June 21st, 2004, 08:32 AM
something weird to analyze
http://mmm.roings.com/update.php (go at your own risk maybe)
<!-- Roings prompt begin -->
<!-- Roings prompt end -->
so as you can see from that it loads something from that install.php, so I take a look at that and this one's a little long so I guess I'll zip it, and just paste parts of it. (to see for yourself at your own risk, cause I have no idea what it does go to http://mmm.roings.com/install.php?tt...rcook=0&lfir=1 ) One part of it loaded a .cab file from http://cabs.roings.com/cabs/ and you can check that out I think, seems safe as it's just a dir listing. But wtflip are all those .cab files, the one it loads is mmed.cab. That just scratches the surface, cause it loads other stuff including http://logs.roings.com/logprompt.php?aff=update which I haven't even looked at yet. Anyone into analyzing this stuff care to shed some light? I think I might just reinstall soon, cause i know this isn't the half of my problems. just was curious. Attached at the bottom is the code in install.php. Thanks for any insight you can provide. Peace.
June 21st, 2004, 09:58 AM
Looks alot like spyware to me. Especially the object "IObjSafety.DemoCtl". If you search for info on this you'll find alot of HijackThis logs.
And a .cab file is just an archive just like zip (you can 'open' it with winzip/winrar). It's MS's way of distributing plugins, patches, add-ons and what not.
Experience is something you don't get until just after you need it.
June 21st, 2004, 10:43 AM
Hmmm... Roings is adware... Information and removal intstructions can be found here @ PestPatrol