RE: Grokster and possible trojan

From: Dom De Vitto (Domat_private)
Date: Fri Dec 28 2001 - 04:07:12 PST

Next message: Markus Kern: "Re: Update on grokster trojan domain name"

Previous message: Brendon Crawford: "RE: Grokster and possible trojan"
In reply to: scottat_private: "RE: Grokster and possible trojan"
Next in thread: Dom De Vitto: "RE: Grokster and possible trojan"
Next in thread: Ken Pfeil: "RE: Grokster and possible trojan"
Reply: Dom De Vitto: "RE: Grokster and possible trojan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm pretty sure LimeWire is clean, at least the version I'm using
(version 1.6b).  Obviously, I didn't install any of the freebee
sponsor/spyware stuff.

I'm pretty paranoid and though, I'm firewalled and still run ZoneAlarm,
SurfinShield etc.... and also "clicktilluwin" doesn't exist as a raw
(ascii) string anywhere on my system...

Of course, later versions of LimeWire (and BearShare) may/will have
different sponsors, and different "Ts & Cs".

Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  Dom De Vitto                               Secure Technologies Ltd
  mailto:domat_private                       Mob. +44 7855 805 271
  http://www.devitto.com                       Fax. +44 8700 548 750
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

> -----Original Message-----
> From: scottat_private [mailto:scottat_private]
> Sent: 28 December 2001 01:30
> To: Ken @Work
> Cc: Michael; vuln-devat_private
> Subject: RE: Grokster and possible trojan
>
>
> I'm not even positive that it's only one trojan that i
> found on my system, perhaps it's two separate viruses,
> and i am thinking it's a single one.
>
> In reference to "dldr.exe", i'm not positive where
> this came from, but i'm 90% certain that "explorer.exe"
> was installed by Grokster (as the Click Till U Win game).
> The reason i think that they're both part of the same
> trojan is becuase i find "clicktilluwin" in a hexdump
> of *both* files - which is too much of a coicidence
> for me.
>
> Even if you un-install it, i'm pretty sure it'll hang
> around... after i deleted "dldr.exe" and rebooted my
> machine, i found it right back in "C:\winnt\"...
> as for "explorer.exe" in "C:\winnt\explorer\"
> it still hasn't resurfaced after one reboot,
> but perhaps it'll come back tomorrow, when i log
> into the machine at work again...
>
> On Thu, 27 Dec 2001, Ken @Work wrote:
>
> > Is this in relation to LIMEWIRE?  I have the Dlder.exe file but
> no reg entry
> > under that location or a hidden folder in Winnt called 'explorer' with a
> > file 'explorer.exe' in it??   If so, I'm uninstalling this shit asap!
> >
> > Let me know.
> >
> > thanks,
> >
> > A concerned net citizen!
>
>

Next message: Markus Kern: "Re: Update on grokster trojan domain name"
Previous message: Brendon Crawford: "RE: Grokster and possible trojan"
In reply to: scottat_private: "RE: Grokster and possible trojan"
Next in thread: Dom De Vitto: "RE: Grokster and possible trojan"
Next in thread: Ken Pfeil: "RE: Grokster and possible trojan"
Reply: Dom De Vitto: "RE: Grokster and possible trojan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 28 2001 - 08:51:08 PST