Malware Response Team
Joined: 29 Feb 2004
|Posted: Sun Mar 14, 2004 22:00 pm Post subject: Get Ready For A New Transponder Variant
|Get Ready For A New Transponder Variant
See webhelper Alert - Transponder Gangs On the Move for details on the new site.
I paid a visit to abetterinternet.com to review some of the EULA agreements for My Panic Button, etc and found they had change from how to uninstall the Win32 Bi tranponder variant and now link to MyPcTuneup.com for removal instructions even though there is no such known page there yet. This is one of the ways they work. First they setup their files on the abetterinternet server, edit the EULA that will be used with the transponder installs, then start popup ads that will install the new variant with their Free trial software (14 days). After that they will then usually have a link to a page on how to remove the installed adware.
Here is the part of a copy of the older EULA I saved for Clean Getaway:
AFTER DOWNLOADING, INSTALLING OR USING THE SOFTWARE, YOU MAY TERMINATE THIS AGREEMENT AT ANY TIME FROM THE COMPUTER ON WHICH THE SOFTWARE RESIDES BY OPENING ADD OR REMOVE PROGRAMS IN CONTROL PANEL, CLICKING ON CHANGE OR REMOVE PROGRAMS, CLICKING ON THE PROGRAM CALLED "WIN32 BI Application", AND CLICKING THE REMOVE BUTTON TO REMOVE THE PROGRAM.
This is their newest: You will notice it directs the user to the MyPcTuneup.com site.
12. Termination - By entering into this Agreement, you represent to BetterInternet that you have intentionally chosen to install the Software and that you will personally uninstall the Software from your computer if you no longer wish the application to be present on your computer by going to http://www.mypctuneup.com/ and following the removal procedures therein.
Since the Twain-Tech.com twaintech.dll variant uses a thin installer program, I believe they will do the same with their new one. The thin installer had its prototype installers belt.exe, susp.exe, and pro_bi.exe so they may even now how a new installer that is being tested.
If you have AAW entries for MSView.cc, VX2, and no host.dll, bi.dll, or twaintech.dll is detected, we may have a new dll that needs to be researchedd.
Wächter der Geschichten