|
Pipty
|
Quote:
|
Quote:
|
Definitely go for it :thumbsup
|
Quote:
|
I found this shit on my computer afther it had fuck with me for a month. NDrv.exe . It's take out the exe function on my N.I.S 2003,
so N.I.S dont started auto and i could not turn it on manual. If you have any problem s with you computer and run XP search for this shit... Some info here about what it's done http://www.mac-net.com/552484.page I hate this shit :feels-hot |
I believe the initial ocx is just an installer that contacts their download site with the computer's unique ID in order to credit an affiliate - after that though the actual spyware/adware is transferred from their server. Though compiled you can still probably watch with a registry monitor and packet sniffer what keys are created and what servers are contacted. Then rip it apart with a dasm app and hex editor. Probably packed though, like the virus/trojan people do.
If anyone needs something to unpack UPX or Petite let me know =] |
Quote:
|
Quote:
Step 1: Install on a clean machine to see what files and processes change. Step 2: Allow the application processes to launch when the computer boots then close the program effectively "breaking" it. That's it. There is just one problem. You have to have access to the PC level yourself. |
A fresh PC infected with mediaticket's shit would certainly be able to show if affiliate codes get changed or not on at least SOME sponsors.
The rest would have to be tested with a few signups. |
first off, i don't think there is anything you can do to them from
a legal standpoint. ripping apart the executables and figuring out what they do is not hard, just time consuming. the way i see it, talk is CHEAP. put up or shut up. if they really are stealing signup links, PROVE it. if not, shut the fuck up. on to legal matters. simply incorporating in the cayman islands and running the show from here will grant them all the legal protection they need. it's too easy to setup dummy companies offshore for the sake of legal liability (and taxes, etc). shit, lets look at sherman networks, the kazaa fuckers. how many software companies lose billions EVERY year and these fuckers are untouchable... guess why... i run their shit on my site because it makes good money. IF you can prove that they really are redirecing signups and killing conversions for adult webmasters, for god's sakes, show it! peace. luc l. |
Well I'm experimenting with it now, half-assed...
I let myself get infected. It installed, without any prompt, 2 exe files which are now running in my task manager, rcto.exe (from the application data/temp directory) and uebdoe.exe (from the windows/system32 directory). I have copied both files into a directory for dissection. Also, it installed Purityscan into program files/purityscan. Purityscan's affiliate program is ucbill.com. Both that site and mediatickets.net are apparently both part of the company Clickspring.net. I haven't seen any symptoms of infection yet, so I'm going to reboot and see what happens. |
Quote:
|
a year from now this business is going to be unrecognizable. how long do you think it's going to take big programs/traffic suppliers to come to the conclusion that the only way to deal with this shit is to fight back with the same tools?
the only people in this biz who can do anything about this problem are the program owners who can shut the door on any traffic from the spyware fuckers, which they won't of course, and the third party processors, who of course won't. lawsuits, anti-spyware legislation isn't going to do shit to stop it. not to mention the damage this is doing to the surfers who are having their computers fucked up, spyware eventually will shut down a computer - it will get to a point where many surfers will be scared to go to any pornsite - kazaa and bit torrent is a safer bet these days. |
Quote:
|
I just want them to stop hitting me on ICQ and asking me to promote them.
|
Quote:
|
c:\windows\system32\wtscc.exe
if you have this file your infected and no spyware software detects this file. it has corrupt headers and cant even be loaded into any hexeditor as i just tried. its not good if its that tricky |
Quote:
nothing new yet... lots of popups while surfing, no change in any affiliate codes that I've seen. Looks like the original progam connects home once in a while and tries to upload different trojans. So results may vary depending on what's being downloaded. |
Fuck sueing them it's not worth it I would first find out who run's the company try to set up a meeting or something kidnap the low life pos get a few goons to keep him in a cloest and feed him one snadwitch and a glass of water a day for like 3 or 4 months then let his ass go I bet you he wont be doing that shit no more!
|
manged to look at the file its not packed, will let you know if i find anything
|
Quote:
|
you only have to look at what libraries are used and you can tell its bad shit, fucks with the registry alot which cant be good.
:mad: |
bump
|
Quote:
|
Can you tell us what they specifically are doing?
Too many spyware threads have all blended into one for me. |
Quote:
|
Stealing sign ups!!? We are a pay per install affiliate program. We don't sign up anybody or make money from other peoples sign ups. We have nothing to do with that. We don?t even have a toolbar!!! Furthermore, we do not steal traffic in any shape or form. This whole thread is irresponsible and malicious. Why would anybody sue us, and what would the be suing us for.? Please explain. There is no need to tear down another persons business
MediaTickets |
Stealing sign ups!!? We are a pay per install affiliate program. We don't sign up anybody or make money from other peoples sign ups. We have nothing to do with that. We don?t even have a toolbar!!! Furthermore, we do not steal traffic in any shape or form. This whole thread is irresponsible and malicious. Why would anybody sue us, and what would the be suing us for. Please explain. There is no need to tear down another persons business
|
NO but your spyware I hope you rot in hell you low life scum!
|
Quote:
|
Quote:
|
| All times are GMT -7. The time now is 02:12 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123