RE: Clicktilluwin DLDER Trojan
From: Michael Watson (mmwatson@peoplepc.com)Date: 12/31/01
- Previous message: Kevin Hegg: "Re: malformed sql queries"
- In reply to: jon@kirkbrideonline.com: "Clicktilluwin DLDER Trojan"
- Next in thread: Jonas M Luster: "Re: Clicktilluwin DLDER Trojan"
- Reply: Jonas M Luster: "Re: Clicktilluwin DLDER Trojan"
- Reply: mezzanine: "Re: Clicktilluwin DLDER Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Michael Watson" <mmwatson@peoplepc.com> To: <vuln-dev@securityfocus.com> Date: Mon, 31 Dec 2001 14:32:31 -0500
hey. i had the latest kazaa installed on my computer and it gave me that
dlder trojan. also, for some time, when kazaa was starting when window
booted, in the upper left corner on my screen was a small gray box that
wouldn't respond to anything. after i stopped kazaa.exe in my system
processes, it went away. also, that dlder.exe was a pain in the ass to get
rid of.
something weird is going on. maybe the limeware and kazaa people got hacked
and someone is having a little fun, or maybe they are intentionally doing
this for some reason. isn't there some kind of legal way for this to be
stopped? id sue for all the crap i had to go thru just to get everything
working again.
im using w2k also.
-----Original Message-----
From: jon@kirkbrideonline.com [mailto:jon@kirkbrideonline.com]
Sent: Monday, December 31, 2001 10:04 AM
To: vuln-dev@securityfocus.com
Subject: Clicktilluwin DLDER Trojan
In-Reply-To: <20011230032402.5229.qmail@mail.securityfocus.com>
I found this vulnerability in the latest Limewire 2.0.2
gnutella client download. This crap gets installed
whether you like it or not. On my WinXP machine, it
was running a new service called bargains.exe that
was located in c:\program files\bargain buddy. The
dlder.exe file resides in C:\windows. I deleted the files
before I looked at their content but there appeard to
be some DB type files in the folder. Norton's latests
pattern files (12/29) will detect the dlder.exe file but
there's no info on their website about it yet. Anyone
have a handle on what this thing is doing?
- Previous message: Kevin Hegg: "Re: malformed sql queries"
- In reply to: jon@kirkbrideonline.com: "Clicktilluwin DLDER Trojan"
- Next in thread: Jonas M Luster: "Re: Clicktilluwin DLDER Trojan"
- Reply: Jonas M Luster: "Re: Clicktilluwin DLDER Trojan"
- Reply: mezzanine: "Re: Clicktilluwin DLDER Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
