Re: YANDEX cookie

Andy wrote:
>> So what is it and how did you get rid of it?
>>
>> Kerry
>
> I dont know what it is or what its called but it is acvtivated (and
> reactivated) by pulling those little gif images down from a handful of
> sites including Yandex.ru and nix.ru. The gif is then executed
> (thanks a lot MS!) and it appears to continue to pull updated info
> from those sites (and a couple of others).
>
> It creates smss.exe in the /windows dir also winlogon.exe in /windows
> but deletes the later after its done its work. Explore process is
> spawned by the dodgy smss so it can connect to web sites quietly.
> Other processes are spawn and they look for all manner of files
> including windows.exe in the "Program Files" dir... I could go on for
> hours, it is nasty, it is hard to identify with "normal tools" and is
> tricky to remove.
>
> Every so often it will send screen captures and data to a remote
> host.... bank passwords, email passwords, domain passwords.... you get
> the idea.
>
> I dont want to encourage script kiddies so I'll stop talking about it
> now.... but if anyone has had the same symptoms and wants to know what
> data of theirs is moving around the planet then let me know (your
> infected machine name via email) and I'll check for it (if and/or when
> I can).
>
> Andy.

Thanks, I have seen similar. It can be a real pain to get rid of. The only
sure way is to kill the system and start again. It's impossible to be 100%
certain you got it all any other way.

Kerry


.

Relevant Pages

  • Need Help
    ... sumthing like that if u know how to get rid of them can u tell me plus ... when i install my Belkin installer and put in the Wireless G Desktop ... Network Card plug in thing i dont get a signal and when i click on ... validation or sumthing can anyone tell me what that means. ...
    (microsoft.public.windowsxp.general)
  • Re: The official WWDC prediction / reaction thread
    ... to get revenues right away. ... they downloaded this zwinky toolbar which was like, I dont know, I ... downloaded it once and couldn't get rid of it. ...
    (uk.comp.sys.mac)
  • Re: The official WWDC prediction / reaction thread
    ... to get revenues right away. ... they downloaded this zwinky toolbar which was like, I dont know, I ... downloaded it once and couldn't get rid of it. ...
    (uk.comp.sys.mac)
  • Re: Paul Thomas - CPA
    ... you could have rid this newsgroup of me months ago by proving ... Did you lie when ... No Andy, this is a free and public forum, in which you can continue ...
    (misc.taxes)