RE: Grokster and possible trojan
From: Dom De Vitto (Dom@DeVitto.com)Date: 12/28/01
- Previous message: Brendon Crawford: "RE: Grokster and possible trojan"
- In reply to: scott@falcon.graphictype.com: "RE: Grokster and possible trojan"
- Next in thread: Dom De Vitto: "RE: Grokster and possible trojan"
- Next in thread: Ken Pfeil: "RE: Grokster and possible trojan"
- Reply: Dom De Vitto: "RE: Grokster and possible trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dom De Vitto" <Dom@DeVitto.com> To: <scott@falcon.graphictype.com>, "Ken @Work" <kludeman@adi-cs.com> Date: Fri, 28 Dec 2001 12:07:12 -0000
I'm pretty sure LimeWire is clean, at least the version I'm using
(version 1.6b). Obviously, I didn't install any of the freebee
sponsor/spyware stuff.
I'm pretty paranoid and though, I'm firewalled and still run ZoneAlarm,
SurfinShield etc.... and also "clicktilluwin" doesn't exist as a raw
(ascii) string anywhere on my system...
Of course, later versions of LimeWire (and BearShare) may/will have
different sponsors, and different "Ts & Cs".
Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto Secure Technologies Ltd
mailto:dom@devitto.com Mob. +44 7855 805 271
http://www.devitto.com Fax. +44 8700 548 750
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> -----Original Message-----
> From: scott@falcon.graphictype.com [mailto:scott@falcon.graphictype.com]
> Sent: 28 December 2001 01:30
> To: Ken @Work
> Cc: Michael; vuln-dev@securityfocus.com
> Subject: RE: Grokster and possible trojan
>
>
> I'm not even positive that it's only one trojan that i
> found on my system, perhaps it's two separate viruses,
> and i am thinking it's a single one.
>
> In reference to "dldr.exe", i'm not positive where
> this came from, but i'm 90% certain that "explorer.exe"
> was installed by Grokster (as the Click Till U Win game).
> The reason i think that they're both part of the same
> trojan is becuase i find "clicktilluwin" in a hexdump
> of *both* files - which is too much of a coicidence
> for me.
>
> Even if you un-install it, i'm pretty sure it'll hang
> around... after i deleted "dldr.exe" and rebooted my
> machine, i found it right back in "C:\winnt\"...
> as for "explorer.exe" in "C:\winnt\explorer\"
> it still hasn't resurfaced after one reboot,
> but perhaps it'll come back tomorrow, when i log
> into the machine at work again...
>
> On Thu, 27 Dec 2001, Ken @Work wrote:
>
> > Is this in relation to LIMEWIRE? I have the Dlder.exe file but
> no reg entry
> > under that location or a hidden folder in Winnt called 'explorer' with a
> > file 'explorer.exe' in it?? If so, I'm uninstalling this *** asap!
> >
> > Let me know.
> >
> > thanks,
> >
> > A concerned net citizen!
>
>
- Previous message: Brendon Crawford: "RE: Grokster and possible trojan"
- In reply to: scott@falcon.graphictype.com: "RE: Grokster and possible trojan"
- Next in thread: Dom De Vitto: "RE: Grokster and possible trojan"
- Next in thread: Ken Pfeil: "RE: Grokster and possible trojan"
- Reply: Dom De Vitto: "RE: Grokster and possible trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
