Daniel,
Someone on your staff (oops, do you have a staff?) should be up on DoubleClick, not just hoping it is no big deal. I believe a simple cookie can also be used as a hook to engage a key-stroke program, whereby every stroke on your keyboard is sent to a web site.

There you have it, your hopeful comment and my paranoid fear.

Perhaps you need to look into DoubleClick. The two URLs below, although somewhat outdated, are among the first few that come up in a google search. The first is all gung-ho about doubleclick from the site manager's and advertiser's point of view. The second discusses doubleclick amassing a database of ALL internet use, computer by computer!

[Link: doubleclick.com]

[Link: unquietmind.com]

Zonealarm 4 fellas... thats all that needs to be said. Maybe a secondary like Google toolbar couldn't hurt.

Only if you clicked it was OK to do this when you first installed the toolbar. Gogles policy is VERY clear and this "feature" is not required to use the toolbar/popup-blocker. The Toolbar is NOT spyware, and certainly does NOT include names and passwords.

I've been using the toolbar and deskbar since before they came out for public consumption.

Rsinic,

My brother is running ZoneAlarm and just got hammered with a trojan hijacker/downloader. If a hacker wants to get stuff on your machine, he/she will. All we can do is just try and protect ourselves.

Daniel,

I havent seen another instance of DoubleClick since my last post, yesterday. I am of the mind that one of your advertisers is possibly(not pointing any fingers, just speculation) had DoubleClick running in an ad. Dont know enough about DoubleClick implementation to say for certain.

HDTVJunkie,

I dont run HijackThis. I tried it but it seemed like I got more adware with than without. Could be the fact that I got it from download.com, have gotten all kinds of junk on that site but for every one 'bad' program I have downloaded 10 good ones. Its the internet, what else can I say?

How does one know? What are the visible signs? In other words, how does the Trojan manifest itself?

"How do it know?"

Danke,
Larry,
www.fineelectricco.com

Larry,

This particular trojan contained a browser hijacker, a search hijacker, norton 'defeater' and overwrite protection. Most of these 'bugs' are harmless, very annoying and a bit time consuming to fix. The biggest part of the problem with these types of programs seems to be the 'background browser' which is downloading all kinds of other auto-executables and worthless crap. I fixed a laptop for a friend of mine recently and she had 30, yes 30, different trojans. Worst I have seen to date. The worst part of it was that the browser hijacker was forcing her to 'blacklisted' sites (child pornography), any type of search ran through 'CoolWWWWeb', if you actually got to google or yahoo the browser would just hang, increased her processes in XP to 137 running and AdAware found 1323 objects. Totally trashed the box, simple solution to fix was to format. Spent three days trying to fix everything but couldnt get it all.
She got this through email. Nortons wasnt up to date when I got the box from her, finally got it updated and it didnt find ANY of the bugs. Downloaded AVG and it found them all but it couldnt remove but half of them, even in safe mode. I guess to answer your question about manifestation Larry, when you get one of these bugs you will know it, no question. Just keep security as tight as you can stand it on your computers and hope for the best. If you get a bug, back up your data(you probably do this regularly anyway), find your reinstall disks, run all of the above mentioned software in this post, get ready to manually edit the registry and pray, lots of praying.
Seems like there are a lot of bored 'script-kiddies' out there who think that they are '1337 h4x0r' but in reality they are just dumb.

THe Best scanner to run to check for Trojans and Host takeovers is "Hijack This!"

This is NOT a program for the amateur computer user, but there are many sites and forums on the internet where you can post your log file and get free advice on what should be fixed and cleaned.

Ok,

I just had one blocked...when I came here from CNN.com

It was Aad.avenue

avdude

and another one...

Avenue A, Inc...

avdude

I havent seen those, only DoubleClick. Its not every time, just occasionally. Cant figure it out.

Correction, got a block on Avenue A as I posted that last post. The banner ad was for a internet dating service, if that helps Daniel.

Dido on Avenue A.

Dave

Daniel,

Just ran a reverse tracer-route on the blocked Avenue A, Inc spyware, and it appears to come either from, or through, the "TRUE" banner add...still trying to get back from there...

avdude

Yeah, that was my thought, that the ad banners contained the adware. Should have thought about trace route, duh. Oh well, glad somebody else has seen this.

worms and trojan programs have become more sophisticated lately. SOme are usingremote PC's to attack you with. It's mac address based, so short of swapping out youir router or NIC, reformatting your HD won't get rid of it. Also, for ME based machines, there are viruses that copy themselves to the "auto restore" folder and as soon as you nukle them with your favourite virus program, voila, they reappear. You have to go in and turn ioff aout restore, etc. it's a timely process. Programs like Zone alarm are a level of defense, but any serious hacker will walk through Zone alarm like a hot knife through butter. A good defense is a router, but in many situations, allowing open ports negates all of the security features offered. True enough, you will be fairly secure if you just don't visit any sites, download anything, or enter a chat room. But then you might as well just cancel your internet subscription. Some devices offer high level firewall protection (PIX) these will deter random hackers. But anyone with skills that is determined to get into your PC probably will. The compromise is a router. It deals with the port scanner type of opportuinty attack. I ussually run "netstat" online. That way if I see a connection happening to my network, I can grab the remote IP address and port number. I can also "kill the socket" (terminate the connection from my end). This ussually let's the intruder know that you are aware they are attempting to get in and most of them will move on.