funsec mailing list archives
Re: Adware with a rootkit - contextplus.net
From: Calamity Jane <whittyfun () juno com>
Date: Thu, 17 Nov 2005 10:12:35 -0500
On Wed, 16 Nov 2005 13:08:20 -0600 "Wayne J. Hauber" <wjhauber () iastate edu> writes:
Are any of you familiar with contextplus.net?
Yes, Spyware fighters in various Security Forums have been dealing with a lot of these for over a month. Swandog46 at the SpywareInfo & GeeksToGo forums has developed a removal tool called AproposFix that works very well. You can see it in use here (page 2 of this thread has the fix tool): http://www.dslreports.com/forum/remark,14628988 Here is another example: http://spywarewarrior.com/viewtopic.php?t=17401&highlight=aproposfix So far, no scanners I'm aware of can remove it, much less detect it. Samples of the installer for the "Apropos with Rootkit" have been submitted to various AntiMalware companies and Microsoft. If anyone needs it, let me know and I'll be happy to send you one. It is also posted here for download by AntiMalware Companies: (if you have access to that Forum) http://www.dslreports.com/forum/remark,14680386 One of our members contacted ContextPlus and they sent an uninstaller by email, however, because the uninstaller itself is detected by a number of AVs as infected with Adware/Apropos, we don't recommend it. I have copies of that too, if anyone wants to analyze it. Another Adware using a rootkit is CommonName. I suspect this will be more and more common. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Adware with a rootkit - contextplus.net Wayne J. Hauber (Nov 16)
- <Possible follow-ups>
- Re: Adware with a rootkit - contextplus.net Calamity Jane (Nov 17)
- Re: Adware with a rootkit - contextplus.net Wayne J. Hauber (Dec 13)