Re: Adware with a rootkit - contextplus.net

[Calamity Jane <whittyfun () juno com>]

On Wed, 16 Nov 2005 13:08:20 -0600 "Wayne J. Hauber"
<wjhauber () iastate edu> writes:
> Are any of you familiar with contextplus.net? 

Yes, Spyware fighters in various Security Forums have been dealing with a
lot of these for over a month.  
Swandog46 at the SpywareInfo & GeeksToGo forums has developed a removal
tool called AproposFix that works very well.
You can see it in use here (page 2 of this thread has the fix tool):
http://www.dslreports.com/forum/remark,14628988

Here is another example:
http://spywarewarrior.com/viewtopic.php?t=17401&highlight=aproposfix

So far, no scanners I'm aware of can remove it, much less detect it.
Samples of the installer for the "Apropos with Rootkit"  have been
submitted to various AntiMalware companies and Microsoft.  If anyone
needs it, let me know and I'll be happy to send you one.

It is also posted here for download by AntiMalware Companies: (if you
have access to that Forum)
http://www.dslreports.com/forum/remark,14680386

One of our members contacted  ContextPlus and they sent an uninstaller by
email, however, because the uninstaller itself is detected by a number of
AVs as infected with Adware/Apropos, we don't recommend it.  I have
copies of that too, if anyone wants to analyze it.

Another Adware using a rootkit is CommonName.  I suspect this will be
more and more common.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.