Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Webhelper: New mxtarget Transponder Variant

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spyware/Adware in the News
View previous topic :: View next topic  
Author Message
webhelper
SWW Expert


Joined: 11 Apr 2004
Last Visit: 16 Jul 2011
Posts: 1090
PostPosted: Sat May 01, 2004 6:17 pm    Post subject: Webhelper: New mxtarget Transponder Variant Reply with quote
Webhelper: Updated Transponder listing

Today, I was able to discover what the alchem.exe does. If the transponder variant, twaintech.dll or bi.dll is not in the BHO registry entry, the alchem.exe transmits a checkin and then installs the newest update. So now I got the mxtarget.dll from mx-target.com which replaced the twaintech registry entries. There are quite a set of files that are dropped and ran but the code in the mxtarget.dll has the stop-poup-ads-now entry as did the bi.dll and twaintech.dll which means they are only changing the code on what controlling server it checks in with which is now:
master.mx-targeting.com/mx/servlet/MXTarget

Along with that there is an entry for the alchem.exe:

checkin.clickalchemy.com/ca/servlet/Alchem

Below is my updated list and there are a lot of entries that will make you wonder why those sites are listed. I will be writing in detail why the addistions and how they all are linked to the transponder gang which I am going to refer to as the "ThinkingMedia.net Transponder Gang".

Files That are the new transponder variant:
mxTarget.cab
mxTarget.dll
mxTarget.inf
mxtarget.ini
mxtini.cab
mxtini.inf
preInsMt.exe
tt_reco.exe (This is the one that removes all twaintech registry entries)
This variant like the bi and twaintech also use the offeroptimizer ad server for the popup ads to users computers.

Updated Sites Listing
01 May 2004

63.99.224.18 mail.thinkingmedia.net
63.99.224.19 Amazingmerchants.com
63.99.224.20 thinkingmedia.net
63.99.224.21 Direct-Revenue.com
63.99.224.34 mail.clickalchemy.com
63.99.224.37 stop-popup-ads-now.com
63.99.224.37 clickalchemy.com
63.99.224.47 cleangetaway.biz
63.99.224.47 mypanicbutton.com
63.99.224.57 Twain-tech.com
63.99.224.57 mx-targeting.com
63.99.209.59 Ipinsight.com
63.99.224.62 mail.msview.cc
63.99.224.65 msview.cc
63.99.224.65 www.freephone.cc
63.240.11.56 disk11.com
64.66.168.38 EC16.com
64.191.159.9 mail.hostpool.net
64.191.159.9 mail.direct-revenue.com
64.191.159.120 xadx.offeroptimizer.com
64.191.159.132 c.abetterinternet.com
64.191.159.133 s.abetterinternet.com
64.191.159.133 update.stop-popup-ads-now.com
64.202.165.92 mail.mypctuneup.com
64.41.114.15 tps108.org
64.41.111.75 truedata.org
65.255.32.5 www.offeroptimizer.biz
65.255.32.5 top10sites.com
65.255.32.5 skinhead.com
65.255.32.5 letssearch.com
65.255.32.8 Quicklaunch.com
65.255.32.70 offeroptimizer.biz
65.255.32.70 mail.www.offeroptimizer.biz
65.255.32.70 mail.offeroptimizer.biz
66.113.176.180 Bestoffers.bz
66.113.176.180 mail.bestoffers.bz
66.199.187.168 munky.com
66.199.187.168 NameAdministration.com
66.199.187.168 15X.NET
66.199.187.168 pantyland.com
66.199.187.168 steelwool.com
66.199.187.175 adblock.linkz.com
66.199.187.175 smartcasual.com
66.199.187.175 linkz.com
66.199.187.175 hostpool.com
66.199.187.175 adblock.com
66.199.187.175 nameadmininc.com
66.216.73.160 belt.abetterinternet.com/bi/servlet/Belt?StubName=Belt
66.216.86.121 download.ipinsight.net
69.20.5.14 cr.stop-popup-ads-now.com
69.20.5.14 mail.stop-popup-ads-now.com
69.90.32.141 thinstall.abetterinternet.com
69.90.32.140 download.abetterinternet.com
69.90.32.140 download2.abetterinternet.com
69.28.146.21 xlime.offeroptimizer.com
207.217.96.41 sohodigital.net
207.246.105.49 Celticfestival.org
207.246.105.39 test.disk11.com
207.246.124.10 vx2.cc
207.246.124.113 checkin.clickalchemy.com
207.246.124.113 transctl.vx2.cc
207.246.124.116 www.offeroptimizer.com
207.246.124.116 cliks.org
207.246.124.120 xads.offeroptimizer.com
207.246.124.120 xadso.offeroptimizer.com
207.246.124.130 mail.tps108.org
216.110.36.129 ipinsight.net
216.110.36.129 mypctuneup.com
216.187.118.218 OPTINEMAILSERVICES.Com
216.187.118.221 Hostpool.net

Webhelper
_________________
Wächter der Geschichten:
http://www.webhelper4u.com/thewatcher.html
Member of ASAP Since 2004
Back to top
View user's profile Send private message Visit poster's website
wawadave
Warrior Obsessed


Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
PostPosted: Sat May 01, 2004 6:55 pm    Post subject: Reply with quote
And agian thank you webhelper!!!!!! Smile
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Nick
Site Admin


Joined: 27 Feb 2004
Last Visit: 28 Aug 2012
Posts: 3913
Location: California
PostPosted: Sat May 01, 2004 7:06 pm    Post subject: Reply with quote
Thanks again. I have been wondering what alchem.exe does. I've known it's a baddy for awhile, but I like to know what makes it a baddy. Now I know.
_________________
Nick's Security Ticker

Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spyware/Adware in the News All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group