Re: Help! PopUps with No Browser running!

From: Lohkee (Lohkee_at_worldnet.att.net)
Date: 07/03/03 

Date: Thu, 03 Jul 2003 04:52:53 GMT

"Jeff N. Cantwell" <jamesbalogun@shuf.com> wrote in message
news:rue6gv0l8o8ku741m43dbd9bf75o8dcffq@4ax.com...
> Help!
>
> My buddy here at the office has something on his machine that we can't
> get rid of.
>
> We've run a virus scan and spy-bot on it, but these damn popups keep
> popping up. Even when he doesn't have a browser window open.
>
> We've looked at installed programs, and services, but can't figure out
> what's causing it.
>
> SpyBot cleaned up a bunch of stuff, but didn't take care of this
> problem. We're running Win2000Pro here, so any suggestions would be
> greatly appreciated.
>
> Regards,
>
> JC
>
> --
> Jeff N. Cantwell
> Contract Programmer
> Downtown Little Rock, AR
> ICQ #19444448
>
> NRA Life, Member ARPA, Libertarian
> [www.ARPA-Online.org]
> ARPA Director at Large
> NRA EVC - 2nd District
> Libertarian District 2 Chair

Sounds like you may have the "checkin.b" trojan. You can test for this by
looking for the files TTPS.EXE, OWMNGR.EXE, UPDATE.EXE, SYSREQ.EXE, OR
SBSRCH.DLL on your system. You have been had if you find these files.
Essentially, the trojan bypasses firewall protection by adding a covert
plug-in to IE and having the "infected" client request and then run
executable content that it obtains from any one of several servers on the
Internet. The downloaded executable content will run in the context of the
logged user.

Lohkee!