2010-02-02, 04:17 AM
I think you should get a diagnosis via HijackThis ( http://free.antivirus.com/hijackthis/ ), and upload to a tech support forum, here, and/or http://www.hijackthis.de/ to see what bad things you have.
You might also want to check for rootkits with a tool such as Gmer ( http://www.gmer.net/ ), Blacklight ( http://www.f-secure.com/en_EMEA/security...lacklight/ ), Radix ( http://www.usec.at/rootkit.html ), or another tool.
And after cleaning, make sure to secure your browser to help protect against future malware infection and XSS and CSRF vulnerabilities [malware/adware is much easier to avoid (e.g., don't install things) compared to XSS and CSRF]. The link in my sig goes to an excellent guide written by US-CERT. For clickjacking protection, I think only Firefox's NoScript extension can help protect against that right now.
P.S. To emphasize how serious/prevalent XSS is, one security researcher said 70 percent of websites have XSS vulnerabilites. And here's what RSnake (the guy is a famous hacker and web security expert) said: "I'd say there's only one in 30 [websites] I come across where the XSS isn't totally obvious. I don't know of a company I couldn't break into [using XSS]." (Source: http://www.csoonline.com/article/221113/...ect?page=7 )
You might also want to check for rootkits with a tool such as Gmer ( http://www.gmer.net/ ), Blacklight ( http://www.f-secure.com/en_EMEA/security...lacklight/ ), Radix ( http://www.usec.at/rootkit.html ), or another tool.
And after cleaning, make sure to secure your browser to help protect against future malware infection and XSS and CSRF vulnerabilities [malware/adware is much easier to avoid (e.g., don't install things) compared to XSS and CSRF]. The link in my sig goes to an excellent guide written by US-CERT. For clickjacking protection, I think only Firefox's NoScript extension can help protect against that right now.
Wikipedia articles on XSS, CSRF, and clickjacking
@Kawasari Mimoto: what you're doing is good against malware, but you should still secure your browser to help protect against the other threats.P.S. To emphasize how serious/prevalent XSS is, one security researcher said 70 percent of websites have XSS vulnerabilites. And here's what RSnake (the guy is a famous hacker and web security expert) said: "I'd say there's only one in 30 [websites] I come across where the XSS isn't totally obvious. I don't know of a company I couldn't break into [using XSS]." (Source: http://www.csoonline.com/article/221113/...ect?page=7 )

