Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

030 ignkeywords igetnet follow up

From: "Waitman C. Gobble" <waitman () emkdesign com>
Date: 11 Nov 2002 14:19:34 -0800

Hello all, 

Below is the response I received from igetnet.com regarding their
spyware.  (Caution I wouldn't touch their download file for nothing). 

Interesting thing, apparently you can install their spyware directly
from their web site. 

HOWEVER nobody here has heard of them, and does not recall previously
visiting the site. 

Did any of you people with the ign spyware infestation install it on
purpose? The consensus here is "No". 

At first glance I don't see anything strange in the event logs on the
machine.... 


Best, 

Waitman Gobble 
EMK Design 
Buena Park California 
+1.7145222528 
http://emkdesign.com





Return-Path: <mark () igetnet com> 
Received: from htsvr01.hightower.com (mail.igetnet.com [216.41.184.80]) 
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 
content-class: urn:content-classes:message 
Subject: uninstall 
MIME-Version: 1.0 
Date: 11 Nov 2002 11:44:33 -0800 
Message-ID:
<D01F0DCA5F1F0E4785A301199E299C512B5797 () htsvr01 hightower com> 
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
From: Mark LeGault <mark () igetnet com> 
To: waitman () emkdesign com


Hello  Waitman          - 

To uninstall our search program, just save this file to your desktop,
close all windows, and double-click the file. You can also download this
same file here if you prefer: 

http://www.igetnet.com/iGetNet_IGNDownloads.html

Be sure all windows are closed when you run it. 

Thanks, 

iGetNet Customer Support 


-----Original Message----- 
From: Waitman C. Gobble [mailto:waitman () emkdesign com] 
Sent: Saturday, November 09, 2002 12:04 PM 
To: Support 
Subject: help 



Hello 

Someone or some program has illegally tampered with one of my computers.

Opening Internet Explorer sends me directly to ignkeywords.com, which is
then redirected to the msn search. I did not request or authorize this
change to my system. 

When I open Internet Explorer I expect for it to go to the home page I
have placed in the configuration settings. However, it automatically
goes to ignkeywords.com as if the url for the home page does not exist,
which is completely incorrect - the url does indeed exist. 

I expect an explanation of why my machine was changed, how it was
changed and how to revert my machine to its original state. 

If you prefer to meet in person to discuss this matter, I am within very
short driving distance to Irvine. 

Sincerely, 

Waitman Gobble 
Buena Park California 
714-522-2528 




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: