Vulnerability Development mailing list archives
RE: Grokster and possible trojan
From: Brendon Crawford <xapocalypse () yahoo com>
Date: Thu, 27 Dec 2001 22:06:58 -0800 (PST)
i installed limewire, and got that explorer.exe file as well... in case your interested, it is started from: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\run --- scott () falcon graphictype com wrote:
I'm not even positive that it's only one trojan that i found on my system, perhaps it's two separate viruses, and i am thinking it's a single one. In reference to "dldr.exe", i'm not positive where this came from, but i'm 90% certain that "explorer.exe" was installed by Grokster (as the Click Till U Win game). The reason i think that they're both part of the same trojan is becuase i find "clicktilluwin" in a hexdump of *both* files - which is too much of a coicidence for me. Even if you un-install it, i'm pretty sure it'll hang around... after i deleted "dldr.exe" and rebooted my machine, i found it right back in "C:\winnt\"... as for "explorer.exe" in "C:\winnt\explorer\" it still hasn't resurfaced after one reboot, but perhaps it'll come back tomorrow, when i log into the machine at work again... On Thu, 27 Dec 2001, Ken @Work wrote:Is this in relation to LIMEWIRE? I have theDlder.exe file but no reg entryunder that location or a hidden folder in Winntcalled 'explorer' with afile 'explorer.exe' in it?? If so, I'muninstalling this shit asap!Let me know. thanks, A concerned net citizen!
===== -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCM$/GCS$/GIT$/ d--(++$) s: a--- c++@ UL+++ P++ L++ E---- W+++ N !o K- w(++++$) O-$ M V? PS-- PE++ Y+ PGP(++) t(+) 5 X+ R-- tv-- b+ DI(+) D++ G e h! r% y? ------END GEEK CODE BLOCK------ http://www.geekcode.com __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com
Current thread:
- Grokster and possible trojan scott [gts] (Dec 27)
- Re: Grokster and possible trojan Michael (Dec 27)
- Re: Grokster and possible trojan jont (Dec 28)
- <Possible follow-ups>
- RE: Grokster and possible trojan scott (Dec 27)
- RE: Grokster and possible trojan Brendon Crawford (Dec 28)
- RE: Grokster and possible trojan Dom De Vitto (Dec 28)
- RE: Grokster and possible trojan Dom De Vitto (Dec 30)
- RE: Grokster and possible trojan Ken Pfeil (Dec 28)