IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Do you know the actual spyware?
We work on anti-spyware detection and removal et al, so I can ask someone here, but they'll want to know which spyware you had.

Wade.


Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed
 
Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please



-- "Anything but Ordinary" by Avril Lavigne.

· my ·
· [link|http://staticsan.livejournal.com/|blog] ·
· [link|http://yceran.org/|website] ·

New Re: Do you know the actual spyware?
I think it went like this:

the user downloaded a program called WinZix which claimed to be a program that could decompress his pre-theatrical release of some movie
this created a WinZix folder in Program Files
I killed that dll with killbox
I saw that tick~th.exe (showed as tick third.exe in My Computer) would launch IE whenver IE was stopped
this file was in a folder under the users Application Data that has a long name starting with boo that I don't recall

don't know if this enough info

A
Play I Some Music w/ Papa Andy
Saturday 8 PM - 11 PM ET
All Night Rewind 11 PM - 5 PM
Reggae, African and Caribbean Music
[link|http://westcottradio.org|Tune In]
New I like their eula
[link|http://forums.whirlpool.net.au/forum-replies-archive.cfm/727567.html|http://forums.whirlp...e.cfm/727567.html]
1) By accepting these terms and conditions, the Software will be installed on your computer. The search page for your web browsers auto search option and default error page are set to a web page determined by the Software. The software does not transmit the URL of any valid website that you or any user visits to a 3rd party server. The software may however transmit DNS errors or "non resolving / invalid domain names only" back to the server in order to diagnose communication issues. The Software will deliver popup advertisements on your computer on a regular basis. Installation of the Software may also add bookmarks to your computer and web browser, and shortcuts to the desktop and various menus. The added bookmarks and shortcuts may be removed manually or via un-installation of the Software. If incorrect host-file entries are detected for this Software's related domain names, those entries will be removed in order for this software to function properly.
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 51 years. meep

reach me at [link|mailto:bill.oxley@cox.net|mailto:bill.oxley@cox.net]
New WinZix is clearly the problem.
As Box has no-doubt already found, it comes with trojan software; that is it modus operandi. Google for 'WinZix problems' and you will find lots of links about cleaning up after it.

As for the hidden IE session: I spoke to one of the MRC guys here and he said such a thing happens when a program loads an IE component. The EULA says it serves advertising - I imagine that it would use the HTML rendering component to display the ads. Nothing sinister in and of itself, until you look at the whole package, as it were. :-)

Wade.


Is it enough to love
Is it enough to breathe
Somebody rip my heart out
And leave me here to bleed
 
Is it enough to die
Somebody save my life
I'd rather be Anything but Ordinary
Please



-- "Anything but Ordinary" by Avril Lavigne.

· my ·
· [link|http://staticsan.livejournal.com/|blog] ·
· [link|http://yceran.org/|website] ·

     Spyware running IE - (andread) - (18)
         Re: Spyware running IE - (pwhysall)
         Creating dummy accounts on message boards and spamming. -NT - (inthane-chan)
         perhaps a click thru trojan to generate ad revenue -NT - (boxley)
         Hehehe - (crazy) - (9)
             Wrong - (andread) - (8)
                 Watch it as it runs - (crazy) - (7)
                     tcpdump is your friend, works under winders -NT - (boxley)
                     remind me of that the next time you get root kitted :-) -NT - (boxley) - (3)
                         There's NOTHING that can be done once root kitted - (crazy) - (2)
                             Don't agree -NT - (andread) - (1)
                                 You're wrong. - (pwhysall)
                     So you can be helpful after all - (andread) - (1)
                         The reason you fond nothing on that .exe.... - (folkert)
         Do you know the actual spyware? - (static) - (3)
             Re: Do you know the actual spyware? - (andread) - (2)
                 I like their eula - (boxley)
                 WinZix is clearly the problem. - (static)
         another link to your issue - (boxley)

You know nothing of this if they ask you...
74 ms