Results 1 to 3 of 3

Thread: something weird to analyze

  1. #1
    Elite Hacker
    Join Date
    Mar 2003

    something weird to analyze

    ok, usually I don't pay much attention to my popups, but this time I checked one out, and it was a blank page that when I viewed the source it was running some javascript.
    <!-- Roings prompt begin -->
    <script language="JavaScript" type="text/JavaScript" 
    <script language="JavaScript">self.focus();</script>
    <!-- Roings prompt end -->
    http://mmm.roings.com/update.php (go at your own risk maybe)
    so as you can see from that it loads something from that install.php, so I take a look at that and this one's a little long so I guess I'll zip it, and just paste parts of it. (to see for yourself at your own risk, cause I have no idea what it does go to http://mmm.roings.com/install.php?tt...rcook=0&lfir=1 ) One part of it loaded a .cab file from http://cabs.roings.com/cabs/ and you can check that out I think, seems safe as it's just a dir listing. But wtflip are all those .cab files, the one it loads is mmed.cab. That just scratches the surface, cause it loads other stuff including http://logs.roings.com/logprompt.php?aff=update which I haven't even looked at yet. Anyone into analyzing this stuff care to shed some light? I think I might just reinstall soon, cause i know this isn't the half of my problems. just was curious. Attached at the bottom is the code in install.php. Thanks for any insight you can provide. Peace.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    Looks alot like spyware to me. Especially the object "IObjSafety.DemoCtl". If you search for info on this you'll find alot of HijackThis logs.

    And a .cab file is just an archive just like zip (you can 'open' it with winzip/winrar). It's MS's way of distributing plugins, patches, add-ons and what not.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Feb 2004
    Hmmm... Roings is adware... Information and removal intstructions can be found here @ PestPatrol


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts