-
September 10th, 2004, 08:45 PM
#1
New badass piece of ad/spyware.
Recently a friend of my in class had a fresh install of win xp pro. We needed if for setting up a apache/php/mysql machine for our classes programming and database.
He surfs to the site www.phazeddl.com (warez)
naturaly pics up some ad/spyware.
Only this was a nasty kind of breed. Most prominant was changing the desktop to some item telling him the computer was infected (really ??)
No name was given. A link led to a site telling him to pay money for a spyware/adware remover.
Spybot S&D, Lavasoft Ad-aware Se, CWShredder. were defensless. (updated and all)
running them in safe mode or normal mode didn't make a difference. But unlike normally even though we dind't surf at all. We seemed to be picking up more stuff.
Spybot and ad-aware were removing stuff and when whe ran them again there were new things installed.
We decided to go and do a LOW level format(okay maybe thats a bit of overkill). Then reinstalled windows.
===
This bit of adware interesst me because its so agressive.
I'm setting up a virtual pc and see if i can get it in there to see what the damn thing is doing. Lets see what it turns up.
Anybody else getting very agresive peices of spyware and adware ?
-Take care...
Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?
-
September 10th, 2004, 09:44 PM
#2
HiJackThis might have helped before the format.... You can take the box back to practically zero with it if you like and then start bringing things back to find the offender if you so chose.....
Question: Why on earth did you feel the need to go to that site to get those apps???????
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
September 10th, 2004, 09:48 PM
#3
Question: Why on earth did you feel the need to go to that site to get those apps???????
All those apps are free from the sites anyway!! So I am with TigerShark on this one.
- MilitantEidolon
Yeah thats right........I said It!
Ultimately everyone will have their own opinion--this is mine.
-
September 10th, 2004, 10:34 PM
#4
Personally think this domain needs to get pulled from the owner
for (if proven) violating existing US laws and the domain is in San Francisco Calf.
I think the hosting company needs to get notified of this problem.
Any legit Hosting Company, co-lo or ISP would not put up with this problem.
As a note: I did go to this site and no Ad-Aware was present...
My WinXP Pro w/sp2 did not get infected.. and Norton Did not Ring any alarm.
I also noted that there were plenty of available wares that
could be used by the Feds as a reason to shut it down and
charge the domain owner, and the BSA for copyrite violations.
Franklin Werren at www.bagpipes.net
Yes I do play the Bagpipes!
And learning to Play the Bugle
-
September 10th, 2004, 11:07 PM
#5
I did go to this site and no Ad-Aware was present...
But you didn't d/l any of those nice "free" things and install them, did you?
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
September 11th, 2004, 12:33 AM
#6
Moonwolf,
I just went there as well, with xp. No bells or whistles going off either. I did exactly what you said you did. Either it was a one time event or someone must have done a few other things you failed to mention as Tiger Shark suggested:
But you didn't d/l any of those nice "free" things and install them, did you?
cheers
Connection refused, try again later.
-
September 11th, 2004, 12:17 PM
#7
It could be I was at fault in my first post.
I have no idea why he went to that site.(or why he did it with IE). Noted should be that the box at that moment wasn't updated in any way and using IE. (he was probebly loooking for a cracked opera)
We tried to use hijackthis and some less know anti spyware and other apps but none made a difference. (our teacher was at a loss on this too)
In trying to recreate the event... I failed it was impossible to get anything remotly interesting from the site.
But the site loads other sites with the downloads in frames so it could be from one of those. And i dont plan to click each and everyone of them downloads.
Anyway the other question. Is anybody seeing a development with more agressive spyware(poseble even spyware downloading and installing more spyware). Leaving normal defensive programs defensless.
Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?
-
September 11th, 2004, 01:46 PM
#8
How about you tell us what adaware and spybot are catching, that way we can tell you if there are any removal tools or special plug in's for adaware.
-
September 11th, 2004, 01:52 PM
#9
I'd like to tell you. But i can't
We never wrote the stuff down. We wanted to get rid of it.
I was planning get to know more in a secure place, but since i can't pick the thing up again so thats to bad.
I can say this. The things it was installing were mostly toolbars and the likes. Getting rid of them was no problem the program getting them on the box was.
Also the thing also send out net send advertisments across the network every so minutes. (part of the reason we wanted to get rid of the damn infection)
We even supsect it of cross spreading to another windows install on that hd.(so the low level hard disk format to get it OFF of the disk)
Nasty thing hope i won't have to see it again.
Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?
-
September 11th, 2004, 02:50 PM
#10
Re: New badass piece of ad/spyware.
Originally posted here by MoonWolf
Only this was a nasty kind of breed. Most prominant was changing the desktop to some item telling him the computer was infected (really ??)
No name was given. A link led to a site telling him to pay money for a spyware/adware remover.
If the desktop read "you're in danger" then this is a hijack we started seeing at SFDC in early June. There is an uninstaller located at http://www.smart-security.info/removal.html
Just FYI in case anyone else runs into it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|