Clicktilluwin DLDER Trojan

From: jonat_private
Date: Mon Dec 31 2001 - 07:04:15 PST

Next message: Przemyslaw Frasunek: "Re: Proftpd SIGSEGV"

Previous message: Holmes, Ben: "RE: Grokster and your email"
Next in thread: Michael Watson: "RE: Clicktilluwin DLDER Trojan"
Reply: Michael Watson: "RE: Clicktilluwin DLDER Trojan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <20011230032402.5229.qmailat_private> I found this vulnerability in the latest Limewire 2.0.2 gnutella client download. This crap gets installed whether you like it or not. On my WinXP machine, it was running a new service called bargains.exe that was located in c:\program files\bargain buddy. The dlder.exe file resides in C:\windows. I deleted the files before I looked at their content but there appeard to be some DB type files in the folder. Norton's latests pattern files (12/29) will detect the dlder.exe file but there's no info on their website about it yet. Anyone have a handle on what this thing is doing?

Next message: Przemyslaw Frasunek: "Re: Proftpd SIGSEGV"
Previous message: Holmes, Ben: "RE: Grokster and your email"
Next in thread: Michael Watson: "RE: Clicktilluwin DLDER Trojan"
Reply: Michael Watson: "RE: Clicktilluwin DLDER Trojan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 31 2001 - 09:42:00 PST