Sunday, March 26, 2006
And the aforementioned stickrep.dll has been found to have a brother, with a different MD5. There is also an installer being analyzed as we speak.
This fix is fully automated, no need for users to manually delete any files.
Friday, March 24, 2006
UPDATE MAR 25-1:25MST:
There has been a fix created over at Bleeping Computing. Spyware Quake Fix
OK, it appears the culprit dll in this variant is: stickrep.dll
It will be located in the system32 folder. Deleting that along with the Spyware Quake related folder and SpywareQuake.exe may remove the infection entirely. Still waiting for more reports, first one in seems to have worked. Unsure if running the SmithRem fix is absolutely needed at this time, seeing as it can't be included in the database as yet. See here
There are 4-6 of these in a few forums. And all are exhibiting the same types of symptoms as SpyFalcon\SpywareStrike\AlphaCleaner and all the other variants. More to come soon.
Thursday, March 23, 2006
Wednesday, March 22, 2006
Tuesday, March 21, 2006
Monday, March 20, 2006
Sunday, March 19, 2006
The good news is that the infection it carries with it, is actually Vundo\Virtuamondo (Blackworm), and is easily removed with this fix from Atribune.
As usual, I always like to get users who are infected with it to post a HijackThis! logfile into our forum so we can help with removal and look for any other nasties which may be present.
Thursday, March 16, 2006
Wednesday, March 15, 2006
Paperghost and SpywareGuide once again have sunken deep undercover into the Dark Side of the Net and uncover a botnet comprised of nearly 150,000 boxes!! And just how did many of these machines get taken over? You guessed it, via IM.
Unsuspecting users who click on links sent by other compromised machines can have files installed which search their machines to get critical information to access all sorts of sensitive data. The botmasters even install special script to look for exploits in many of the e-cart applications such as CCBill, Comersus Cart and CactuShop.
If these couple of articles and their follow ups don't prevent you from clicking links all the time, I don't know what will. Read More Here
Monday, March 13, 2006
Paperghost on why it's important to consider nearly every angle of an infection. From what it is, to what it does to who made it and why they made it. Not to mention what they have done in the past. As
Webhelper says: "One must know the past in order to understand the future, if one is to change the future" Read More Here
Saturday, March 11, 2006
CatleCops has another article recapping the Aluria\WhenU 'whitewash' and subsequent missteps taken by one of Aluria's outgoing executives. Seems in this Spyware Warrior thread he was caught giving false reviews (called astro turfing) to the Aluria product at download.com. There is also more info in the CastleCops Forum Newsletter
Friday, March 10, 2006
Wednesday, March 08, 2006
Saturday, March 04, 2006
Friday, March 03, 2006
Thursday, March 02, 2006
Aluria software vendor is trying to remove traces of its scandal from back in October 2004 which involved their reclassification of WhenU software.
It appears all references of press releases are disappearing from their website at an alarming rate. And it seems there is a new classification in the anti-spyware business: 'consumer ware' which is what they now call WhenU. Oh, and what else is listed as this new found section of consumer ware? 180Solutions. More to read here