| View previous topic :: View next topic |
| Author |
Message |
Moore
Moderator
Joined: 31 May 2004
Last Visit: 05 Jan 2011
Posts: 758
Location: °°.MooreLand.°°
|
 Posted: Sat Oct 23, 2004 4:20 am Post subject: Scumware-Remover.org |
 |
|
Hi , a site I came across in my travels today was Scumware-Remover.org and smartestsearch.com , anyone heard of them before ?
Also has a removal program available to download , thought I'd better check if they are they good or bad or in between , before I block them 
Thanks for any info. 
| Quote: |
Scumware-Remover.org
Scumware facts:
Also known as spyware and adware.
Experts view scumware as a real threat to consumers and businesses. If you're online, you should be concerned about scumware.
Nine out of 10 PCs connected to the Internet are infected with scumware.
A recent scumware audit report published by Earthlink and Webroot found an average of 26.5 scumware traces are present on a given PC. In a six-month period, two million scans found 55 million pieces of scumware.
92% of corporate IT managers at companies with more than 100 employees claim they have a "major" scumware problem.
What to do:
Remove scumware from your computer with the free and safe software developed by ICAS (Internet Companies Against Scumware).
Click Here to run the free scumware removal software
http://www.scumware-remover.org/install.html
|
Liam Rhodes/Scumware-Remover.org:66.79.171.0-66.79.171.127
Scumware-Remover.org:66.79.171.70-66.79.171.70
--
www.smartestsearch.com:66.79.171.75
Registrant:
Steven Burritt
239 millcreek lane
naperville, Illinois 60540
United States
Registered through: GoDaddy.com
Domain Name: SMARTESTSEARCH.COM
Created on: 06-Aug-02
Expires on: 06-Aug-05
Last Updated on: 08-Jun-04
Administrative Contact:
Burritt, Steven
239 millcreek lane
naperville, Illinois 60540
United States
Domain servers in listed order:
NS1.H-C-T.COM
NS2.H-C-T.COM
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts | |
|
| Back to top |
|
 |
eburger68
SWW Distinguished Expert
Joined: 23 Jun 2004
Last Visit: 18 Nov 2008
Posts: 575
Location: Clearwater, FL
|
| Posted: Sat Oct 23, 2004 8:03 pm Post subject: |
|
|
Moore:
Thanks for posting that. I tried it on my Windows 2000 box, but it won't work. The thing is hard coded to use Windows XP paths -- tries to install three files to \WINDOWS\SYSTEM32. The default WinDir on a 2K box is \WINNT, so it crashes before doing anything significant.
Based just on that I can't recommend anyone bother with this. If someone with a WinXP box is willing to give it a whirl, I'd be most interested in hearing how it performs. Screenshots would be nice, too.
Best,
Eric L. Hwoes |
|
| Back to top |
|
|
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 24 May 2013
Posts: 10271
Location: sunny California
|
| Posted: Sat Oct 23, 2004 9:17 pm Post subject: |
|
|
I started it and got ZA alerts and it tried to changed my default search page and homepage to smartestsearch.com. 
SpywareGuard gave me the warning and let me change them back with a couple of clicks. The scan gave an error and timed out. But I still got 3 files downloaded to C:Windows\system 32:
dps.exe
dps32.exe
mse.exe
Ok, while I was posting this I thought I should run a HijackThis log. This piece of crap malware put a whole bunch of entries in my hosts file and the 04 entry highlighted in red.
Logfile of HijackThis v1.98.0
Scan saved at 10:29:30 PM, on 10/23/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PGPserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Suzi\My Documents\My Downloads\installers\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
O1 - Hosts: 66.79.171.75 www.google.com
O1 - Hosts: 66.79.171.75 www.yahoo.com
O1 - Hosts: 66.79.171.75 www.altavista.com
O1 - Hosts: 66.79.171.75 www.hotbot.com
O1 - Hosts: 66.79.171.75 www.lycos.com
O1 - Hosts: 66.79.171.75 www.mamma.com
O1 - Hosts: 66.79.171.75 www.askjeeves.com
O1 - Hosts: 66.79.171.75 www.ask.com
O1 - Hosts: 66.79.171.75 www.google.co.uk
O1 - Hosts: 66.79.171.75 www.yahoo.co.uk
O1 - Hosts: 66.79.171.75 www.altavista.co.uk
O1 - Hosts: 66.79.171.75 www.hotbot.co.uk
O1 - Hosts: 66.79.171.75 www.lycos.co.uk
O1 - Hosts: 66.79.171.75 www.mamma.co.uk
O1 - Hosts: 66.79.171.75 www.askjeeves.co.uk
O1 - Hosts: 66.79.171.75 www.ask.co.uk
O1 - Hosts: 66.79.171.75 www.msn.com
O1 - Hosts: 66.79.171.75 www.msn.co.uk
O1 - Hosts: 66.79.171.75 www.go.com
O1 - Hosts: 66.79.171.75 www.go.co.uk
O1 - Hosts: 66.79.171.75 www.no-ip.com
O1 - Hosts: 66.79.171.75 www.hotbar.com
O1 - Hosts: 66.79.171.75 www.mywebsearch.com
O1 - Hosts: 66.79.171.75 www.exactsearch.net
O1 - Hosts: 66.79.171.75 www.resultsmaster.com
O1 - Hosts: 66.79.171.75 www.kanoodle.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [dps] c:\windows\system32\dps.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: PGPtray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
 This is a real nasty!!!
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.  |
|
| Back to top |
|
|
Nick
Site Admin
Joined: 27 Feb 2004
Last Visit: 28 Aug 2012
Posts: 3913
Location: California
|
| Posted: Sat Oct 23, 2004 11:45 pm Post subject: |
|
|
OK, so you already know the baddies, but here they are. If you didn't have SpywareGuard, then there would probably be at least one O2 and O3 to be fixed as well.
|
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
|
| Back to top |
|
|
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 24 May 2013
Posts: 10271
Location: sunny California
|
| Posted: Sun Oct 24, 2004 9:06 am Post subject: |
|
|
whois info for scumware-remover.org:
| Quote: |
omain ID:D104980260-LROR
Domain Name:SCUMWARE-REMOVER.ORG
Created On:08-Oct-2004 23:52:48 UTC
Last Updated On:08-Oct-2004 23:53:17 UTC
Expiration Date:08-Oct-2005 23:52:48 UTC
Sponsoring Registrar:Go Daddy Software, Inc. (R91-LROR)
Status:TRANSFER PROHIBITED
Registrant ID:GODA-08414651
Registrant Name:Steven Burritt
Registrant Organization:
Registrant Street1:239 millcreek lane
Registrant Street2:
Registrant Street3:
Registrant City:naperville
Registrant State/Province:Illinois
Registrant Postal Code:60540
Registrant Country:US
Registrant Phone:+1.6304043009
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:stevesredcamaro@aol.com
Admin ID:GODA-28414651
Admin Name:Steven Burritt
Admin Organization:
Admin Street1:239 millcreek lane
Admin Street2:
Admin Street3:
Admin City:naperville
Admin State/Province:Illinois
Admin Postal Code:60540
Admin Country:US
Admin Phone:+1.6304043009
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:stevesredcamaro@aol.com
Tech ID:GODA-18414651
Tech Name:Steven Burritt
Tech Organization:
Tech Street1:239 millcreek lane
Tech Street2:
Tech Street3:
Tech City:naperville
Tech State/Province:Illinois
Tech Postal Code:60540
Tech Country:US
Tech Phone:+1.6304043009
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:stevesredcamaro@aol.com
Name Server:NS1.H-C-T.COM
Name Server:NS2.H-C-T.COM |
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. |
|
| Back to top |
|
|
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 24 May 2013
Posts: 10271
Location: sunny California
|
| Posted: Sun Oct 24, 2004 9:24 pm Post subject: |
|
|
I tried this thing again tonight with SpywareGuard disabled and ZA set to allow it access to see if the entire scan would run. I still got the run time error and still got my homepage, search page and hosts file hijacked. So - either this little piece of scumware is so poorly coded that it will not run, or it was designed for the sole purpose of hijacking users' computers. 
I also tried on my WinMe box but it would not run there either. It gave some file path error or some such thing. It did manage, however, to hijack by browser. It seems to be coded for XP only.
The warning message you see just under the google toolbar is from the new security settings in SP 2.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. |
|
| Back to top |
|
|
Scaramouche
Malware Expert
Joined: 06 Jul 2004
Last Visit: 03 May 2006
Posts: 141
Location: Manila, Philippines
|
| Posted: Mon Oct 25, 2004 12:03 am Post subject: |
|
|
This is just getting ludicrous. Even the bad scanners at least pretend to have some sort of functionality (on more platforms than XP to boot). I've been thinking lately that boards like these are necessary and admirable but they deal with the symptoms and not the root causes. Even scanners and removers are a necessary, yet incomplete solution.
What we need to do is turn spyware removal experts into spyware prosecution activists. Have someone in each major jurisdiction who can send in proof to the various district attorney offices, maybe have a lawyer donate a legalese template where the volunteer fills in how the spyware manufacturer violates laws (and really most bad spyware violates EXISTING laws against computer misuse/privacy as it is, let alone any new spyware laws that evolve in the future). Have these people networked so they can present evidence in cases that span states, or even countries. Have a committee examine each request before it goes out to provide a unified front and to remove traces of excess indignation that might make people take it less seriously. Monitor progress in certain key states, and then try to bring pressure on legislators and prosecutors that aren't doing the job properly. Whew.
I'm not suggesting anyone has to do this, because you know what? You guys already do a lot. I guess it was a little rant brought on by how egregious this particular site is. The implication that sites like this are allowed to exist and indeed, probably others that we don't even know about just makes me fume.
Theoretically, working for a commercial spyware remover seeing this should make me happy. Sort of a "all right, more bad stuff out there to increase the number of our clients!" But it doesn't, it just makes me mad and sad. I guess the things I outline above are more a pipe dream, since the organization and time constraints are pretty big. It would basically end up being an anti-spyware lobbying group to counter the efforts of Gator/Claria :) Even if it was successful it would only end up driving the manufacturers more underground (assuming you could get both an American and European organization set up and working).
If that doesn't work I suggest vigilante justice (note to Homeland Security department; I am not actually suggesting vigilante justice).
_________________
---
My comments represent my own opinions and research. |
|
| Back to top |
|
|
Moore
Moderator
Joined: 31 May 2004
Last Visit: 05 Jan 2011
Posts: 758
Location: °°.MooreLand.°°
|
| Posted: Mon Oct 25, 2004 1:41 am Post subject: |
|
|
Thanks for checking this one out , one more garbage site for the lists
I thought smartest search was a bit too suspicious , sounded like a CWS wannabe site to me.
Not good to see your computer get hijacked Suzi , at least you know where to go to get help [ if you ever need it  ] ..
| Quote: |
| If that doesn't work I suggest vigilante justice (note to Homeland Security department; I am not actually suggesting vigilante justice). |
lol 
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts | |
|
| Back to top |
|
|
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 24 May 2013
Posts: 10271
Location: sunny California
|
| Posted: Mon Oct 25, 2004 8:17 am Post subject: |
|
|
Scaramouche, you wrote:
| Quote: |
| I'm not suggesting anyone has to do this, because you know what? You guys already do a lot. I guess it was a little rant brought on by how egregious this particular site is. The implication that sites like this are allowed to exist and indeed, probably others that we don't even know about just makes me fume. |
It makes me fume too. I think complaints to the Illinois Attorney General would be in order, as well as to the web hosting company. They are probably violating the TOS of their web host. I'll so some reseach tonight and see if I can come up with addresses.
Moore, you wrote:
| Quote: |
| Not good to see your computer get hijacked Suzi. |
Yeah, the first time it happened it totally caught me off guard. I was furious. Of course since SpywareGuard caught it, it was easily correctable. The second time around I let it happen to see if the scan would complete. Thanks to HJT, it was easy to remove.
Also - this has been added to Panda's definitions, so it will now target and remove this scumware!
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. |
|
| Back to top |
|
|
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 24 May 2013
Posts: 10271
Location: sunny California
|
| Posted: Tue Oct 26, 2004 5:20 pm Post subject: |
|
|
Some interesting information about the person listed in the whois information has been posted in this thread at DSLReports.
http://www.broadbandreports.com/forum/remark,11680505~mode=flat
See the posts by BrettStarr and follow his links. One page has a long list of domains that appear to be re-directed to scumwware-remover.org.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. |
|
| Back to top |
|
|
TeMerc
Warrior Obsessed
Joined: 12 Feb 2004
Last Visit: 23 Dec 2009
Posts: 4953
Location: Phx. AZ.
|
|
| Back to top |
|
|
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 24 May 2013
Posts: 10271
Location: sunny California
|
| Posted: Tue Oct 26, 2004 6:17 pm Post subject: |
|
|
| Quote: |
| err..............daphne |
Yeah, you know, Daphne of Scooby Doo.
I was going to go anon there but that didn't last long.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. |
|
| Back to top |
|
|
TeMerc
Warrior Obsessed
Joined: 12 Feb 2004
Last Visit: 23 Dec 2009
Posts: 4953
Location: Phx. AZ.
|
|
| Back to top |
|
|
Nick
Site Admin
Joined: 27 Feb 2004
Last Visit: 28 Aug 2012
Posts: 3913
Location: California
|
| Posted: Wed Oct 27, 2004 12:27 am Post subject: |
|
|
| Shcooooby Doooooo! |
|
| Back to top |
|
|
webhelper
SWW Expert
Joined: 11 Apr 2004
Last Visit: 16 Jul 2011
Posts: 1090
|
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
|
| Back to top |
|
|
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 24 May 2013
Posts: 10271
Location: sunny California
|
| Posted: Thu Nov 04, 2004 10:41 am Post subject: |
|
|
Good one Webhelper!
There are two other files, besides the dps.exe, this scumware puts into the C:\WINDOWS\SYSTEM32\ folder in case you wanted to add that to your page.
dps32.exe
mse.exe
I zipped and submitted all 3 to 3 different places. Kaspersky emailed me back this morning with this info:
| Quote: |
This is trojan-downloader program TrojanDownloader.Win32.VB.fn.
Detection will be added to the next daily update. |
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. |
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
|
| Back to top |
|
|
3162
Honorary Site Admin
Joined: 31 Mar 2004
Last Visit: 04 May 2009
Posts: 4452
|
|
| Back to top |
|
|
calvin282
Newbie
Joined: 07 Nov 2004
Last Visit: 07 Nov 2004
Posts: 2
|
| Posted: Sun Nov 07, 2004 1:00 am Post subject: |
|
|
right now i am trying to use spyware remover to remove the files. but when i try to do so, it says "access to unamed file was denied". can someone help please?
i am basically trying to fix the problem of getting always directed to smartestsearch.com |
|
| Back to top |
|
|
3162
Honorary Site Admin
Joined: 31 Mar 2004
Last Visit: 04 May 2009
Posts: 4452
|
|
| Back to top |
|
|
|
