Vulnerability Development mailing list archives
RE: Grokster and possible trojan
From: "Dom De Vitto" <Dom () DeVitto com>
Date: Fri, 28 Dec 2001 12:07:12 -0000
I'm pretty sure LimeWire is clean, at least the version I'm using (version 1.6b). Obviously, I didn't install any of the freebee sponsor/spyware stuff. I'm pretty paranoid and though, I'm firewalled and still run ZoneAlarm, SurfinShield etc.... and also "clicktilluwin" doesn't exist as a raw (ascii) string anywhere on my system... Of course, later versions of LimeWire (and BearShare) may/will have different sponsors, and different "Ts & Cs". Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Secure Technologies Ltd mailto:dom () devitto com Mob. +44 7855 805 271 http://www.devitto.com Fax. +44 8700 548 750 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-----Original Message----- From: scott () falcon graphictype com [mailto:scott () falcon graphictype com] Sent: 28 December 2001 01:30 To: Ken @Work Cc: Michael; vuln-dev () securityfocus com Subject: RE: Grokster and possible trojan I'm not even positive that it's only one trojan that i found on my system, perhaps it's two separate viruses, and i am thinking it's a single one. In reference to "dldr.exe", i'm not positive where this came from, but i'm 90% certain that "explorer.exe" was installed by Grokster (as the Click Till U Win game). The reason i think that they're both part of the same trojan is becuase i find "clicktilluwin" in a hexdump of *both* files - which is too much of a coicidence for me. Even if you un-install it, i'm pretty sure it'll hang around... after i deleted "dldr.exe" and rebooted my machine, i found it right back in "C:\winnt\"... as for "explorer.exe" in "C:\winnt\explorer\" it still hasn't resurfaced after one reboot, but perhaps it'll come back tomorrow, when i log into the machine at work again... On Thu, 27 Dec 2001, Ken @Work wrote:Is this in relation to LIMEWIRE? I have the Dlder.exe file butno reg entryunder that location or a hidden folder in Winnt called 'explorer' with a file 'explorer.exe' in it?? If so, I'm uninstalling this shit asap! Let me know. thanks, A concerned net citizen!
Current thread:
- Grokster and possible trojan scott [gts] (Dec 27)
- Re: Grokster and possible trojan Michael (Dec 27)
- Re: Grokster and possible trojan jont (Dec 28)
- <Possible follow-ups>
- RE: Grokster and possible trojan scott (Dec 27)
- RE: Grokster and possible trojan Brendon Crawford (Dec 28)
- RE: Grokster and possible trojan Dom De Vitto (Dec 28)
- RE: Grokster and possible trojan Dom De Vitto (Dec 30)
- RE: Grokster and possible trojan Ken Pfeil (Dec 28)