Full Disclosure mailing list archives

Re: tvm.exe / poll each.exe / blehdefyreal toolbar

From: Andrew Clover <and-bugtraq () doxdesk com>
Date: Thu, 10 Jun 2004 08:14:27 +0900

mark () edwards org wrote:

Anybody know about some trojan(s) that spawn a "tvm.exe" process


Probably the recent new TVMedia variant.

inserts a "blehdefyreal" toolbar into IE


There are a few parasites that use such random names. This is likely lop.

and hijacks the IE homepage  to point to allaboutsearching.com?


This is definitely lop.

This thing also opens pop-ups pointing to this page:

http://69.20.62.53/yyy3.html


That's Look2Me.

The likelihood is you have *many* parasites installed. Ad-Aware andSpybot may be able to remove a lot, but if you're massively infected areinstall may indeed be easier/safer.


--
Andrew Clover
mailto:and () doxdesk com
http://www.doxdesk.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

tvm.exe / poll each.exe / blehdefyreal toolbar mark (Jun 08)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar petard (Jun 09)
  - Re: tvm.exe / poll each.exe / blehdefyreal toolbar 404 (Jun 09)
  - Re: tvm.exe / poll each.exe / blehdefyreal toolbar Nick FitzGerald (Jun 09)
    - Re: tvm.exe / poll each.exe / blehdefyreal toolbar Aaron Gee-Clough (Jun 09)
    - Re: tvm.exe / poll each.exe / blehdefyreal toolbar Nick FitzGerald (Jun 09)
    - Re: tvm.exe / poll each.exe / blehdefyreal toolbar petard (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar Andrew Clover (Jun 09)
- <Possible follow-ups>
- RE: tvm.exe / poll each.exe / blehdefyreal toolbar Zach Forsyth (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar mark (Jun 09)
  - Re: tvm.exe / poll each.exe / blehdefyreal toolbar Harlan Carvey (Jun 09)