RE: Grokster and possible trojan

[Brendon Crawford <xapocalypse () yahoo com>]

i installed limewire, and got that explorer.exe file
as well...
in case your interested, it is started from:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\run

--- scott () falcon graphictype com wrote:
> I'm not even positive that it's only one trojan that
> i
> found on my system, perhaps it's two separate
> viruses,
> and i am thinking it's a single one.
>
> In reference to "dldr.exe", i'm not positive where
> this came from, but i'm 90% certain that
> "explorer.exe"
> was installed by Grokster (as the Click Till U Win
> game).
> The reason i think that they're both part of the
> same
> trojan is becuase i find "clicktilluwin" in a
> hexdump
> of *both* files - which is too much of a coicidence
> for me.
>
> Even if you un-install it, i'm pretty sure it'll
> hang
> around... after i deleted "dldr.exe" and rebooted my
> machine, i found it right back in "C:\winnt\"...
> as for "explorer.exe" in "C:\winnt\explorer\"
> it still hasn't resurfaced after one reboot,
> but perhaps it'll come back tomorrow, when i log
> into the machine at work again...
>
> On Thu, 27 Dec 2001, Ken @Work wrote:
>
> > Is this in relation to LIMEWIRE?  I have the
> Dlder.exe file but no reg entry
> > under that location or a hidden folder in Winnt
> called 'explorer' with a
> > file 'explorer.exe' in it??   If so, I'm
> uninstalling this shit asap!
> > Let me know.
> >
> > thanks,
> >
> > A concerned net citizen!


=====
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM$/GCS$/GIT$/ d--(++$) s: a--- c++@ UL+++ P++ L++ E---- W+++ N !o K- w(++++$) O-$ M V? PS-- PE++ Y+ PGP(++) t(+) 5 X+ 
R-- tv-- b+ DI(+) D++ G e h! r% y?
------END GEEK CODE BLOCK------
http://www.geekcode.com

__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com