dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
879

Capp
Capp
join:2005-03-30
Arlington, TX

Capp

Member

MySpace Viewer Infected

Do not install this - Pass the word.

While tooling around on my MySpace account, I was prompted to download and install the "myspaceviewer".

NOD32 Marked it as TrojanDownloader.Zlob.ADT
It said it quarantined the file, but it was able to throw some nasties on my system anyway. It also prompts you via System Tray to click to purchase Virus Burster.

I immediately began getting popups and noticed that it had 4 processes running that, upon termination, started back up again. The program is installed in different locations, but all under the Program Files folder.
There are 4 processes I saw:

* isamonitor.exe
* pmsngr.exe
* pmmon.exe
* isamini.exe

And the BHO's are called:

* {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\{various named folders}\isaddon.dll
* {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Program Files\{various named folders}\iesplugin.dll

I used AVG Anti-Spyware Analysis Tools to kill all 4 process simultaneously and was able to delete the files. Other wise, they start each other back up again. It also installs 2 BHO's that AVG is able to remove once the processes are killed.

I ran a full Scan & Clean with NOD32 and it didn't find anything after deleting the Program Files folder.

Cudni
La Merma - Vigilado
MVM
join:2003-12-20
Someshire

Cudni

MVM

Thanks.
also see about a possible delivery mechanism
»www.darkreading.com/docu ··· =techweb

Cudni

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

2 edits

1 recommendation

Name Game to Capp

Premium Member

to Capp
If you do watch those videos on the Internet..here are some more cautions.

»gladiator-antivirus.com/ ··· ic=44778

and they all are targeted by the smitRem TOOL and Roguescanfix

»noahdfear.geekstogo.com/ ··· list.htm

»siri.urz.free.fr/Fix/Cha ··· eLog.php

»users.telenet.be/Beamerk ··· atepage/

so if you think your PC is still infected I suggest you post a log in the Security Cleanup Forum

»Security Cleanup

Make sure before you post a log at that Forum you follow all the instructions first.

»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

Capp
Capp
join:2005-03-30
Arlington, TX

Capp

Member

My system is no longer infected. I was able to contain it with no problems. I work with a lot of infected machines, so I knew what to look for.