[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar
From: Andrew Clover <and-bugtraq@xxxxxxxxxxx>
Date: Thu, 10 Jun 2004 08:14:27 +0900

mark@xxxxxxxxxxx wrote:

Anybody know about some trojan(s) that spawn a "tvm.exe" process

Probably the recent new TVMedia variant.

inserts a "blehdefyreal" toolbar into IE

There are a few parasites that use such random names. This is likely lop.

and hijacks the IE homepage to point to allaboutsearching.com?

This is definitely lop.

This thing also opens pop-ups pointing to this page:

http://69.20.62.53/yyy3.html

That's Look2Me.

The likelihood is you have *many* parasites installed. Ad-Aware and Spybot may be able to remove a lot, but if you're massively infected a reinstall may indeed be easier/safer.

--
Andrew Clover
mailto:and@xxxxxxxxxxx
http://www.doxdesk.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar
  - From: mark

Prev by Date: RE: [Full-Disclosure] Bug in XP Help and Support, or Don't Be Fooled By Disabled Services
Next by Date: Re: [Full-Disclosure] Possible First Crypto Virus Definitely Discovered!
Previous by thread: Re: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar
Next by thread: RE: [Full-Disclosure] tvm.exe / poll each.exe / blehdefyreal toolbar
Index(es):
- Date
- Thread