Re: rundll32 & adware

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 12/10/04


Date: Fri, 10 Dec 2004 12:00:39 GMT

Winged:

I didn't load the DLL on a test PC, I just provided it to McAfee. They indicated it looked
like a "Look2me" adware component and would require the /program switch be used with the
Command Line Scanner or the Program check box checked in the >v7.x VirusScan.

What do you use at your locale ?

The MIS/IS group around me use Norton. However, I use McAfee and my success rate and
prevention blows away those that use NAV.
One "QHosts-1" Trojan infection, in over 10 years, on a notebook from someone who would not
practice Safe Hex. On the other side of that T1 I mentioned to you know whom, I had a
satellite office. While the contractor was infected with the Lovsan/Blaster running rampant
on their LAN, McAfee blocked infection of the BLASTER.EXE file and none of my platforms were
affected more than being shut down. That is until I pushed via my Kixtart Login Script the
(first in a series of) patch for the RPC/DCOM Buffer Overflow vulnerability. I considered
my satellite LAN a good neighbourhood in a slum. The contractors subnets were a bad
influence on my LAN :-)

Dave

"winged" <winged@nofollow.com> wrote in message news:cpb94u$gd5@dispatch.concentric.net...
|
| You have any nfo on the animal you mentioned? I can't find mention (by
| that name) on the web. Kinda curious about how new stuff works. Where
| in the hive does it embed?
| Winged
|
| David H. Lipman wrote:
| > McAfee sent me an EXTRA.DAT today for this Adware object, presently identified as
| > "Adware-adwr" and will be included in next week's release of v4413 DAT files.
| >
| > Dave
| >
| >
| >
| >
| > "Jim Watt" <jimwatt@aol.no_way> wrote in message
| > news:3ug1r09gojr4skgv1tmnd8m1gmm3vfhj5v@4ax.com...
| > | I have a couple of machines that pop up IE with adverts from nowhere;
| > |
| > | There is nothing suspicious run from the registry etc, and spybot
| > | finds nothing.
| > |
| > | There is a process running with rundll32 shown, but no idea what
| > | DLL its running.
| > |
| > | Any suggestions on how to exorcise this ill ?
| > |
| > | OS is windows/98
| > | --
| > | Jim Watt
| > | http://www.gibnet.com
| >
| >



Relevant Pages

  • Re: HELP! DLLs being replaced and added without permission
    ... >mcscan32.dll is a dll used by your McAfee software to scan your e-mail. ... McAfee VirusScan E-mail Module scans all incoming mail. ... Can you explain why the Binary dump in that warning contained all the ... automatically installing onto my computer, ...
    (comp.security.firewalls)
  • StartPage CZ fix
    ... deleting it,, each time a different ".dll" name. ... disabled System Restore a couple of times and run McAfee, ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Trojan/Browsela/Looksky
    ... I use sophos, not McAfee. ... It will download the McAfee command line scanner and it does not have to pre-exist on ... That DLL is associated with a few pieces of malware and tghis uility targets the DLL as well ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Trojan.PWS.Bancos.142
    ... Ewido indicates; TrojanSpy.Bancos ... It was submitted to McAfee and Symantec and Symantec declared it clean. ... The DLL was submitted to BitDefender and DrWeb as a possible False Positive declarations. ...
    (microsoft.public.security.virus)
  • Virus Appliance - Help configuring a McAfee WebShield e250
    ... it again every year like you often do with McAfee. ... if you have an antivirus program on every ... doubt the appliance will be able to do these things. ... >two network cards, one for the LAN and one for the WAN, ...
    (microsoft.public.security)