Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Adware and Virius'

  1. #1

    Angry Adware and Virius'

    I must ask this question as I know of many friends behind bars for "hacking computers and virii spreading". When I go to a few sites and the site ask me if I want to install such and such toolbar and I say "no" but it installs it anyways, wouldnt that be in the same catagory as hacking or virii spreading? If so how can these "companies" get away with doing it?

    I went to a site just tonight and boom I have a sh*t load of crap instantly on my computer. here is a list of what was found:---->

    ArchiveData(auto-quarantine- 20-04-2004 00-01-45.bckp)
    ======================================================

    DYFUCA
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    obj[0]=RegKey : CLSID\{F7F808F0-6F7D-442C-93E3-4A4827C2E4C8}
    obj[1]=RegKey : DyFuCA_BH.BHObj
    obj[2]=RegKey : DyFuCA_BH.BHObj.1
    obj[3]=RegKey : Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}
    obj[4]=RegKey : SOFTWARE\Avenue Media
    obj[5]=RegKey : Software\Avenue Media
    obj[6]=RegKey : SOFTWARE\Avenue Media\Internet Optimizer
    obj[7]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7F808F0-6F7D-442C-93E3-4A4827C2E4C8}
    obj[8]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA
    obj[9]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA Software Installer
    obj[10]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer
    obj[11]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert
    obj[12]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Software Installer
    obj[13]=RegKey : TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}
    obj[48]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    obj[77]=Folder : c:\program files\Internet Optimizer
    obj[99]=File : c:\windows\nem214.dll
    obj[100]=File : c:\program files\internet optimizer\optimize.exe
    obj[101]=File : c:\program files\internet optimizer\update
    obj[102]=File : c:\program files\internet optimizer\actalert.exe
    obj[103]=File : c:\program files\internet optimizer\install.exe
    obj[104]=File : c:\program files\internet optimizer\update\actalert.exe
    obj[105]=File : c:\program files\internet optimizer\update\install.exe

    ISTBAR
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    obj[14]=RegKey : CLSID\{5f1abcdb-a875-46c1-8345-b72a4567e486}
    obj[15]=RegKey : CLSID\{ef86873f-04c2-4a95-a373-5703c08efc7b}
    obj[16]=RegKey : Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}
    obj[17]=RegKey : ISTactivex.Installer
    obj[18]=RegKey : istactivex.installer.2
    obj[19]=RegKey : pugi.pugiobj
    obj[20]=RegKey : pugi.pugiobj.1
    obj[21]=RegKey : Software\IST
    obj[22]=RegKey : Software\ISTbar
    obj[23]=RegKey : Software\ISTsvc
    obj[24]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbarISTbar
    obj[25]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc
    obj[26]=RegKey : TYPELIB\{6d3f5de4-e980-4407-a10f-9ac771abaae6}
    obj[27]=RegKey : TYPELIB\{8c752c5e-3c10-4076-af0a-ffc69fa20d1c}
    obj[49]=RegValue : SOFTWARE\Microsoft\Internet Explorer\Toolbar
    obj[50]=RegValue : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    obj[51]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    obj[66]=RegKey : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
    obj[73]=RegValue : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
    obj[78]=Folder : c:\program files\ISTbar
    obj[79]=Folder : c:\program files\ISTsvc
    obj[88]=File : c:\windows\downloaded program files\istactivex.dll
    obj[106]=File : c:\program files\istbar\istbar.dll
    obj[107]=File : c:\program files\istbar\xml_adultbar.php
    obj[108]=File : c:\program files\istbar\navnew.bmp
    obj[109]=File : c:\program files\istbar\search.bmp
    obj[110]=File : c:\program files\istbar\more.bmp
    obj[111]=File : c:\program files\istbar\version_xml.php
    obj[112]=File : c:\program files\istsvc\istsvc.exe
    obj[113]=File : c:\windows\downloaded program files\istactivex.inf

    LYCOS SIDESEARCH
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    obj[28]=RegKey : CLSID\{00000762-3965-4A1A-98CE-3D4BF457D4C8}
    obj[29]=RegKey : CLSID\{000007AB-7059-463E-BD44-101A1750D732}
    obj[30]=RegKey : SOFTWARE\Lycos\Sidesearch
    obj[31]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{000007AB-7059-463E-BD44-101A1750D732}
    obj[32]=RegKey : SOFTWARE\Microsoft\Internet Explorer\Extensions\{000007C6-17DF-4438-92A4-DE5537471BA3}
    obj[33]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000762-3965-4A1A-98CE-3D4BF457D4C8}
    obj[34]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lycos Sidesearch
    obj[80]=Folder : c:\program files\lycos\Sidesearch
    obj[114]=File : c:\windows\desktop\lycos sidesearch.lnk
    obj[115]=File : c:\program files\lycos\sidesearch\temp
    obj[116]=File : c:\program files\lycos\sidesearch\offline.htm
    obj[117]=File : c:\program files\lycos\sidesearch\sidesearch1311.dll
    obj[118]=File : c:\program files\lycos\sidesearch\uninst.exe
    obj[119]=File : c:\windows\start menu\programs\lycos sidesearch.lnk

    STOPPOP
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    obj[35]=RegKey : Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A}

    VX2.BETTERINTERNET
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    obj[36]=RegKey : CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}
    obj[37]=RegKey : SOFTWARE\twaintec
    obj[38]=RegKey : TwaintecDll.TwaintecDllObj.1
    obj[39]=RegKey : TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC}
    obj[40]=RegKey : vx2.vx2obj
    obj[75]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}
    obj[81]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\twaintec
    obj[120]=File : c:\windows\temp\dummy.htm
    obj[121]=File : c:\windows\temp\twaintec.ini
    obj[122]=File : c:\windows\temp\twtini.cab
    obj[123]=File : c:\windows\temp\twtini.inf
    obj[124]=File : c:\windows\inf\twtini.inf
    obj[125]=File : c:\windows\twaintec.ini
    obj[126]=File : c:\windows\twaintec.dll

    WHENU
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    obj[41]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUCSync
    obj[42]=RegKey : Software\WhenU
    obj[43]=RegKey : Software\WhenUSave
    obj[70]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
    obj[82]=Folder : c:\program files\ClockSync
    obj[90]=File : c:\program files\clocksync\sync.exe
    obj[127]=File : c:\program files\clocksync\screen
    obj[128]=File : c:\program files\clocksync\dnldapp.cfg

    WINFAVORITES
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    obj[44]=RegKey : Bridge.brdg
    obj[45]=RegKey : Bridge.brdg.1
    obj[46]=RegKey : CLSID\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
    obj[47]=RegKey : TypeLib\{DDAF2479-6F00-4599-998A-3ED75686C6D0}
    obj[67]=RegKey : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/a.exe
    obj[72]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
    obj[74]=RegValue : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
    obj[76]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
    obj[83]=RegKey : Interface\{4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12}
    obj[84]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bridge
    obj[85]=RegKey : atl.registrar
    obj[86]=RegKey : CLSID\{44ec053a-400f-11d0-9dcd-00a0c90391d3}
    obj[89]=File : c:\windows\system\a.exe
    obj[129]=File : c:\windows\downloaded program files\bridge.dll

    POWERSCAN
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    obj[52]=RegValue : .default\Software\Powerscan
    obj[53]=RegValue : Software\Powerscan
    obj[71]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
    obj[87]=Folder : c:\windows\start menu\programs\Power Scan
    obj[91]=File : c:\program files\power scan\powerscan.exe
    obj[130]=File : c:\windows\start menu\programs\power scan\power scan.lnk

    POSSIBLE BROWSER HIJACK ATTEMPT
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    obj[54]=RegData : Software\Microsoft\Internet Explorer\Main
    obj[55]=RegData : Software\Microsoft\Internet Explorer\Main
    obj[56]=RegData : Software\Microsoft\Internet Explorer\Search
    obj[57]=RegData : .Default\Software\Microsoft\Internet Explorer\Main
    obj[58]=RegData : .Default\Software\Microsoft\Internet Explorer\Main
    obj[59]=RegData : .Default\Software\Microsoft\Internet Explorer\Search
    obj[60]=RegData : Software\Microsoft\Internet Explorer\Main
    obj[61]=RegData : Software\Microsoft\Internet Explorer\Main
    obj[62]=RegData : Software\Microsoft\Internet Explorer\Search
    obj[63]=RegData : .Default\Software\Microsoft\Internet Explorer\Main
    obj[64]=RegData : .Default\Software\Microsoft\Internet Explorer\Main
    obj[65]=RegData : .Default\Software\Microsoft\Internet Explorer\Search
    obj[68]=RegKey : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF86873F-04C2-4A95-A373-5703C08EFC7B}
    obj[69]=RegKey : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}




    This crap has got to end or these companies are gonna have to supply us with a life time supply of coffee and harddrives.

  2. #2
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Hi phatcat4214,

    Yes it is a $#%@&@ pain how this stuf finds its way in.. The current trend is Gator and friens are getting quite and your friends are becomming more agressive as well to your list you can add the 20 or so efforts from our friends at Cool Web Search.. They are lovely..

    What programm were you using to detect that lot.. Also have you also used CWShredder to check if CWS can't be added to the pile..

    contry to popular belief you don't have to visit Porn and warez sites to pick up this crud.. but they are the ones who seem to be the early adopters..

    draw and quater or racking over an ants nest are my answers to the the writters and distributers of any malware.. including Spybots, parasites, worms, trojans, viruses..

    It is fortunate now that most AV software is now detecting this crap as malware..

    Cheers

    BTW: Just what may that site be that you visited.. just so I can prevent my machines going there.. accidently
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  3. #3
    All these were found with Ad-Aware 6.0. As for the site it was a warez/crackz site. I was just testing my home network against such malware and it was not safe lol. Well at least one computer wasnt as the firewall to the rest blocked the first computer from sending it to the rest.


    Not only did this site( cant remember the name ) drop all that spyware but it also dropped 2 trojans named BKDR_IRCFLOOD.X and W32.Klez.gen@mm. Now it looks like that would be breaking certian virii spreading laws. Or am I wrong??

  4. #4
    yeah it does, but the government is more concerned about ppl downloading music from the internet.....
    everything you say to me takes me one step closer to the edge:
    AND I\'M ABOUT TO BREAK...LP

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hey phatcat, hi there.....

    Yeah it is a real pain, you get a lot of it attached to spam mail as well

    http://www.diamondcs.com.au

    Get "RegistryProt" it is free

    You will have noticed just how much of that stuff needed entries or amendments to the registry. RegistryProt intercepts them and lets you kill them or reverse the changes.

    Good luck.

  6. #6
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    regprot certainly lets you know when a virus has sliped by the defences.. and increases your chances for a fast and complete cleanup..

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  7. #7
    Junior Member
    Join Date
    Apr 2004
    Posts
    19

    Cool Well........

    I know how messed up it is to have that lame Ad-ware crap. They get in, in so many ways. Its almost inpossible to keep them out unless you have a anti Ad-Ware program. i myself consider that "Hacking" when they put stuff deep into the registry even when you say you don't want to download it.

    And pop-ups that just start appearing as an animation and move arround the screen. Like a car bust through the screen and its a FORD commercial. Don't click the close button on it. That is like telling them. Please put ad-ware on my pc.
    TRINITY IS COOL........
    http://pub2.ezboard.com/btrinityland
    (C++ Novice)

  8. #8
    i agree with you. i'm new to all this and have just recently become aware of all the adware and stuff. i now have a firewall, and other security measures in place on my pc. well i came across a company today osmosis AEEA trying to access one of my ports. now from what i can tell from doing a search on the name, it seems to be a company concerned with security? but why are they trying to get into my computer? i agree even if its not a viscious ad (ie, with bugs), or say the company is "gathering info for internet security" or something, i still don't think they should be able to just wander around in my system.....
    everything you say to me takes me one step closer to the edge:
    AND I\'M ABOUT TO BREAK...LP

  9. #9
    I'm not sure that osmosis-aeea is a company but rather is the registered names of two ports --> osmosis-aeea 3034/tcp Osmosis AEEA
    osmosis-aeea 3034/udp Osmosis AEEA

    I believe that these ports are used as a favorite of Spammers. Now I may be wrong, so I'm just trying to remember where I read this at.

  10. #10
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    Freeware programs such as Ad-aware and SpyBot Search
    & Destroy can identify and remove spyware from your computer. Utilities like
    SpywareBlaster and SpywareGuard can prevent spyware from being
    installed on your computer. Both of these utilities are currently being offered as freeware. You can find them here at

    Adware

    www.lavasoft.de

    Spybot Seek and destory

    www.spybot.safer-networking.de

    Spyware Blaster

    www.javacoolsoftware.com/spywareblaster.html

    Spyware guard

    www.wilderssecurity.net/spywareguard.html

    Hope this helps, Computernerd22

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •