Browser-jacking endangers us all

Imagine you use your Internet browser to find a page on, perhaps, how to tend for bees, or some such innocent topic. You get the appropriate page, but when you click on it, you get a hard-porn site, filled with ads inviting you to take part in the merriment.

Annoying, embarrassing and, to put it bluntly, offensive and abusive.

There have been reports of such things happening to Firefox users, especially after they installed the Google Toolbar on the browser. Worse still, people who have two PCs connected on a home network and using the same high-speed line, report this happens on both computers.

The normal routine that involves clearing out everything in your browser doesn’t do much good.

Of course your first instinct, might be to run a powerful anti-virus or anti-spyware program.

Some geeks might further suggest to dump Firefox and install the Opera web browser, instead, and make it your default browser. Fine and dandy, but that’s still giving up to the invisible foe.

Experts, however, report that the issue is tied to the file C:WindowsBBSTOREDSSDSSagent.exe. They tried to get rid of it, but couldn’t. System Restore, which is a Windows program that rolls back you computer to the way it was yesterday (or a previous moment in time), worked, but again, its not an ideal answer because it gets rid of Firefox with the Google Toolbar

A U.S. security site, CA Security Advisor says what we’re dealing here is (verbatim) an (apparently) discontinued spyware product from Broderbund Software that was bundled with most Broderbund and Learning Company titles until April, 2002.

A desktop computer running DSSAgent.exe might send over 10,000 requests our to DNS servers (machines that work as Internet traffic cops) in 15 minutes, slowing network traffic. There are reports that it slows CPU processing as well.

To clarify, quoting the site further:

  1. Adware: Software that displays pop-up/pop-under advertisements when the primary user interface is not visible, or which do not appear to be associated with the product.
  2. Spyware: Any product that employs a user’s Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior. Many spyware products will collect referrer info (information from your web browser which reveals what URL you linked from), your IP address (a number that is used by computers on the network to identify your computer), system information (such as time of visit, type of browser used, the operating system and platform, and CPU speed). Spyware products sometimes wrap other commercial products, and are introduced to machines when those commercial products are installed.

That was CA Security Advisor speaking.

Meanwhile, Spywarepoint confirms CA Security Advisor’s definition. It also offers a brief prescription.

Here it is:

Manual DSSAgent Removal

Kill these running processes with Task Manager:

  • systemroot+bbstoredssdssagent.exe

Back up your registry, then remove these registry items (if present) with RegEdit:

  • HKEY_LOCAL_MACHINEsoftwarebroderbund softwaredss
  • HKEY_LOCAL_MACHINEsoftwarebroderbund softwaredss
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionshareddlls
  • c:windowsbbstoredssdssagent.exe

Remove these files (if present) with Windows Explorer:

  • systemroot+bbstoredssdssagent.exe
  • dssregistry.ini

Once done, restart your computer, take a deep breath: you’re done. But still, don’t forget to run your virus and spyware checkers (on a regular basis), and if you haven’t done so yet, get yourself a powerful firewall.