Re: rundll32 & adware
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: Fri, 10 Dec 2004 12:00:39 GMT
I didn't load the DLL on a test PC, I just provided it to McAfee. They indicated it looked
like a "Look2me" adware component and would require the /program switch be used with the
Command Line Scanner or the Program check box checked in the >v7.x VirusScan.
What do you use at your locale ?
The MIS/IS group around me use Norton. However, I use McAfee and my success rate and
prevention blows away those that use NAV.
One "QHosts-1" Trojan infection, in over 10 years, on a notebook from someone who would not
practice Safe Hex. On the other side of that T1 I mentioned to you know whom, I had a
satellite office. While the contractor was infected with the Lovsan/Blaster running rampant
on their LAN, McAfee blocked infection of the BLASTER.EXE file and none of my platforms were
affected more than being shut down. That is until I pushed via my Kixtart Login Script the
(first in a series of) patch for the RPC/DCOM Buffer Overflow vulnerability. I considered
my satellite LAN a good neighbourhood in a slum. The contractors subnets were a bad
influence on my LAN :-)
"winged" <email@example.com> wrote in message news:firstname.lastname@example.org...
| You have any nfo on the animal you mentioned? I can't find mention (by
| that name) on the web. Kinda curious about how new stuff works. Where
| in the hive does it embed?
| David H. Lipman wrote:
| > McAfee sent me an EXTRA.DAT today for this Adware object, presently identified as
| > "Adware-adwr" and will be included in next week's release of v4413 DAT files.
| > Dave
| > "Jim Watt" <email@example.com_way> wrote in message
| > news:firstname.lastname@example.org...
| > | I have a couple of machines that pop up IE with adverts from nowhere;
| > |
| > | There is nothing suspicious run from the registry etc, and spybot
| > | finds nothing.
| > |
| > | There is a process running with rundll32 shown, but no idea what
| > | DLL its running.
| > |
| > | Any suggestions on how to exorcise this ill ?
| > |
| > | OS is windows/98
| > | --
| > | Jim Watt
| > | http://www.gibnet.com