home
::Find ISP ::Forum ::Info 
Forum HomeMain  SearchSearch  please registerplease register  Log inLog in  FAQFAQ  RULESRULES  
xchat.org is doing the windows media player thing also

 
Post new topic   Reply to topic    Forum Index -> PC Protection
View previous topic :: View next topic  
Author Message
webhelper

Malware Response Team
 Malware Response Team

Joined: 29 Feb 2004
Posts: 179
PostPosted: Sun Apr 11, 2004 14:47 pm    Post subject: xchat.org is doing the windows media player thing also Reply with quote
Maddoktor2 tip Xchat.org also installs the windows media killer


And their news on the site:
Quote:

11-Apr-2004
Several people have reported that this website sometimes pops up ads which may contain a trojan. Unfortunately, bad ads slip through occasionally, and I can report then if you send me the URL.
If you wish to sponsor the site, I'll remove all those popup ads and place any link or banner you like online. You'd just need to pay the same amount the current scheme pays. Contact me directly if you're interested (Note: any link placed on this page generally ends up in popular search engines, which can be quite handy).


These guys are registered to BruggeNet so I don't think they will stop what they are doing. Passthison links to BruggeNet also

Date Time: 04/11/2004 2:53:44 PM
URL:  hxxp://www.xchat.org/ 

Date Time: 04/11/2004 2:53:49 PM
URL:hxxp://64.27.100.65/scripts/popup.php?hid=6a44a8a807edaba9b367&tmpl=peelPB.tmpl

Date Time: 04/11/2004 2:53:50 PM
URL:  hxxp://66.70.21.80/scripts/click.php?hid=6...;si=peelPB 

Date Time: 04/11/2004 2:53:50 PM
URL:  hxxp://209.50.251.182/vu083003/a024/exploit.htm?si-001 

Date Time: 04/11/2004 2:53:50 PM
URL:  hxxp://209.50.252.95/si1/si1.htm 

Date Time: 04/11/2004 2:53:51 PM
URL:  hxxp://209.50.252.95/si1//SI1.CHM 

Date Time: 04/11/2004 2:53:53 PM
URL:  hxxp://209.50.252.95/si1//si1.exe 

Date Time: 04/11/2004 2:53:59 PM
URL:  hxxp://209.50.252.95/si2/presi2.htm?from-si 

Date Time: 04/11/2004 2:53:59 PM
URL:  hxxp://209.50.252.95/si2/si2.htm 

Date Time: 04/11/2004 2:54:00 PM
URL:  hxxp://ads.peel.com/peelMedia/adServerA.ph...mp;noWin=9 

Date Time: 04/11/2004 2:54:00 PM
URL:  hxxp://209.50.252.95/si2//SI2.CHM 

Date Time: 04/11/2004 2:54:01 PM
URL:  hxxp://209.50.252.95/si2//si2.exe 


wininit.ini 2:54PM
[Rename]
NUL=C:\WINNT\bdl84126.exe

winamp.ini 2:54PM
[WinampReg]
Stats=000002B2,000CE2D1,0005EF96,000BF0BB,00000000,0005A8BD,00000000,

now wmplayer.exe is 246KB and the version shows VDOWN@NET
Good thing I made a copy of the real one..just delete and rename the original.
_________________
Wächter der Geschichten
http://www.webhelper4u.com/thewatcher.html
Back to top
View user's profile Send private message Visit poster's website
Post new topic  Reply to topic     Forum Index -> PC Protection   All times are GMT - 5 Hours
Powered by phpBB ©    
*freedomlist.com assumes no responsibility for any postings
spacer
Find ISP | Forum | Contact Us | Submit ISP | Info | Site Map |
 © Copyright Freedomlist.com (2000 - 2013)