[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar
From: "mark" <mark@xxxxxxxxxxx>
Date: Tue, 08 Jun 2004 22:51:06 -0700

Anybody know about some trojan(s) that spawn a "tvm.exe" process, a
"poll each.exe" process, inserts a "blehdefyreal" toolbar into IE, and
hijacks the IE homepage to point to allaboutsearching.com? This thing
also opens pop-ups pointing to this page:

http://69.20.62.53/yyy3.html

If the registry entries related to these processes are deleted then they
keep being recreated. 

What is it? And how does one remove it? 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar
  - From: petard
- Re: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar
  - From: Andrew Clover

Prev by Date: [Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #1694 - 33 msgs
Next by Date: Re: [Full-Disclosure] Re: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)
Previous by thread: Re: [Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #1694 - 33 msgs
Next by thread: Re: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar
Index(es):
- Date
- Thread