I'm pretty sure LimeWire is clean, at least the version I'm using (version 1.6b). Obviously, I didn't install any of the freebee sponsor/spyware stuff. I'm pretty paranoid and though, I'm firewalled and still run ZoneAlarm, SurfinShield etc.... and also "clicktilluwin" doesn't exist as a raw (ascii) string anywhere on my system... Of course, later versions of LimeWire (and BearShare) may/will have different sponsors, and different "Ts & Cs". Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Secure Technologies Ltd mailto:domat_private Mob. +44 7855 805 271 http://www.devitto.com Fax. +44 8700 548 750 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > -----Original Message----- > From: scottat_private [mailto:scottat_private] > Sent: 28 December 2001 01:30 > To: Ken @Work > Cc: Michael; vuln-devat_private > Subject: RE: Grokster and possible trojan > > > I'm not even positive that it's only one trojan that i > found on my system, perhaps it's two separate viruses, > and i am thinking it's a single one. > > In reference to "dldr.exe", i'm not positive where > this came from, but i'm 90% certain that "explorer.exe" > was installed by Grokster (as the Click Till U Win game). > The reason i think that they're both part of the same > trojan is becuase i find "clicktilluwin" in a hexdump > of *both* files - which is too much of a coicidence > for me. > > Even if you un-install it, i'm pretty sure it'll hang > around... after i deleted "dldr.exe" and rebooted my > machine, i found it right back in "C:\winnt\"... > as for "explorer.exe" in "C:\winnt\explorer\" > it still hasn't resurfaced after one reboot, > but perhaps it'll come back tomorrow, when i log > into the machine at work again... > > On Thu, 27 Dec 2001, Ken @Work wrote: > > > Is this in relation to LIMEWIRE? I have the Dlder.exe file but > no reg entry > > under that location or a hidden folder in Winnt called 'explorer' with a > > file 'explorer.exe' in it?? If so, I'm uninstalling this shit asap! > > > > Let me know. > > > > thanks, > > > > A concerned net citizen! > >
This archive was generated by hypermail 2b30 : Fri Dec 28 2001 - 08:51:08 PST