GoFuckYourself.com - Adult Webmaster Forum - View Single Post - 12Clicks and Standard Internet

Quickdraw · 02-03-2005, 10:52 AM

I have done as requested-- Here are my findings--
Just a normal popup at first--
http://www.ringtonespage.com/en/index.php

After the ringtones page I get a Gaming install which leaves the following--
Details
Name n/a
Database ID 49332
Location
Detected In Windows Registry

Path SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}
Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information.

Threat

Produced By
Company CoolWebSearch.info
Product Name CoolWebSearch.info, winlink, MSUpdate, IExplorer, CWS, ne5 MFC Application
Company URL http://www.CoolWebSearch.info
Privacy URL n/a

AVG comes up with Virus Detectected screen--
Name Trojan Horse Dropper.Surfside.A within temp internet files
It then adds and EXE file in C:\WINDOWS\SSK_B5.EXE (same trojan as above)

THEN it adds another virus named Trojan horse Downloader.Apropo.O called Autoupdate.exe (3 times)

THEN it adds another trojan "Downloader.Dyfica.3.E" by name of optimize[1].exe-- then it adds this same trojan to WINDOWS folder and names it optimize.exe

THEN it adds Trojan horse "Downloader.Lookme.F" by name of VT00[1].exe in temp internet folder--- which is then added to WINDOWS folder by name of VT00.exe

Then the game software is loaded while another virus is added BHOW.exe to the system32 folder-- plus others that seem to have random names

Then another window pops open for comedy-planet.com(software window, not Explorer) When closed it still runs in the background--

A quick scan now produces these items--
Details

Company IBIS, LLC
Product Name Web Search Toolbar, IBIS, Wintools, huntbar
Company URL http://www.websearch.com/
Privacy URL n/a

Details
Name WToolsA.exe
Database ID 44289
Location
Detected In Programs in Memory

Path C:\Program Files\Common Files\WinTools
Description Privacy threats can exist in your computer's memory. They are usually loaded when you first start your computer or when you launch your web browser.

Threat
Threat Browser Helper Object
Description A type of module that acts as a plugin to Internet Explorer browser. Some BHO?s may monitor or manipulate your web surfing.

Produced By
Company IBIS, LLC
Product Name Web Search Toolbar, IBIS, Wintools, huntbar
Company URL http://www.websearch.com/
Privacy URL n/a

Details
Name n/a
Database ID 11175
Location
Detected In Windows Registry

Path SOFTWARE\Classes\CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC}
Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information.

Threat
Threat Browser Hijacker
Description A type of software that changes settings in your web browser. This often includes changing your browser?s default home page.

Produced By
Company IBIS, LLC
Product Name Web Search Toolbar, IBIS, Wintools, huntbar
Company URL http://www.websearch.com/
Privacy URL n/a
--------------------

Details

Company Apropos Media
Product Name Ads, Apropos, Apropos Client, SysAi, Apropos Media, AdChannelServer, Autoupdate, 2nd-thought
Details
Name CxtPls.exe
Database ID 51790
Location
Detected In Programs in Memory

Path C:\Program Files\CxtPls
Description Privacy threats can exist in your computer's memory. They are usually loaded when you first start your computer or when you launch your web browser.

---------------------
Details
Name n/a
Database ID 5489
Location
Detected In Windows Registry

Path SOFTWARE\Envolo\AutoUpdate
Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information.

Threat
Threat Browser Hijacker
Description A type of software that changes settings in your web browser. This often includes changing your browser?s default home page.

Produced By
Company PeopleOnPage, Inc.
Product Name POP communicator, POP!, AutoUpdate, PeopleOnPage
Company URL http://www.pop.com/
Privacy URL n/a
------------------------------------
Details
Name n/a
Database ID 29788
Location
Detected In Windows Registry

Path SOFTWARE\Classes\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183}\InprocServer32
Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information.
Company WinTools
Product Name WinTools, IBIS
---------------------------
Details
Name n/a
Database ID 47005
Location
Detected In Windows Registry

Path SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}
Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information.

Threat
Threat Downloader
Description Software that manages the download of other software onto computers

Produced By
Company Clear Search, Inc.
Product Name ClearSearch, Clear Search Plugin, Loader, ClearSearch Loader, CSBB Module, ClearSearch LoaderUpdater, BHO
Company URL http://
Privacy URL n/a
------------------------------
Details
Name n/a
Database ID 47042
Location
Detected In Windows Registry

Path SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10}
Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information.

Threat
Threat Parasite
Description A type of software that piggybacks onto other software. This type of software may be installed without the user?s knowledge or consent.

Produced By
Company Messenger Plus
Product Name INavigateEvent, INavigateEvent2, IAdministrative
Company URL
Privacy URL n/a
------------------------------------

Details
Name n/a
Database ID 49307
Location
Detected In Windows Registry

Path SOFTWARE\Classes\Interface\{ACE5B10B-92A3-4103-8583-3684BB09409F}
Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information.

Threat
Threat Adware
Description AdWare is a type of software that displays advertisements on the computer screen while a computer is running. Typically, AdWare is built into software that performs some other primary task such as file sharing.
The justification for AdWare is for the software developer to recover revenue via advertising instead of for instance charging for their software. Some Adware will collect the computers usage information (e.g. sites visited) and send it up to a remote server on the internet where it is collected and processed for marketing purposes.

Produced By
Company Browser Village
Product Name Browser Village Toolbar
------------------------
This one is interesting as it seems to be adult and there was nothing adult on the computer used--
Details
Name n/a
Database ID 49350
Location
Detected In Windows Registry

Path SOFTWARE\Classes\TypeLib\{487E7682-B976-41FB-A944-E8B83689A454}\1.0
Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information.

Threat
Threat Adware
Description AdWare is a type of software that displays advertisements on the computer screen while a computer is running. Typically, AdWare is built into software that performs some other primary task such as file sharing.
The justification for AdWare is for the software developer to recover revenue via advertising instead of for instance charging for their software. Some Adware will collect the computers usage information (e.g. sites visited) and send it up to a remote server on the internet where it is collected and processed for marketing purposes.

Produced By
Company Coulomb Ltd
Product Name GirlsHost, Content Access Plugin, PrivateAccess, xxx Movie Viewer, loader2
Company URL
Privacy URL n/a

It added 7 programs to memory, 248 items to the registry(according to 1 bit of software that was run prior to this test)

THEN, you have to run several different uninstall programs to get rid of all the programs installed. Then they actually give a nice little popup during uninstall trying to sell you spyware removers.

And I only listed part of what this does!

Basically this whole setup really screws up your computer-- repeat virus warnings even after uninstall etc... I uninstalled everything I could find in the add/remove programs area, and still getting virus warnings(after the scumwares recommended reboot) and and initial scan shows most of this stuff is still on the computer.

02-03-2005, 10:52 AM
Quickdraw Confirmed User Join Date: Mar 2004 Location: → → → Posts: 1,717	I have done as requested-- Here are my findings-- Just a normal popup at first-- http://www.ringtonespage.com/en/index.php After the ringtones page I get a Gaming install which leaves the following-- Details Name n/a Database ID 49332 Location Detected In Windows Registry Path SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information. Threat Produced By Company CoolWebSearch.info Product Name CoolWebSearch.info, winlink, MSUpdate, IExplorer, CWS, ne5 MFC Application Company URL http://www.CoolWebSearch.info Privacy URL n/a AVG comes up with Virus Detectected screen-- Name Trojan Horse Dropper.Surfside.A within temp internet files It then adds and EXE file in C:\WINDOWS\SSK_B5.EXE (same trojan as above) THEN it adds another virus named Trojan horse Downloader.Apropo.O called Autoupdate.exe (3 times) THEN it adds another trojan "Downloader.Dyfica.3.E" by name of optimize[1].exe-- then it adds this same trojan to WINDOWS folder and names it optimize.exe THEN it adds Trojan horse "Downloader.Lookme.F" by name of VT00[1].exe in temp internet folder--- which is then added to WINDOWS folder by name of VT00.exe Then the game software is loaded while another virus is added BHOW.exe to the system32 folder-- plus others that seem to have random names Then another window pops open for comedy-planet.com(software window, not Explorer) When closed it still runs in the background-- A quick scan now produces these items-- Details Company IBIS, LLC Product Name Web Search Toolbar, IBIS, Wintools, huntbar Company URL http://www.websearch.com/ Privacy URL n/a Details Name WToolsA.exe Database ID 44289 Location Detected In Programs in Memory Path C:\Program Files\Common Files\WinTools Description Privacy threats can exist in your computer's memory. They are usually loaded when you first start your computer or when you launch your web browser. Threat Threat Browser Helper Object Description A type of module that acts as a plugin to Internet Explorer browser. Some BHO?s may monitor or manipulate your web surfing. Produced By Company IBIS, LLC Product Name Web Search Toolbar, IBIS, Wintools, huntbar Company URL http://www.websearch.com/ Privacy URL n/a Details Name n/a Database ID 11175 Location Detected In Windows Registry Path SOFTWARE\Classes\CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC} Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information. Threat Threat Browser Hijacker Description A type of software that changes settings in your web browser. This often includes changing your browser?s default home page. Produced By Company IBIS, LLC Product Name Web Search Toolbar, IBIS, Wintools, huntbar Company URL http://www.websearch.com/ Privacy URL n/a -------------------- Details Company Apropos Media Product Name Ads, Apropos, Apropos Client, SysAi, Apropos Media, AdChannelServer, Autoupdate, 2nd-thought Details Name CxtPls.exe Database ID 51790 Location Detected In Programs in Memory Path C:\Program Files\CxtPls Description Privacy threats can exist in your computer's memory. They are usually loaded when you first start your computer or when you launch your web browser. --------------------- Details Name n/a Database ID 5489 Location Detected In Windows Registry Path SOFTWARE\Envolo\AutoUpdate Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information. Threat Threat Browser Hijacker Description A type of software that changes settings in your web browser. This often includes changing your browser?s default home page. Produced By Company PeopleOnPage, Inc. Product Name POP communicator, POP!, AutoUpdate, PeopleOnPage Company URL http://www.pop.com/ Privacy URL n/a ------------------------------------ Details Name n/a Database ID 29788 Location Detected In Windows Registry Path SOFTWARE\Classes\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183}\InprocServer32 Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information. Company WinTools Product Name WinTools, IBIS --------------------------- Details Name n/a Database ID 47005 Location Detected In Windows Registry Path SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information. Threat Threat Downloader Description Software that manages the download of other software onto computers Produced By Company Clear Search, Inc. Product Name ClearSearch, Clear Search Plugin, Loader, ClearSearch Loader, CSBB Module, ClearSearch LoaderUpdater, BHO Company URL http:// Privacy URL n/a ------------------------------ Details Name n/a Database ID 47042 Location Detected In Windows Registry Path SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information. Threat Threat Parasite Description A type of software that piggybacks onto other software. This type of software may be installed without the user?s knowledge or consent. Produced By Company Messenger Plus Product Name INavigateEvent, INavigateEvent2, IAdministrative Company URL Privacy URL n/a ------------------------------------ Details Name n/a Database ID 49307 Location Detected In Windows Registry Path SOFTWARE\Classes\Interface\{ACE5B10B-92A3-4103-8583-3684BB09409F} Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information. Threat Threat Adware Description AdWare is a type of software that displays advertisements on the computer screen while a computer is running. Typically, AdWare is built into software that performs some other primary task such as file sharing. The justification for AdWare is for the software developer to recover revenue via advertising instead of for instance charging for their software. Some Adware will collect the computers usage information (e.g. sites visited) and send it up to a remote server on the internet where it is collected and processed for marketing purposes. Produced By Company Browser Village Product Name Browser Village Toolbar ------------------------ This one is interesting as it seems to be adult and there was nothing adult on the computer used-- Details Name n/a Database ID 49350 Location Detected In Windows Registry Path SOFTWARE\Classes\TypeLib\{487E7682-B976-41FB-A944-E8B83689A454}\1.0 Description Privacy threats can create entries in your registry, so that they can store such things as configuration and personal information. Threat Threat Adware Description AdWare is a type of software that displays advertisements on the computer screen while a computer is running. Typically, AdWare is built into software that performs some other primary task such as file sharing. The justification for AdWare is for the software developer to recover revenue via advertising instead of for instance charging for their software. Some Adware will collect the computers usage information (e.g. sites visited) and send it up to a remote server on the internet where it is collected and processed for marketing purposes. Produced By Company Coulomb Ltd Product Name GirlsHost, Content Access Plugin, PrivateAccess, xxx Movie Viewer, loader2 Company URL Privacy URL n/a It added 7 programs to memory, 248 items to the registry(according to 1 bit of software that was run prior to this test) THEN, you have to run several different uninstall programs to get rid of all the programs installed. Then they actually give a nice little popup during uninstall trying to sell you spyware removers. And I only listed part of what this does! Basically this whole setup really screws up your computer-- repeat virus warnings even after uninstall etc... I uninstalled everything I could find in the add/remove programs area, and still getting virus warnings(after the scumwares recommended reboot) and and initial scan shows most of this stuff is still on the computer.