[Dshield] ad.uk.tangozebra

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Mon Jul 29 19:12:08 GMT 2002


Keith, et al.

You apparently have downloaded a parasite software or "pest" into your
system. How much it compromises your security is hard to say, but at
least your privacy may be compromised.

Buy adding the IP address 66.9.53.130 into your firewall's Blocked zone
you block the malware from calling home to that IP address (only). Some
cleverly written malware (often adware) are in the habit of having more
than one "home number" (IP address). Thus connecting home via the
browser may be unnoticed.

There are of course several ways to deal with the problem. Depending, in
what extent you want to keep control yourself or use a third party for,
e.g. filtering between you and the rest of the Internet. 

If you want to keep control yourself, you may prefer to use software
that is in your control and does the job for you. In my opinion, based
on my own research, comparisons and experience - there is at least one
tool that helps you by comprehensively detecting, quarantining, and
removing malicious code of non-viral kind. By today I have not found any
product that would go beyond the comprehensiveness of this program. I
have used this program for one additional line of defense for some eight
months. Unless I find a better program I would not give up using it.

If you would like to test or try this approach it's quite easily done.
The program can be freely downloaded from several trusted sites and be
evaluated as long as you like. The only difference between the
evaluation and licensed versions of the program is that the evaluation
version does not quarantine nor remove non-viral malicious code it just
does the detection.

When I acquired this program some eight months ago the product was much
more modest. During these eight months the manufacturer has, however
further developed the product itself, as well as its update and
technical support facilities admirably. The program does not look
appealing to the eye in the way, e.g. S******c's N****n AntiVirus 2002
does (another flagship in another product category and a must have
complimentary product). In my experience the product has proven (all
more) reliable, useful and easy to use. Possibly because of company's
size, its CTO's skills, capability and efficiency the company's
Technical Support has shown unexceptionally responsiveness and has met
promptly my demands as a user. For me only one other software
manufacturer has performed better. The product gives the additional
protection needed to supplement firewall, virus detection & removal and
other countermeasure products in detecting, identifying, quarantining
and cleaning malicious code as well as stops [and removes] executing
malicious code from running. The product and its manufacturer have
clearly met and even exceeded my expectations. This solution gives
versatile protection for a minimal investment.

If you would like to check this alternative, please do not hesitate to
email me either in private or public.

What ever way you choose to experiment - best of luck with the project:

Best Wishes,
Peter
------------------------


-----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org] On Behalf
Of Keith G
Sent: Monday, July 29, 2002 5:38 PM
To: Dshield
Subject: [Dshield] ad.uk.tangozebra

Hi All,

Hope someone can help a home user with a problem. ad.uk.tangozebra hit
ZAPro
numerous times with scans which ZA rejected. In view of the number of
scans
I put the entire ISP space (Intellispace Inc) into ZA blocked zone.
However
since then when I connect and fire up IE5.5sp2, I get an ACCESS warning
"Your computer was prevented from connecting to a restricted site
(66.9.53.130:80)" Direction: Outgoing (connect).
The program is shown as Internet Explorer.

I therefore denied access to all programs except IE and Nav. On
reconnecting
I still got the ACCESS warning message. I understand "tangozebra" makes
use
of the doubleclick cookie, I have run Adaware with the lastest sig file,
but
found nothing. I also use Cookiewall, which automatically deletes
doubleclick if received when online. Nav virus check found nothing, as
did
Swatit a trojan+bot finder.

I have cleaned out the browser history file and temp internet files. I
have
looked in the cookies folder but can`t find any references to tangozebra
or
doubleclick. I am at a loss as to what to do next.

Any help would be greatly appreciated.

PS I am not too computer literate, so if I need to delve into the
mysteries
of the Registry, I would need step by step instructions.


Keith G

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list