Results 1 to 8 of 8

Thread: Limewire/Grokster Trojan

  1. #1

    Limewire/Grokster Trojan

    The trojan Win32.Dlder was discovered in late December attached to the programs Limewire, Grokster and Kazza.



    Once activated it connect to the 2001-007.com website where it reports all the url's visited, your ID and type of browser being used, amongst other things.


    You can find the full story here


    You can also get the "apology" from Limewire here and Grokster at this site.....

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    689
    Hey you know that doesnt sound like a trojan to me. It sounds like the spyware that is standard issue, with music sharing software. Audiogalaxy never apologized for the "trojan" it sends with its sharing software. Its something like bonzi buddy. Even if you choose not to install it, it puts an icon in your start menu and on your desktop. Stupid spyware junk.
    Wine maketh merry: but money answereth all things.
    --Ecclesiastes 10:19

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    yes preacher it is, but this one goes that extra mile, and downloads files to your computer to really breach your security.

    ...and they all sad their sorry they got caught.

    none of those so called marketing companys are above taking money from the fbi or the riaa. hey a buck is a buck, right? so i wouldn't be a bit suprised...
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    689

    Post

    Im glad that ad aware is out there to get rid of the spyware out there. This trojan is not even accidental, they put it in there to make money period. Since morpheous is based on the kazaa network, I wouldnt be surprised if it had a similar trojan in it.
    Wine maketh merry: but money answereth all things.
    --Ecclesiastes 10:19

  5. #5
    I have Kazza and i didn't find any of those files that the page shows like Dlder.exe
    Nobody Born The Best
    But Some Born To Be The Bests...

  6. #6
    Senior Member
    Join Date
    Aug 2001
    Posts
    168
    it's been great to be back... i've took a long holiday vacation and now it's time to share some point of views.
    btw, thanks for informing that there is newly discovered win32 virus/trojan out there. i hope my users are not that badly infected, however, i wish to read more stuff about win32. anybody knows what links are there.
    \"The more you ignore me... the closer i get!\"

  7. #7

    Post

    Originally posted by protocool
    i wish to read more stuff about win32. anybody knows what links are there.

    I assume you've already followed the link at the top of the page..


    Another good site for reading up on Win32Dlder can be found here and another one here....


    Codex, check to see if you have the following files and reg edits installed-


    C:\Windows\dlder.exe
    C:\Windows\explorer\explorer.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Games\Clicktilluwin
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
    CurrentVersion\Run\dlder

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    for all those who havn't read the articles:

    most people who use those P2P programs don't have the trojan. it was only distributed for a couple of weeks in december. the web site the info was posted to was taken down by the isp before the articules on it were released. The trojan was removed from the download in december.

    i couldn't find much technical info on the trojan, so if anyone knows anthing about it, like what port it operated on, i'd like to know.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •