Yep Themexp.org was my wallpaper stop for a while. But it was taken over by new owners a whlie ago about and it is turning south, into a adware/spyware/pop-up site. Kinda sad, it was a very good site.
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Geraldo Rivera > Sent: Monday, October 04, 2004 8:47 AM > To: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] Spyware installs with no > interaction in IE on fully patched XP SP2 box > > themexp.org > > I should have logged all the files and reg entries I deleted, > but it was late at night and I wasn't really thinking about > that at the time. I just checked my IE history for some of > the things I googled and I found a bunch of them: > > SahAgent.exe > webrebates0.exe > lu.dat > preInsln.exe > Systb.dll > wupdater.exe > eakrfu.exe > wupdt.exe > megasearch toolbar (www.megasearchbar.com) IEPlugin > localnrd.dll multimpp.dll > > >From: "Joel R. Helgeson" <[EMAIL PROTECTED]> > >To: "Geraldo Rivera" > ><[EMAIL PROTECTED]>,<[EMAIL PROTECTED]> > >Subject: Re: [Full-Disclosure] Spyware installs with no > interaction in > >IE on fully patched XP SP2 box > >Date: Sun, 3 Oct 2004 14:13:52 -0500 > > > >What was the site? > > > >Joel R. Helgeson > >Director of Networking & Security Services SymetriQ Corporation > > > >"Give a man fire, and he'll be warm for a day; set a man on > fire, and > >he'll be warm for the rest of his life." > >----- Original Message ----- From: "Geraldo Rivera" > ><[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Sent: Sunday, October 03, 2004 1:16 PM > >Subject: [Full-Disclosure] Spyware installs with no > interaction in IE > >on fully patched XP SP2 box > > > > > >>Last night I went to a site that I have been to on and off > for years. > >>The page loaded and then in IE's status bar I saw something > suspicious: > >>"installing components...atpartners.cab". I could not close > out of IE, > >>and I could not kill the iexplorer.exe process. It totally > locked up > >>and I had to reboot my machine. When my machine came back > up, I had at > >>least 6 different pieces of spyware/adware on my machine. > IT took me > >>almost 2 hrs to clean up. I manually deleted a bunch of > crap (stuff I > >>had found through the run key in the registry, suspicious processes > >>running, suspicious files in the usual dir's, and by > searching for all > >>files modified at the time this happened). Even after all that, > >>Ad-Aware found 143 entries (none were cookies, mostly > registry entries > >>and a few dll's) and then Spybot found an additional 2 > registry entries. > >> > >>This machine is a fully patched XP SP2 box, with the > default security > >>settings for IE's Internet Zone. Does anybody know what method this > >>crap could be using to install without any user interaction? > >> > >>_________________________________________________________________ > >>Express yourself instantly with MSN Messenger! Download > today - it's FREE! > >>hthttp://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > >> > >>_______________________________________________ > >>Full-Disclosure - We believe in it. > >>Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today > - it's FREE! > hthttp://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
