Re: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar
From: Andrew Clover (and-bugtraq_at_doxdesk.com)
Date: 06/10/04
- Previous message: kernel: "Re: [Full-Disclosure] Possible First Crypto Virus Definitely Discovered!"
- In reply to: mark: "[Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Thu, 10 Jun 2004 08:14:27 +0900
mark@edwards.org wrote:
> Anybody know about some trojan(s) that spawn a "tvm.exe" process
Probably the recent new TVMedia variant.
> inserts a "blehdefyreal" toolbar into IE
There are a few parasites that use such random names. This is likely lop.
> and hijacks the IE homepage to point to allaboutsearching.com?
This is definitely lop.
> This thing also opens pop-ups pointing to this page:
> http://69.20.62.53/yyy3.html
That's Look2Me.
The likelihood is you have *many* parasites installed. Ad-Aware and
Spybot may be able to remove a lot, but if you're massively infected a
reinstall may indeed be easier/safer.
-- Andrew Clover mailto:and@doxdesk.com http://www.doxdesk.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: kernel: "Re: [Full-Disclosure] Possible First Crypto Virus Definitely Discovered!"
- In reply to: mark: "[Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Loading
