Re: rundll32 & adware

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 12/10/04


Date: Fri, 10 Dec 2004 12:00:39 GMT

Winged:

I didn't load the DLL on a test PC, I just provided it to McAfee. They indicated it looked
like a "Look2me" adware component and would require the /program switch be used with the
Command Line Scanner or the Program check box checked in the >v7.x VirusScan.

What do you use at your locale ?

The MIS/IS group around me use Norton. However, I use McAfee and my success rate and
prevention blows away those that use NAV.
One "QHosts-1" Trojan infection, in over 10 years, on a notebook from someone who would not
practice Safe Hex. On the other side of that T1 I mentioned to you know whom, I had a
satellite office. While the contractor was infected with the Lovsan/Blaster running rampant
on their LAN, McAfee blocked infection of the BLASTER.EXE file and none of my platforms were
affected more than being shut down. That is until I pushed via my Kixtart Login Script the
(first in a series of) patch for the RPC/DCOM Buffer Overflow vulnerability. I considered
my satellite LAN a good neighbourhood in a slum. The contractors subnets were a bad
influence on my LAN :-)

Dave

"winged" <winged@nofollow.com> wrote in message news:cpb94u$gd5@dispatch.concentric.net...
|
| You have any nfo on the animal you mentioned? I can't find mention (by
| that name) on the web. Kinda curious about how new stuff works. Where
| in the hive does it embed?
| Winged
|
| David H. Lipman wrote:
| > McAfee sent me an EXTRA.DAT today for this Adware object, presently identified as
| > "Adware-adwr" and will be included in next week's release of v4413 DAT files.
| >
| > Dave
| >
| >
| >
| >
| > "Jim Watt" <jimwatt@aol.no_way> wrote in message
| > news:3ug1r09gojr4skgv1tmnd8m1gmm3vfhj5v@4ax.com...
| > | I have a couple of machines that pop up IE with adverts from nowhere;
| > |
| > | There is nothing suspicious run from the registry etc, and spybot
| > | finds nothing.
| > |
| > | There is a process running with rundll32 shown, but no idea what
| > | DLL its running.
| > |
| > | Any suggestions on how to exorcise this ill ?
| > |
| > | OS is windows/98
| > | --
| > | Jim Watt
| > | http://www.gibnet.com
| >
| >