030 ignkeywords igetnet follow up

From: Waitman C. Gobble (waitmanat_private)
Date: Mon Nov 11 2002 - 14:19:34 PST

Next message: Will Munkara-Kerr: "RE: Port 5552?"

Previous message: darroch royden: "RE: Quick question re FTP activity"
Next in thread: Ryan Yagatich: "Re: 030 ignkeywords igetnet follow up"
Reply: Ryan Yagatich: "Re: 030 ignkeywords igetnet follow up"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello all, 

Below is the response I received from igetnet.com regarding their
spyware.  (Caution I wouldn't touch their download file for nothing). 

Interesting thing, apparently you can install their spyware directly
from their web site. 

HOWEVER nobody here has heard of them, and does not recall previously
visiting the site. 

Did any of you people with the ign spyware infestation install it on
purpose? The consensus here is "No". 

At first glance I don't see anything strange in the event logs on the
machine.... 


Best, 

Waitman Gobble 
EMK Design 
Buena Park California 
+1.7145222528 
http://emkdesign.com





Return-Path: <markat_private> 
Received: from htsvr01.hightower.com (mail.igetnet.com [216.41.184.80]) 
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 
content-class: urn:content-classes:message 
Subject: uninstall 
MIME-Version: 1.0 
Date: 11 Nov 2002 11:44:33 -0800 
Message-ID:
<D01F0DCA5F1F0E4785A301199E299C512B5797at_private> 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
From: Mark LeGault <markat_private> 
To: waitmanat_private


Hello  Waitman          - 

To uninstall our search program, just save this file to your desktop,
close all windows, and double-click the file. You can also download this
same file here if you prefer: 

http://www.igetnet.com/iGetNet_IGNDownloads.html

Be sure all windows are closed when you run it. 

Thanks, 

iGetNet Customer Support 


-----Original Message----- 
From: Waitman C. Gobble [mailto:waitmanat_private] 
Sent: Saturday, November 09, 2002 12:04 PM 
To: Support 
Subject: help 



Hello 

Someone or some program has illegally tampered with one of my computers.

Opening Internet Explorer sends me directly to ignkeywords.com, which is
then redirected to the msn search. I did not request or authorize this
change to my system. 

When I open Internet Explorer I expect for it to go to the home page I
have placed in the configuration settings. However, it automatically
goes to ignkeywords.com as if the url for the home page does not exist,
which is completely incorrect - the url does indeed exist. 

I expect an explanation of why my machine was changed, how it was
changed and how to revert my machine to its original state. 

If you prefer to meet in person to discuss this matter, I am within very
short driving distance to Irvine. 

Sincerely, 

Waitman Gobble 
Buena Park California 
714-522-2528 




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Will Munkara-Kerr: "RE: Port 5552?"
Previous message: darroch royden: "RE: Quick question re FTP activity"
Next in thread: Ryan Yagatich: "Re: 030 ignkeywords igetnet follow up"
Reply: Ryan Yagatich: "Re: 030 ignkeywords igetnet follow up"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Nov 12 2002 - 13:08:59 PST