scanning from one IP to another IP, to see how many other open Compers there were (i got alot of sites and mail servers and one ip gave me in the browser on how to make a report or something, and one said a printer was almost out of ink..) open also, and seeing how easy it was to break into them, however I am not that good and I plan to do no harm as it was just an experiement and some reply pings of open computers I believe had a driver conflict with kerio 2.1.5 which was off, and I also had Netbios on and my C:\ driver shared for a bit then I got scared.

So I took off sharing the C:\ drive, by the way finally angry ip scanner crashed and a BSOD of my computer can up (I have 98fe xp and 98setoME enhancements) I quit then, however after seeing how easy it was to crach a computer and how many were open, and how many COMPUTER names I could see, I NOW see why it is a must to immeditaly put up a firewall, and shut down the ports with it and shutdown netbios and all that junk.....after the crash I REINSTALLED kerio 2.1.5, I never took off AVG, it was there still, no virus hits, and shutdown netbios, and everything.. RIGHT AFTER THE SCAN AND REINSTALL OF KERIO or before I believe I went into SAFE MODE and scanned for some, CLEAN and am I glad..

Q: CAN A COMPUTER IN LESS THAN 4HRS. BECOME INFECTED AND HIJACKED?

A: -MINE--- YES DEF. Now I am a believer..

By the way i quit angry ip scanner and the hacking part, was just right clicking the OPEN ip and selecting open in browser, open in explorer, and telnet, of angry ip scanners features.. :/

AND THAT is how I can across this IP, and I did turn on IE's security to LOW to see what it would of done, I WAS ARMED THO in the background with AVG and I have adaware SE and spybot on my flash drive, so yep it asked to install webview.dll via activex, I exited and went to firefox to search webview.dll on google.com, and the first link of the info. of the site was that it was spyware, and so forth downward.