GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Drudgereport Putting Trojans out??? (https://gfy.com/showthread.php?t=455428)

Greg B 04-13-2005 10:01 AM
Drudgereport Putting Trojans out???
 
Yo, I went to www.drudgereport.com and a trojan warning popped up!

WTF? Here's a screencap.

This happen to anybody else?
http://www.gregboone.com/gfy/drudgeweird.jpg

Harmon 04-13-2005 10:02 AM
Gertting nothing in IE. May want to dump the AOL browser sparky :winkwink: :thumbsup

bringer 04-13-2005 10:04 AM
nothing here either on both comps
norton on 1 and mcafee on the other

AlienQ - BANNED FOR LIFE 04-13-2005 10:06 AM
Ironic photo caption and headline.

Twe Russ 04-13-2005 10:07 AM
Prolly spyware. ;)

Harmon 04-13-2005 10:08 AM
Quote:
Originally Posted by AlienQ
Ironic photo caption and headline.
Hahahah! I didn't notice that! Classic... :1orglaugh

Greg B 04-13-2005 10:30 AM
Yep it's AOL but what gets me is AOL has all this spyware, anti-virus bs they tout. They caught it though.

Don't know if it gets through the standard IE browser. If AOL caught it, I'll stick with AOL.

Drudge has too many pop ups. He doesn't need them. His site is so damned popular he can charge through the roof.

SmokeyTheBear 04-13-2005 10:55 AM
Upon execution, this Trojan checks for the system?s Internet connection. It then creates new registry entries in order to lower the Internet security settings of the user?s default browser.

This Trojan downloads files from the following URLs:


http://static.topconverting.com/acti...nningsgame.exe
http://static.topconverting.com/activex/tcupdater.exe
http://static.topconverting.com/activex/180ax.exe
http://static.topconverting.com/activex/optimize.exe
http://static.topconverting.com/activex/games.exe
It adds the following registry keys and entries:

HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1


HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1
@ = "Loader2 Control"

HKEY_CLASSES_ROOT\LOADER2.Loader2PropPage.1

HKEY_CLASSES_ROOT\LOADER2.Loader2PropPage.1
@ = "Loader2 Control"

HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1\CLSID

HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1\CLSID
@ = "{79849612-A98F-45B8-95E9-4D13C7B6B35C}"

HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4}

HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4}
@ = "Loader2 Property Page"

HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader 2Ctrl.1
@ = "Loader2 Control"

HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader 2Ctrl.1\CLSID


HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader 2Ctrl.1\CLSID
@ = "{79849612-A98F-45B8-95E9-4D13C7B6B35C}"

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\
{38601801-2FF5-4A62-95DA-D2007161C1B4}

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\
{38601801-2FF5-4A62-95DA-D2007161C1B4}
@ = "Loader2 Property Page"





Analysis By: Carlo Panganiban

Revision History:
First pattern file version: 2.364.06
First pattern file release date: Jan 21, 2005

Greg B 04-13-2005 12:15 PM
Smokey, one of my guys said the same thing.

It don't happen on IE only AOL browser which says to me that either AOL's security is better and catching it or that something else is going on. Why it would pop up during a Drudge load is unknown.

People have called into his show bitching about his popups and trojans or something but I thought they were joking.


All times are GMT -7. The time now is 12:28 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123