Re: YANDEX cookie

Andy wrote:
>> So what is it and how did you get rid of it?
>>
>> Kerry
>
> I dont know what it is or what its called but it is acvtivated (and
> reactivated) by pulling those little gif images down from a handful of
> sites including Yandex.ru and nix.ru. The gif is then executed
> (thanks a lot MS!) and it appears to continue to pull updated info
> from those sites (and a couple of others).
>
> It creates smss.exe in the /windows dir also winlogon.exe in /windows
> but deletes the later after its done its work. Explore process is
> spawned by the dodgy smss so it can connect to web sites quietly.
> Other processes are spawn and they look for all manner of files
> including windows.exe in the "Program Files" dir... I could go on for
> hours, it is nasty, it is hard to identify with "normal tools" and is
> tricky to remove.
>
> Every so often it will send screen captures and data to a remote
> host.... bank passwords, email passwords, domain passwords.... you get
> the idea.
>
> I dont want to encourage script kiddies so I'll stop talking about it
> now.... but if anyone has had the same symptoms and wants to know what
> data of theirs is moving around the planet then let me know (your
> infected machine name via email) and I'll check for it (if and/or when
> I can).
>
> Andy.

Thanks, I have seen similar. It can be a real pain to get rid of. The only
sure way is to kill the system and start again. It's impossible to be 100%
certain you got it all any other way.

Kerry


.

Relevant Pages

  • Need Help
    ... sumthing like that if u know how to get rid of them can u tell me plus ... when i install my Belkin installer and put in the Wireless G Desktop ... Network Card plug in thing i dont get a signal and when i click on ... validation or sumthing can anyone tell me what that means. ...
    (microsoft.public.windowsxp.general)
  • Re: Subsystem and Task Manger Probem
    ... | Everytime i start up my computer, a error or alert pops up. ... i dont know how to get rid of, ...
    (microsoft.public.windows.file_system)
  • Re: Paul Thomas - CPA
    ... you could have rid this newsgroup of me months ago by proving ... Did you lie when ... No Andy, this is a free and public forum, in which you can continue ...
    (misc.taxes)
  • Re: Emergency leather waterproofs
    ... I dont want to carry all manner of stuff around. ... One day you might meet me, beleive me Andy, you wont speak to me like ... through a fucking newsgroup post. ... It's schoolyard bullying & it makes you look very fucking sad. ...
    (uk.rec.motorcycles)
  • Re: SUM IF with Array
    ... "Dave Peterson" wrote: ... and Mark in each row then its very easy to sum but i dont want to do that. ... I want to add value for 'Andy' 'Mark' and 'YTD' and i dont want to repeat ...
    (microsoft.public.excel.misc)
Loading