Adware and Virius'

I must ask this question as I know of many friends behind bars for "hacking computers and virii spreading". When I go to a few sites and the site ask me if I want to install such and such toolbar and I say "no" but it installs it anyways, wouldnt that be in the same catagory as hacking or virii spreading? If so how can these "companies" get away with doing it?

I went to a site just tonight and boom I have a sh*t load of crap instantly on my computer. here is a list of what was found:---->

ArchiveData(auto-quarantine- 20-04-2004 00-01-45.bckp)
======================================================

DYFUCA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : CLSID\{F7F808F0-6F7D-442C-93E3-4A4827C2E4C8}
obj[1]=RegKey : DyFuCA_BH.BHObj
obj[2]=RegKey : DyFuCA_BH.BHObj.1
obj[3]=RegKey : Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}
obj[4]=RegKey : SOFTWARE\Avenue Media
obj[5]=RegKey : Software\Avenue Media
obj[6]=RegKey : SOFTWARE\Avenue Media\Internet Optimizer
obj[7]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7F808F0-6F7D-442C-93E3-4A4827C2E4C8}
obj[8]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA
obj[9]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA Software Installer
obj[10]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer
obj[11]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert
obj[12]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Software Installer
obj[13]=RegKey : TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}
obj[48]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[77]=Folder : c:\program files\Internet Optimizer
obj[99]=File : c:\windows\nem214.dll
obj[100]=File : c:\program files\internet optimizer\optimize.exe
obj[101]=File : c:\program files\internet optimizer\update
obj[102]=File : c:\program files\internet optimizer\actalert.exe
obj[103]=File : c:\program files\internet optimizer\install.exe
obj[104]=File : c:\program files\internet optimizer\update\actalert.exe
obj[105]=File : c:\program files\internet optimizer\update\install.exe

ISTBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[14]=RegKey : CLSID\{5f1abcdb-a875-46c1-8345-b72a4567e486}
obj[15]=RegKey : CLSID\{ef86873f-04c2-4a95-a373-5703c08efc7b}
obj[16]=RegKey : Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}
obj[17]=RegKey : ISTactivex.Installer
obj[18]=RegKey : istactivex.installer.2
obj[19]=RegKey : pugi.pugiobj
obj[20]=RegKey : pugi.pugiobj.1
obj[21]=RegKey : Software\IST
obj[22]=RegKey : Software\ISTbar
obj[23]=RegKey : Software\ISTsvc
obj[24]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbarISTbar
obj[25]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc
obj[26]=RegKey : TYPELIB\{6d3f5de4-e980-4407-a10f-9ac771abaae6}
obj[27]=RegKey : TYPELIB\{8c752c5e-3c10-4076-af0a-ffc69fa20d1c}
obj[49]=RegValue : SOFTWARE\Microsoft\Internet Explorer\Toolbar
obj[50]=RegValue : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
obj[51]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[66]=RegKey : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
obj[73]=RegValue : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[78]=Folder : c:\program files\ISTbar
obj[79]=Folder : c:\program files\ISTsvc
obj[88]=File : c:\windows\downloaded program files\istactivex.dll
obj[106]=File : c:\program files\istbar\istbar.dll
obj[107]=File : c:\program files\istbar\xml_adultbar.php
obj[108]=File : c:\program files\istbar\navnew.bmp
obj[109]=File : c:\program files\istbar\search.bmp
obj[110]=File : c:\program files\istbar\more.bmp
obj[111]=File : c:\program files\istbar\version_xml.php
obj[112]=File : c:\program files\istsvc\istsvc.exe
obj[113]=File : c:\windows\downloaded program files\istactivex.inf

LYCOS SIDESEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[28]=RegKey : CLSID\{00000762-3965-4A1A-98CE-3D4BF457D4C8}
obj[29]=RegKey : CLSID\{000007AB-7059-463E-BD44-101A1750D732}
obj[30]=RegKey : SOFTWARE\Lycos\Sidesearch
obj[31]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{000007AB-7059-463E-BD44-101A1750D732}
obj[32]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Extensions\{000007C6-17DF-4438-92A4-DE5537471BA3}
obj[33]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000762-3965-4A1A-98CE-3D4BF457D4C8}
obj[34]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lycos Sidesearch
obj[80]=Folder : c:\program files\lycos\Sidesearch
obj[114]=File : c:\windows\desktop\lycos sidesearch.lnk
obj[115]=File : c:\program files\lycos\sidesearch\temp
obj[116]=File : c:\program files\lycos\sidesearch\offline.htm
obj[117]=File : c:\program files\lycos\sidesearch\sidesearch1311.dll
obj[118]=File : c:\program files\lycos\sidesearch\uninst.exe
obj[119]=File : c:\windows\start menu\programs\lycos sidesearch.lnk

STOPPOP
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[35]=RegKey : Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A}

VX2.BETTERINTERNET
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[36]=RegKey : CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}
obj[37]=RegKey : SOFTWARE\twaintec
obj[38]=RegKey : TwaintecDll.TwaintecDllObj.1
obj[39]=RegKey : TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC}
obj[40]=RegKey : vx2.vx2obj
obj[75]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}
obj[81]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\twaintec
obj[120]=File : c:\windows\temp\dummy.htm
obj[121]=File : c:\windows\temp\twaintec.ini
obj[122]=File : c:\windows\temp\twtini.cab
obj[123]=File : c:\windows\temp\twtini.inf
obj[124]=File : c:\windows\inf\twtini.inf
obj[125]=File : c:\windows\twaintec.ini
obj[126]=File : c:\windows\twaintec.dll

WHENU
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[41]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUCSync
obj[42]=RegKey : Software\WhenU
obj[43]=RegKey : Software\WhenUSave
obj[70]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
obj[82]=Folder : c:\program files\ClockSync
obj[90]=File : c:\program files\clocksync\sync.exe
obj[127]=File : c:\program files\clocksync\screen
obj[128]=File : c:\program files\clocksync\dnldapp.cfg

WINFAVORITES
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[44]=RegKey : Bridge.brdg
obj[45]=RegKey : Bridge.brdg.1
obj[46]=RegKey : CLSID\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
obj[47]=RegKey : TypeLib\{DDAF2479-6F00-4599-998A-3ED75686C6D0}
obj[67]=RegKey : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/a.exe
obj[72]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
obj[74]=RegValue : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[76]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
obj[83]=RegKey : Interface\{4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12}
obj[84]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bridge
obj[85]=RegKey : atl.registrar
obj[86]=RegKey : CLSID\{44ec053a-400f-11d0-9dcd-00a0c90391d3}
obj[89]=File : c:\windows\system\a.exe
obj[129]=File : c:\windows\downloaded program files\bridge.dll

POWERSCAN
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[52]=RegValue : .default\Software\Powerscan
obj[53]=RegValue : Software\Powerscan
obj[71]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
obj[87]=Folder : c:\windows\start menu\programs\Power Scan
obj[91]=File : c:\program files\power scan\powerscan.exe
obj[130]=File : c:\windows\start menu\programs\power scan\power scan.lnk

POSSIBLE BROWSER HIJACK ATTEMPT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[54]=RegData : Software\Microsoft\Internet Explorer\Main
obj[55]=RegData : Software\Microsoft\Internet Explorer\Main
obj[56]=RegData : Software\Microsoft\Internet Explorer\Search
obj[57]=RegData : .Default\Software\Microsoft\Internet Explorer\Main
obj[58]=RegData : .Default\Software\Microsoft\Internet Explorer\Main
obj[59]=RegData : .Default\Software\Microsoft\Internet Explorer\Search
obj[60]=RegData : Software\Microsoft\Internet Explorer\Main
obj[61]=RegData : Software\Microsoft\Internet Explorer\Main
obj[62]=RegData : Software\Microsoft\Internet Explorer\Search
obj[63]=RegData : .Default\Software\Microsoft\Internet Explorer\Main
obj[64]=RegData : .Default\Software\Microsoft\Internet Explorer\Main
obj[65]=RegData : .Default\Software\Microsoft\Internet Explorer\Search
obj[68]=RegKey : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF86873F-04C2-4A95-A373-5703C08EFC7B}
obj[69]=RegKey : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}




This crap has got to end or these companies are gonna have to supply us with a life time supply of coffee and harddrives.

Hi phatcat4214,

Yes it is a $#%@&@ pain how this stuf finds its way in.. The current trend is Gator and friens are getting quite and your friends are becomming more agressive as well to your list you can add the 20 or so efforts from our friends at Cool Web Search.. They are lovely..

What programm were you using to detect that lot.. Also have you also used CWShredder to check if CWS can't be added to the pile..

contry to popular belief you don't have to visit Porn and warez sites to pick up this crud.. but they are the ones who seem to be the early adopters..

draw and quater or racking over an ants nest are my answers to the the writters and distributers of any malware.. including Spybots, parasites, worms, trojans, viruses..

It is fortunate now that most AV software is now detecting this crap as malware..

Cheers

BTW: Just what may that site be that you visited.. just so I can prevent my machines going there.. accidently

All these were found with Ad-Aware 6.0. As for the site it was a warez/crackz site. I was just testing my home network against such malware and it was not safe lol. Well at least one computer wasnt as the firewall to the rest blocked the first computer from sending it to the rest.


:mad: Not only did this site( cant remember the name:( ) drop all that spyware but it also dropped 2 trojans named BKDR_IRCFLOOD.X and W32.Klez.gen@mm. Now it looks like that would be breaking certian virii spreading laws. Or am I wrong??

yeah it does, but the government is more concerned about ppl downloading music from the internet.....

Hey phatcat, hi there.....

Yeah it is a real pain, you get a lot of it attached to spam mail as well :(

http://www.diamondcs.com.au

Get "RegistryProt" it is free :D

You will have noticed just how much of that stuff needed entries or amendments to the registry. RegistryProt intercepts them and lets you kill them or reverse the changes.

Good luck.

regprot certainly lets you know when a virus has sliped by the defences.. and increases your chances for a fast and complete cleanup..

Cheers

I know how messed up it is to have that lame Ad-ware crap. They get in, in so many ways. Its almost inpossible to keep them out unless you have a anti Ad-Ware program. i myself consider that "Hacking" when they put stuff deep into the registry even when you say you don't want to download it.

And pop-ups that just start appearing as an animation and move arround the screen. Like a car bust through the screen and its a FORD commercial. Don't click the close button on it. That is like telling them. Please put ad-ware on my pc.

i agree with you. i'm new to all this and have just recently become aware of all the adware and stuff. i now have a firewall, and other security measures in place on my pc. well i came across a company today osmosis AEEA trying to access one of my ports. now from what i can tell from doing a search on the name, it seems to be a company concerned with security? but why are they trying to get into my computer? i agree even if its not a viscious ad (ie, with bugs), or say the company is "gathering info for internet security" or something, i still don't think they should be able to just wander around in my system..... :confused: :confused:

I'm not sure that osmosis-aeea is a company but rather is the registered names of two ports --> osmosis-aeea 3034/tcp Osmosis AEEA
osmosis-aeea 3034/udp Osmosis AEEA

I believe that these ports are used as a favorite of Spammers. Now I may be wrong, so I'm just trying to remember where I read this at.

Freeware programs such as Ad-aware and SpyBot Search
& Destroy can identify and remove spyware from your computer. Utilities like
SpywareBlaster and SpywareGuard can prevent spyware from being
installed on your computer. Both of these utilities are currently being offered as freeware. You can find them here at

Adware

www.lavasoft.de

Spybot Seek and destory

www.spybot.safer-networking.de

Spyware Blaster

www.javacoolsoftware.com/spywareblaster.html

Spyware guard

www.wilderssecurity.net/spywareguard.html

Hope this helps, Computernerd22

Quote:

---

Originally posted here by phatcat42141
I'm not sure that osmosis-aeea is a company but rather is the registered names of two ports --> osmosis-aeea 3034/tcp Osmosis AEEA
osmosis-aeea 3034/udp Osmosis AEEA

I believe that these ports are used as a favorite of Spammers. Now I may be wrong, so I'm just trying to remember where I read this at.

---

well they must be spammers, they try like every 5 minutes.....i don't know them and hey i don't want them even if they are "good"....thanks for the info...just learning :rolleyes:

well...what do you expect a welcome party with instructions on how to configure your browser to not accept any activ-x scripts and other **** like that?(no offence intended) the thing about the net you have to understand...its a "controled jungle" so you still have a chance of not getting hurt...you can hide and lurk all day but eventually something will spot you and like a predator to its prey, it pounces unexpectedly, unmercilessly...

...yea mate...look at this beuti...shes a big-un, an she wont give up without a fight...what you have to remember is her head is at one end and the tail is at the other....

sorry, out of character experience...but as always i do hope this helps someone out there...