Here goes: To clean up LimeWire 2.0.2 you need to: + kill any running adp.exe and bargins.exe processes. + Remove the \program files\adp\ directory + Remove the \program files\Bargain Buddy\ directory + Remove the entry for adp.exe and bargins.exe from HK_LOCAL_MACHINE..run. + Remove HK_LOCAL_MACHINE\SOFTWARE\Microsoft\adp\ (the cheek!) + Install & run Lavasoft Add-Aware 5.62 (it doesn't seem to spot "Ad Popper") + Check any personal firewall logs for oddities. + Run LimeWire - javaw + Check any personal firewall logs for oddities. Dom (no relation to ad-aware, btw) NB. It looks like Ad Popper calls: http://adp.ikena.com/update.asp?partner=%s&type=software which returns the text: version=7378 url=http://adp.ikena.com:80/file/bbi7378.exe size=153957 artifact=bbi7378.exe Which appears to be "Bargin Buddy", at least today it is. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Secure Technologies Ltd mailto:domat_private Mob. +44 7855 805 271 http://www.devitto.com Fax. +44 8700 548 750 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > -----Original Message----- > From: Jonas M Luster [mailto:jluster@d-fensive.com] > Sent: 31 December 2001 20:48 > To: vuln-devat_private > Subject: Re: Clicktilluwin DLDER Trojan > > > Quoting Michael Watson (mmwatsonat_private): > > > something weird is going on. maybe the limeware and kazaa > people got hacked > > and someone is having a little fun, or maybe they are > intentionally doing > > this for some reason. isn't there some kind of legal way for this to be > > They get paid for it. Smuggling ad-ware or spyware into seemingly free > applications is, well, common behavior. > > http://www.lavasoftusa.com/index.html can help. >
This archive was generated by hypermail 2b30 : Tue Jan 01 2002 - 14:04:19 PST