IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 1 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Since you're here...
What do you know about the malware "Wild Tangent". Seems my mom's machine got it. It lives in a directory called C:\\windows\\wt, which is completely invisible (yes, I turned on the "show hidden" and "how system directories", tolerating the Windows nagware that "exposing these directories and files is not a good idea, yadda, yadda, yadda...")

Spybot S&D finds it and attempts to neutralize it, but it keeps coming back, which indicates some kind of stealth object that Spybot cannot find. My main question is, how do you expose the directory so I can nuke it? Also, is there a good freeware/shareware shredder that I can use after I nuke it, to scramble up the leftovers?

[edit: tyops]

thanx-
jb4
"Every Repbulican who wants to defend Bush on [the expansion of Presidential powers], should be forced to say, 'I wouldn't hesitate to see President Hillary Rodham Clinton have the same authority'."
&mdash an unidentified letter writer to Newsweek on the expansion of executive powers under the Bush administration
Collapse Edited by jb4 April 20, 2006, 01:11:28 PM EDT
Since you're here...
What do you know about the malware "Wild Tangent". Seems my mon's machine got it. It lives in a directory called C:\windows\wt, which is completely invisible (yes, it turned on the "show hidden" and show system directories, tolerating the Windows nagware that "exposing these directories and files is not a good idea, yadda, yadda, yadda..."

Spybot S&D finds it and attempts to neutralize it, but it keeps coming back, which indicates some kind of stealth object that Spybot cannot find. My main question is, how do you expose the directory so I can nuke it? Also, is there a good freeware/shareware shredder that I can use after I nuke it, to scramble up the leftovers?

thanx-
jb4
"Every Repbulican who wants to defend Bush on [the expansion of Presidential powers], should be forced to say, 'I wouldn't hesitate to see President Hillary Rodham Clinton have the same authority'."
&mdash an unidentified letter writer to Newsweek on the expansion of executive powers under the Bush administration
New Not Andrew, but...
It seems to be part of a Java game.

[link|http://hoogervorst.freehosting.net/net_wildtangent.htm|Wild Tangent: too bad]. Getting rid of it involves some registry hacking, according to the article. I haven't tried it myself. Caveat emptor.

HTH.

[edit:] Whoops, you asked about deleting the directory. You should be able to do it once the process has been killed. See [link|http://www.pchell.com/support/wildtangent.shtml|this] writeup too.

Cheers,
Scott.
Expand Edited by Another Scott April 20, 2006, 01:35:24 PM EDT
New Thanks, Another Scott!
That's the ticket. If she's still having trouble with it, I'll know how to kill it. Great link!
jb4
"Every Repbulican who wants to defend Bush on [the expansion of Presidential powers], should be forced to say, 'I wouldn't hesitate to see President Hillary Rodham Clinton have the same authority'."
&mdash an unidentified letter writer to Newsweek on the expansion of executive powers under the Bush administration
New Can you boot with knoppix and access it that way?
New Didn't try...
...she's in FL; I was there visiting my dad after his stroke, and spent most of the time htere fixing up their 'puters. Didn't have my Knoppix disk there...and now I back up here is Chi-town.
jb4
"Every Repbulican who wants to defend Bush on [the expansion of Presidential powers], should be forced to say, 'I wouldn't hesitate to see President Hillary Rodham Clinton have the same authority'."
&mdash an unidentified letter writer to Newsweek on the expansion of executive powers under the Bush administration
New Might have come in as part of AOL IM.
Version 5.5 included it in the install.

[link|http://www.pcmag.com/article2/0,1759,1601598,00.asp|http://www.pcmag.com...59,1601598,00.asp]

From [link|http://www.dslreports.com/shownews/39958|http://www.dslreports.com/shownews/39958]

Yes many people have, and I think the consensus is that it isn't doing anything other than sending usage statistics that are pertinent to their games. Which is listed in their licensing agreement

However, I think what keeps WT listed as spyware is that:

1. a long time ago they hid a text file deep in it's directory structure (somewhere where most people wouldn't look) that explained what it collected. While it seemed honest, people wondered why it was hidden. It was a dumb decision on WT's part.

and

2. It apparently is installed with AIM, without telling anyone or allowing them to view the licensing agreement. Another dumb decision on both WT's and AOL's part.

Finally I think that over the past few years the label of spyware has been expanded to mean Adware as well. Spyware originally meant software that sent back statistics that wasn't up front about what they were doing, meaning that as long as they told you they were going to do it and gave you the option to not install the software, then it wasn't spyware. Now it seems any software that sends back statistics at all is considered spyware. Hell, even software that has the audacity to include an autoupdate feature is considered spyware now.
When somebody asks you to trade your freedoms for security, it isn't your security they're talking about.
New Explains why...
...it's on my mom's computer and not on my dad's (my mom downloaded AOL's IM, for reasons that are not entirely clear...). Thanx, Thane.
jb4
"Every Repbulican who wants to defend Bush on [the expansion of Presidential powers], should be forced to say, 'I wouldn't hesitate to see President Hillary Rodham Clinton have the same authority'."
&mdash an unidentified letter writer to Newsweek on the expansion of executive powers under the Bush administration
New ICLRPD (new thread)
Created as new thread #252804 titled [link|/forums/render/content/show?contentid=252804|ICLRPD]
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
New OT: Check the mdash in your sig
Needs a trailing semil-colon.
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
New erm...huh? Oh....I see now...
Funny, it rendered OK...more magic from our resident ad-ministers who can probabaly cure a common cold if they felt particularly charitable one day.

(The funny thing is that nobody noticed the tyop on the second word....)

Thanx, drook
jb4
"Every Repbulican who wants to defend Bush on [the expansion of Presidential powers], should be forced to say, 'I wouldn't hesitate to see President Hillary Rodham Clinton have the same authority'."
&mdash an unidentified letter writer to Newsweek on the expansion of executive powers under the Bush administration
New It's just that we know all Repo's are
fscked up!

LOL!
Amy

Stop looking at my signature!
Expand Edited by imqwerky April 20, 2006, 04:00:39 PM EDT
New It's not that...
It's just that they don't fsck enough...

Imric's Tips for Living
  • Paranoia Is a Survival Trait
  • Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
  • Even though everyone is out to get you, it doesn't matter unless you let them win.


Nothing is as simple as it seems in the beginning,
As hopeless as it seems in the middle,
Or as finished as it seems in the end.
 
 
New I see it less lately, but . . .
. . the versions I have encountered so far seem to uninstall cleanly from Install / Uninstall programs. Next time I'll have a more detailed look to see if there's any lingering stuff.
[link|http://www.aaxnet.com|AAx]
     Couldn't clean this one . . . - (Andrew Grygus) - (22)
         I don't even bother cleaning any more. - (inthane-chan)
         Where is the tipping point? - (pwhysall) - (4)
             He services multiple small business clients. - (broomberg) - (1)
                 I know what he does. - (pwhysall)
             That depends. - (Andrew Grygus) - (1)
                 I was shocked when I heard that... - (cforde)
         Did you try using Ewido? - (a6l6e6x) - (2)
             No, I'll look at it next time around. - (Andrew Grygus) - (1)
                 Ewido just sold out to AVG . . . - (Andrew Grygus)
         Since you're here... - (jb4) - (12)
             Not Andrew, but... - (Another Scott) - (1)
                 Thanks, Another Scott! - (jb4)
             Can you boot with knoppix and access it that way? -NT - (broomberg) - (1)
                 Didn't try... - (jb4)
             Might have come in as part of AOL IM. - (inthane-chan) - (6)
                 Explains why... - (jb4) - (5)
                     ICLRPD (new thread) - (drewk)
                     OT: Check the mdash in your sig - (drewk) - (3)
                         erm...huh? Oh....I see now... - (jb4) - (2)
                             It's just that we know all Repo's are - (imqwerky) - (1)
                                 It's not that... - (imric)
             I see it less lately, but . . . - (Andrew Grygus)

Not straight enough to make a perfect structure.
118 ms