New badass piece of ad/spyware.
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: New badass piece of ad/spyware.

  1. #1
    Senior Member
    Join Date
    Feb 2004
    Posts
    270

    New badass piece of ad/spyware.

    Recently a friend of my in class had a fresh install of win xp pro. We needed if for setting up a apache/php/mysql machine for our classes programming and database.

    He surfs to the site www.phazeddl.com (warez)

    naturaly pics up some ad/spyware.


    Only this was a nasty kind of breed. Most prominant was changing the desktop to some item telling him the computer was infected (really ??)

    No name was given. A link led to a site telling him to pay money for a spyware/adware remover.

    Spybot S&D, Lavasoft Ad-aware Se, CWShredder. were defensless. (updated and all)

    running them in safe mode or normal mode didn't make a difference. But unlike normally even though we dind't surf at all. We seemed to be picking up more stuff.

    Spybot and ad-aware were removing stuff and when whe ran them again there were new things installed.


    We decided to go and do a LOW level format(okay maybe thats a bit of overkill). Then reinstalled windows.
    ===

    This bit of adware interesst me because its so agressive.

    I'm setting up a virtual pc and see if i can get it in there to see what the damn thing is doing. Lets see what it turns up.

    Anybody else getting very agresive peices of spyware and adware ?

    -Take care...
    Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    HiJackThis might have helped before the format.... You can take the box back to practically zero with it if you like and then start bringing things back to find the offender if you so chose.....

    Question: Why on earth did you feel the need to go to that site to get those apps???????
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member
    Join Date
    Jun 2004
    Posts
    281
    Question: Why on earth did you feel the need to go to that site to get those apps???????
    All those apps are free from the sites anyway!! So I am with TigerShark on this one.

    - MilitantEidolon
    Yeah thats right........I said It!

    Ultimately everyone will have their own opinion--this is mine.

  4. #4
    Senior Member
    Join Date
    Jul 2001
    Posts
    343
    Personally think this domain needs to get pulled from the owner
    for (if proven) violating existing US laws and the domain is in San Francisco Calf.

    I think the hosting company needs to get notified of this problem.
    Any legit Hosting Company, co-lo or ISP would not put up with this problem.

    As a note: I did go to this site and no Ad-Aware was present...
    My WinXP Pro w/sp2 did not get infected.. and Norton Did not Ring any alarm.
    I also noted that there were plenty of available wares that
    could be used by the Feds as a reason to shut it down and
    charge the domain owner, and the BSA for copyrite violations.
    Franklin Werren at www.bagpipes.net
    Yes I do play the Bagpipes!

    And learning to Play the Bugle

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I did go to this site and no Ad-Aware was present...
    But you didn't d/l any of those nice "free" things and install them, did you?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Moonwolf,


    I just went there as well, with xp. No bells or whistles going off either. I did exactly what you said you did. Either it was a one time event or someone must have done a few other things you failed to mention as Tiger Shark suggested:


    But you didn't d/l any of those nice "free" things and install them, did you?
    cheers
    Connection refused, try again later.

  7. #7
    Senior Member
    Join Date
    Feb 2004
    Posts
    270
    It could be I was at fault in my first post.

    I have no idea why he went to that site.(or why he did it with IE). Noted should be that the box at that moment wasn't updated in any way and using IE. (he was probebly loooking for a cracked opera)

    We tried to use hijackthis and some less know anti spyware and other apps but none made a difference. (our teacher was at a loss on this too)

    In trying to recreate the event... I failed it was impossible to get anything remotly interesting from the site.

    But the site loads other sites with the downloads in frames so it could be from one of those. And i dont plan to click each and everyone of them downloads.

    Anyway the other question. Is anybody seeing a development with more agressive spyware(poseble even spyware downloading and installing more spyware). Leaving normal defensive programs defensless.
    Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?

  8. #8
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    How about you tell us what adaware and spybot are catching, that way we can tell you if there are any removal tools or special plug in's for adaware.
    I am the uber duck!!1
    Proxy Tools

  9. #9
    Senior Member
    Join Date
    Feb 2004
    Posts
    270
    I'd like to tell you. But i can't

    We never wrote the stuff down. We wanted to get rid of it.

    I was planning get to know more in a secure place, but since i can't pick the thing up again so thats to bad.

    I can say this. The things it was installing were mostly toolbars and the likes. Getting rid of them was no problem the program getting them on the box was.

    Also the thing also send out net send advertisments across the network every so minutes. (part of the reason we wanted to get rid of the damn infection)

    We even supsect it of cross spreading to another windows install on that hd.(so the low level hard disk format to get it OFF of the disk)

    Nasty thing hope i won't have to see it again.
    Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?

  10. #10
    Senior Member
    Join Date
    Feb 2004
    Posts
    202

    Re: New badass piece of ad/spyware.

    Originally posted here by MoonWolf
    Only this was a nasty kind of breed. Most prominant was changing the desktop to some item telling him the computer was infected (really ??)

    No name was given. A link led to a site telling him to pay money for a spyware/adware remover.

    If the desktop read "you're in danger" then this is a hijack we started seeing at SFDC in early June. There is an uninstaller located at http://www.smart-security.info/removal.html

    Just FYI in case anyone else runs into it.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides