-
April 20th, 2004, 06:20 AM
#1
Member
Adware and Virius'
I must ask this question as I know of many friends behind bars for "hacking computers and virii spreading". When I go to a few sites and the site ask me if I want to install such and such toolbar and I say "no" but it installs it anyways, wouldnt that be in the same catagory as hacking or virii spreading? If so how can these "companies" get away with doing it?
I went to a site just tonight and boom I have a sh*t load of crap instantly on my computer. here is a list of what was found:---->
ArchiveData(auto-quarantine- 20-04-2004 00-01-45.bckp)
======================================================
DYFUCA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : CLSID\{F7F808F0-6F7D-442C-93E3-4A4827C2E4C8}
obj[1]=RegKey : DyFuCA_BH.BHObj
obj[2]=RegKey : DyFuCA_BH.BHObj.1
obj[3]=RegKey : Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}
obj[4]=RegKey : SOFTWARE\Avenue Media
obj[5]=RegKey : Software\Avenue Media
obj[6]=RegKey : SOFTWARE\Avenue Media\Internet Optimizer
obj[7]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7F808F0-6F7D-442C-93E3-4A4827C2E4C8}
obj[8]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA
obj[9]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA Software Installer
obj[10]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer
obj[11]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert
obj[12]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Software Installer
obj[13]=RegKey : TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}
obj[48]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[77]=Folder : c:\program files\Internet Optimizer
obj[99]=File : c:\windows\nem214.dll
obj[100]=File : c:\program files\internet optimizer\optimize.exe
obj[101]=File : c:\program files\internet optimizer\update
obj[102]=File : c:\program files\internet optimizer\actalert.exe
obj[103]=File : c:\program files\internet optimizer\install.exe
obj[104]=File : c:\program files\internet optimizer\update\actalert.exe
obj[105]=File : c:\program files\internet optimizer\update\install.exe
ISTBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[14]=RegKey : CLSID\{5f1abcdb-a875-46c1-8345-b72a4567e486}
obj[15]=RegKey : CLSID\{ef86873f-04c2-4a95-a373-5703c08efc7b}
obj[16]=RegKey : Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}
obj[17]=RegKey : ISTactivex.Installer
obj[18]=RegKey : istactivex.installer.2
obj[19]=RegKey : pugi.pugiobj
obj[20]=RegKey : pugi.pugiobj.1
obj[21]=RegKey : Software\IST
obj[22]=RegKey : Software\ISTbar
obj[23]=RegKey : Software\ISTsvc
obj[24]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbarISTbar
obj[25]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc
obj[26]=RegKey : TYPELIB\{6d3f5de4-e980-4407-a10f-9ac771abaae6}
obj[27]=RegKey : TYPELIB\{8c752c5e-3c10-4076-af0a-ffc69fa20d1c}
obj[49]=RegValue : SOFTWARE\Microsoft\Internet Explorer\Toolbar
obj[50]=RegValue : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
obj[51]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[66]=RegKey : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
obj[73]=RegValue : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[78]=Folder : c:\program files\ISTbar
obj[79]=Folder : c:\program files\ISTsvc
obj[88]=File : c:\windows\downloaded program files\istactivex.dll
obj[106]=File : c:\program files\istbar\istbar.dll
obj[107]=File : c:\program files\istbar\xml_adultbar.php
obj[108]=File : c:\program files\istbar\navnew.bmp
obj[109]=File : c:\program files\istbar\search.bmp
obj[110]=File : c:\program files\istbar\more.bmp
obj[111]=File : c:\program files\istbar\version_xml.php
obj[112]=File : c:\program files\istsvc\istsvc.exe
obj[113]=File : c:\windows\downloaded program files\istactivex.inf
LYCOS SIDESEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[28]=RegKey : CLSID\{00000762-3965-4A1A-98CE-3D4BF457D4C8}
obj[29]=RegKey : CLSID\{000007AB-7059-463E-BD44-101A1750D732}
obj[30]=RegKey : SOFTWARE\Lycos\Sidesearch
obj[31]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{000007AB-7059-463E-BD44-101A1750D732}
obj[32]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Extensions\{000007C6-17DF-4438-92A4-DE5537471BA3}
obj[33]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000762-3965-4A1A-98CE-3D4BF457D4C8}
obj[34]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lycos Sidesearch
obj[80]=Folder : c:\program files\lycos\Sidesearch
obj[114]=File : c:\windows\desktop\lycos sidesearch.lnk
obj[115]=File : c:\program files\lycos\sidesearch\temp
obj[116]=File : c:\program files\lycos\sidesearch\offline.htm
obj[117]=File : c:\program files\lycos\sidesearch\sidesearch1311.dll
obj[118]=File : c:\program files\lycos\sidesearch\uninst.exe
obj[119]=File : c:\windows\start menu\programs\lycos sidesearch.lnk
STOPPOP
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[35]=RegKey : Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A}
VX2.BETTERINTERNET
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[36]=RegKey : CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}
obj[37]=RegKey : SOFTWARE\twaintec
obj[38]=RegKey : TwaintecDll.TwaintecDllObj.1
obj[39]=RegKey : TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC}
obj[40]=RegKey : vx2.vx2obj
obj[75]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}
obj[81]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\twaintec
obj[120]=File : c:\windows\temp\dummy.htm
obj[121]=File : c:\windows\temp\twaintec.ini
obj[122]=File : c:\windows\temp\twtini.cab
obj[123]=File : c:\windows\temp\twtini.inf
obj[124]=File : c:\windows\inf\twtini.inf
obj[125]=File : c:\windows\twaintec.ini
obj[126]=File : c:\windows\twaintec.dll
WHENU
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[41]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUCSync
obj[42]=RegKey : Software\WhenU
obj[43]=RegKey : Software\WhenUSave
obj[70]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
obj[82]=Folder : c:\program files\ClockSync
obj[90]=File : c:\program files\clocksync\sync.exe
obj[127]=File : c:\program files\clocksync\screen
obj[128]=File : c:\program files\clocksync\dnldapp.cfg
WINFAVORITES
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[44]=RegKey : Bridge.brdg
obj[45]=RegKey : Bridge.brdg.1
obj[46]=RegKey : CLSID\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
obj[47]=RegKey : TypeLib\{DDAF2479-6F00-4599-998A-3ED75686C6D0}
obj[67]=RegKey : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/a.exe
obj[72]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
obj[74]=RegValue : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[76]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
obj[83]=RegKey : Interface\{4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12}
obj[84]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bridge
obj[85]=RegKey : atl.registrar
obj[86]=RegKey : CLSID\{44ec053a-400f-11d0-9dcd-00a0c90391d3}
obj[89]=File : c:\windows\system\a.exe
obj[129]=File : c:\windows\downloaded program files\bridge.dll
POWERSCAN
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[52]=RegValue : .default\Software\Powerscan
obj[53]=RegValue : Software\Powerscan
obj[71]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
obj[87]=Folder : c:\windows\start menu\programs\Power Scan
obj[91]=File : c:\program files\power scan\powerscan.exe
obj[130]=File : c:\windows\start menu\programs\power scan\power scan.lnk
POSSIBLE BROWSER HIJACK ATTEMPT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[54]=RegData : Software\Microsoft\Internet Explorer\Main
obj[55]=RegData : Software\Microsoft\Internet Explorer\Main
obj[56]=RegData : Software\Microsoft\Internet Explorer\Search
obj[57]=RegData : .Default\Software\Microsoft\Internet Explorer\Main
obj[58]=RegData : .Default\Software\Microsoft\Internet Explorer\Main
obj[59]=RegData : .Default\Software\Microsoft\Internet Explorer\Search
obj[60]=RegData : Software\Microsoft\Internet Explorer\Main
obj[61]=RegData : Software\Microsoft\Internet Explorer\Main
obj[62]=RegData : Software\Microsoft\Internet Explorer\Search
obj[63]=RegData : .Default\Software\Microsoft\Internet Explorer\Main
obj[64]=RegData : .Default\Software\Microsoft\Internet Explorer\Main
obj[65]=RegData : .Default\Software\Microsoft\Internet Explorer\Search
obj[68]=RegKey : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF86873F-04C2-4A95-A373-5703C08EFC7B}
obj[69]=RegKey : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
This crap has got to end or these companies are gonna have to supply us with a life time supply of coffee and harddrives.
-
April 20th, 2004, 08:32 AM
#2
Hi phatcat4214,
Yes it is a $#%@&@ pain how this stuf finds its way in.. The current trend is Gator and friens are getting quite and your friends are becomming more agressive as well to your list you can add the 20 or so efforts from our friends at Cool Web Search.. They are lovely..
What programm were you using to detect that lot.. Also have you also used CWShredder to check if CWS can't be added to the pile..
contry to popular belief you don't have to visit Porn and warez sites to pick up this crud.. but they are the ones who seem to be the early adopters..
draw and quater or racking over an ants nest are my answers to the the writters and distributers of any malware.. including Spybots, parasites, worms, trojans, viruses..
It is fortunate now that most AV software is now detecting this crap as malware..
Cheers
BTW: Just what may that site be that you visited.. just so I can prevent my machines going there.. accidently
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
April 20th, 2004, 09:10 AM
#3
Member
All these were found with Ad-Aware 6.0. As for the site it was a warez/crackz site. I was just testing my home network against such malware and it was not safe lol. Well at least one computer wasnt as the firewall to the rest blocked the first computer from sending it to the rest.
Not only did this site( cant remember the name ) drop all that spyware but it also dropped 2 trojans named BKDR_IRCFLOOD.X and W32.Klez.gen@mm. Now it looks like that would be breaking certian virii spreading laws. Or am I wrong??
-
April 22nd, 2004, 11:15 PM
#4
Member
yeah it does, but the government is more concerned about ppl downloading music from the internet.....
everything you say to me takes me one step closer to the edge:
AND I\'M ABOUT TO BREAK...LP
-
April 23rd, 2004, 12:24 AM
#5
Hey phatcat, hi there.....
Yeah it is a real pain, you get a lot of it attached to spam mail as well
http://www.diamondcs.com.au
Get "RegistryProt" it is free
You will have noticed just how much of that stuff needed entries or amendments to the registry. RegistryProt intercepts them and lets you kill them or reverse the changes.
Good luck.
-
April 23rd, 2004, 01:02 AM
#6
regprot certainly lets you know when a virus has sliped by the defences.. and increases your chances for a fast and complete cleanup..
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
April 23rd, 2004, 06:19 PM
#7
Junior Member
Well........
I know how messed up it is to have that lame Ad-ware crap. They get in, in so many ways. Its almost inpossible to keep them out unless you have a anti Ad-Ware program. i myself consider that "Hacking" when they put stuff deep into the registry even when you say you don't want to download it.
And pop-ups that just start appearing as an animation and move arround the screen. Like a car bust through the screen and its a FORD commercial. Don't click the close button on it. That is like telling them. Please put ad-ware on my pc.
-
April 23rd, 2004, 07:40 PM
#8
Member
i agree with you. i'm new to all this and have just recently become aware of all the adware and stuff. i now have a firewall, and other security measures in place on my pc. well i came across a company today osmosis AEEA trying to access one of my ports. now from what i can tell from doing a search on the name, it seems to be a company concerned with security? but why are they trying to get into my computer? i agree even if its not a viscious ad (ie, with bugs), or say the company is "gathering info for internet security" or something, i still don't think they should be able to just wander around in my system.....
everything you say to me takes me one step closer to the edge:
AND I\'M ABOUT TO BREAK...LP
-
April 24th, 2004, 03:06 AM
#9
Member
I'm not sure that osmosis-aeea is a company but rather is the registered names of two ports --> osmosis-aeea 3034/tcp Osmosis AEEA
osmosis-aeea 3034/udp Osmosis AEEA
I believe that these ports are used as a favorite of Spammers. Now I may be wrong, so I'm just trying to remember where I read this at.
-
April 24th, 2004, 04:09 AM
#10
Freeware programs such as Ad-aware and SpyBot Search
& Destroy can identify and remove spyware from your computer. Utilities like
SpywareBlaster and SpywareGuard can prevent spyware from being
installed on your computer. Both of these utilities are currently being offered as freeware. You can find them here at
Adware
www.lavasoft.de
Spybot Seek and destory
www.spybot.safer-networking.de
Spyware Blaster
www.javacoolsoftware.com/spywareblaster.html
Spyware guard
www.wilderssecurity.net/spywareguard.html
Hope this helps, Computernerd22
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|