RE: Grokster and possible trojan
From: Brendon Crawford (xapocalypse@yahoo.com)Date: 12/28/01
- Previous message: scott@falcon.graphictype.com: "RE: Grokster and possible trojan"
- In reply to: scott@falcon.graphictype.com: "RE: Grokster and possible trojan"
- Next in thread: Dom De Vitto: "RE: Grokster and possible trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Dec 2001 22:06:58 -0800 (PST) From: Brendon Crawford <xapocalypse@yahoo.com> To: scott@falcon.graphictype.com, "Ken @Work" <kludeman@adi-cs.com>
i installed limewire, and got that explorer.exe file
as well...
in case your interested, it is started from:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\run
--- scott@falcon.graphictype.com wrote:
> I'm not even positive that it's only one trojan that
> i
> found on my system, perhaps it's two separate
> viruses,
> and i am thinking it's a single one.
>
> In reference to "dldr.exe", i'm not positive where
> this came from, but i'm 90% certain that
> "explorer.exe"
> was installed by Grokster (as the Click Till U Win
> game).
> The reason i think that they're both part of the
> same
> trojan is becuase i find "clicktilluwin" in a
> hexdump
> of *both* files - which is too much of a coicidence
> for me.
>
> Even if you un-install it, i'm pretty sure it'll
> hang
> around... after i deleted "dldr.exe" and rebooted my
> machine, i found it right back in "C:\winnt\"...
> as for "explorer.exe" in "C:\winnt\explorer\"
> it still hasn't resurfaced after one reboot,
> but perhaps it'll come back tomorrow, when i log
> into the machine at work again...
>
> On Thu, 27 Dec 2001, Ken @Work wrote:
>
> > Is this in relation to LIMEWIRE? I have the
> Dlder.exe file but no reg entry
> > under that location or a hidden folder in Winnt
> called 'explorer' with a
> > file 'explorer.exe' in it?? If so, I'm
> uninstalling this *** asap!
> >
> > Let me know.
> >
> > thanks,
> >
> > A concerned net citizen!
>
=====
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM$/GCS$/GIT$/ d--(++$) s: a--- c++@ UL+++ P++ L++ E---- W+++ N !o K- w(++++$) O-$ M V? PS-- PE++ Y+ PGP(++) t(+) 5 X+ R-- tv-- b+ DI(+) D++ G e h! r% y?
------END GEEK CODE BLOCK------
http://www.geekcode.com
__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com
- Previous message: scott@falcon.graphictype.com: "RE: Grokster and possible trojan"
- In reply to: scott@falcon.graphictype.com: "RE: Grokster and possible trojan"
- Next in thread: Dom De Vitto: "RE: Grokster and possible trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
