| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: textbox at gmail.com (404) Subject: tvm.exe / poll each.exe / blehdefyreal toolbar Run "CoolWWWSearch.SmartKiller removal tool" then "CWshredder" and you should be able to get that CWS varient off the workstation Check out http://www.spywareinfo.com/~merijn/downloads.html -404- On Wed, 9 Jun 2004 06:44:49 +0000, petard <petard@...eshell.org> wrote: > > On Tue, Jun 08, 2004 at 10:51:06PM -0700, mark wrote: > > > > Anybody know about some trojan(s) that spawn a "tvm.exe" process, a > > "poll each.exe" process, inserts a "blehdefyreal" toolbar into IE, and > > hijacks the IE homepage to point to allaboutsearching.com? This thing > > also opens pop-ups pointing to this page: > > > > http://69.20.62.53/yyy3.html > > > > If the registry entries related to these processes are deleted then they > > keep being recreated. > > > > What is it? And how does one remove it? > > > It sounds like CWS. > http://www.wired.com/news/infostructure/0,1377,63391,00.html > > After about 4 hours of trying on a client's PC, I was unable to > remove it and resorted to a reformat/reinstall. It's incredibly > persistent and probably not worth your time to remove it. > > hth, > > petard > > -- > If your message really might be confidential, download my PGP key here: > http://petard.freeshell.org/petard.asc > and encrypt it. Otherwise, save bandwidth and lose the disclaimer. > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists