Results 1 to 6 of 6
  1. #1
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Some of you may be familiar with this well-know spammer. There's a browser pluging from the topsites.us site which appears to serve popups when search terms are entered on major search engines, but I cannot actually get the application to install properly on any of my sacrifical PCs (Win 95/NT4). Sorry, I won't hotlink them, that way they can't trace back to ABW easily.

    I've uncompressed the installer and there are several thousand sites listed, but I don't recognise any of the files as being known spyware. Since I can't get it to run I can't see what other impact it has.

    WARNING: I have identified that it tries to send an email out during installation, presumably to harvest your email address for more spam. Be careful with this one!

    ________
    All your commission are belong to us.

  2. #2
    Member
    Join Date
    January 18th, 2005
    Posts
    59
    Yes, I've tested this software, which I'm calling "EStart" as that appears to be its internal name.

    It does attempt to spy on keywords and grab your e-mail address, though both of these functions failed in testing for me. Amusingly it also set up an AppInit_DLLs entry which rearranged the taskbar so as to be unusable on each restart. Which is a bit weird.

    Not quite sure what to do with it for the moment, as I can't find any evidence of it being stealth-installed; as far as I know the only way to get it was to go to topsites.us and deliberately install it, which would be pretty stupid.

    I'd definitely like to hear if anyone knows different.

    --
    Andrew Clover
    mailto:and@doxdesk.com
    http://www.doxdesk.com/

  3. #3
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Thanks Andrew

    ________
    All your commission are belong to us.

  4. #4
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Bingo, I found it again - this time in a product called "Go MP3" at http://www.g-o.us/share.htm

    Note the "No Spyware" logo. Hmmm. This is the one that tries to grab your email address.

    ________
    All your commission are belong to us.

  5. #5
    Member
    Join Date
    January 18th, 2005
    Posts
    59
    Good work moo!

    Am downloading now - assuming you're right, this one will go in the next update.

  6. #6
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Great stuff Andrew

    ________
    All your commission are belong to us.

  7. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Got a virus prunnet.exe
    By Rhea in forum Virtual Family and Off-Topic
    Replies: 17
    Last Post: December 23rd, 2008, 11:30 PM
  2. Replies: 4
    Last Post: August 31st, 2007, 02:09 AM
  3. Exact Advertising : nls.exe
    By Chris - AMWSO in forum Suspicious Activity!
    Replies: 7
    Last Post: September 23rd, 2004, 09:18 PM
  4. Topsites.us / Topsitez.us
    By Dynamoo in forum Midnight Cafe'
    Replies: 7
    Last Post: March 3rd, 2003, 12:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •