Full Disclosure mailing list archives
Re: tvm.exe / poll each.exe / blehdefyreal toolbar
From: petard <petard () freeshell org>
Date: Wed, 9 Jun 2004 06:44:49 +0000
On Tue, Jun 08, 2004 at 10:51:06PM -0700, mark wrote:
Anybody know about some trojan(s) that spawn a "tvm.exe" process, a "poll each.exe" process, inserts a "blehdefyreal" toolbar into IE, and hijacks the IE homepage to point to allaboutsearching.com? This thing also opens pop-ups pointing to this page: http://69.20.62.53/yyy3.html If the registry entries related to these processes are deleted then they keep being recreated. What is it? And how does one remove it?
It sounds like CWS. http://www.wired.com/news/infostructure/0,1377,63391,00.html After about 4 hours of trying on a client's PC, I was unable to remove it and resorted to a reformat/reinstall. It's incredibly persistent and probably not worth your time to remove it. hth, petard -- If your message really might be confidential, download my PGP key here: http://petard.freeshell.org/petard.asc and encrypt it. Otherwise, save bandwidth and lose the disclaimer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- tvm.exe / poll each.exe / blehdefyreal toolbar mark (Jun 08)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar petard (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar 404 (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar Nick FitzGerald (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar Aaron Gee-Clough (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar Nick FitzGerald (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar petard (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar petard (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar Andrew Clover (Jun 09)
- <Possible follow-ups>
- RE: tvm.exe / poll each.exe / blehdefyreal toolbar Zach Forsyth (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar mark (Jun 09)
- Re: tvm.exe / poll each.exe / blehdefyreal toolbar Harlan Carvey (Jun 09)