Hi... I have posted from this news article:
Mystery web attack hijacks your clipboard
http://www.theregister.co.uk/2008/08/15 ... hijacking/
....at my forum here:
.....I am researching and cam across the possible way to backtrack this to origin perhaps in a rudimentary way that is not too hard. It is strange and is attracting the security news rooms. Hope this helps in the least as a starting place of a manual removal of a malware. Most likely, quality antivirus and antispyware will have it nailed within weeks tops.
From the idea of like a browser hijacker always setting its own Homepage, this is like tracking to the source of the "ownership"....
Apparently this may be an "in the wild threat" assuming these persons use quality antivirus and also have scanned with quality antispyware.
Let's try a manual clearing of the Clipboard...
The EmptyClipboard function empties the clipboard and frees handles to data in the clipboard. The function then assigns ownership of the clipboard to the window that currently has the clipboard open.
BOOL EmptyClipboard( VOID
This function has no parameters.
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Before calling EmptyClipboard, an application must open the clipboard by using the OpenClipboard function. If the application specifies a NULL window handle when opening the clipboard, EmptyClipboard succeeds but sets the clipboard owner to NULL. Note that this causes SetClipboardData to fail.
For an example, see Copying Information to the Clipboard.
Minimum DLL Version user32.dll
Header Declared in Winuser.h, include Windows.h
Import library User32.lib
Minimum operating systems Windows 95, Windows NT 3.1
Clipboard, OpenClipboard, SetClipboardData, WM_DESTROYCLIPBOARD
A clue here to back track to whatever is repeatedly entering the information to the clipboard may be here as the "Clipboard Ownership" .....
The clipboard owner is the window associated with the information on the clipboard. A window becomes the clipboard owner when it places data on the clipboard — specifically, when it calls the EmptyClipboard function. The window remains the clipboard owner until it is closed or another window empties the clipboard.
When the clipboard is emptied, the clipboard owner receives a WM_DESTROYCLIPBOARD message. Following are some reasons why a window might process this message:
The window delayed rendering of one or more clipboard formats. In response to the WM_DESTROYCLIPBOARD message, the window might free resources it had allocated in order to render data on request. For more information about the rendering of data, see Delayed Rendering.
The window placed data on the clipboard in a private clipboard format. The data for private clipboard formats is not freed by the system when the clipboard is emptied. Therefore, the clipboard owner should free the data upon receiving the WM_DESTROYCLIPBOARD message. For more information about private clipboard formats, see Clipboard Formats....
The window placed data on the clipboard using the CF_OWNERDISPLAY clipboard format. In response to the WM_DESTROYCLIPBOARD message, the window might free resources it had used to display information in the clipboard viewer window. For more information about this alternative format, see Owner Display Format.
So you may try to discover the ownership by....
Clipboard Sequence Number
The clipboard for each window station has an associated clipboard sequence number. This number is incremented whenever the contents of the clipboard change. To obtain the clipboard sequence number, call the GetClipboardSequenceNumber function....
It would help if persons may try a HiJackThis Log and post it, may reveal a start up process involved. Grab that info at my alternate www.BlueCollarPC.Org
Submit HiJackThis Logs (Information)
I am webmaster of both www.BlueCollarpC.Net
you can email here bluecollarpc at yahoo.com (my Yahoo ID)
You'll find my groups/lists linked at my sites. Hope this may help and this is the strangest occurrence in security world I have seen since year 2001 on my first PC. Very strange and has some dark possibilites of greater attacks obviously. Let's hope the whole heads up gets the security software industry's help and removal signatures if indeed even a new catagory "Clipboard Hijacker". What a first... What next ? yuck !
gerald philly pa usa
(Administrators may contact my registration private address for sure)