Important concerning DDR Freak & Pop-ups (Trojan)

Terra (Red) · Trick Member Joined: 24 Jan 2002

My AVG free edition just detected a trojan virus from a pop-up.

"Trojan Horse Downloader.SecondThought.A"

The path was:

C:\DOCUME~1\Lance\LOCALS~1\Temp\adlinstallwin32.exe

12/21/04 at 3:06am est

File is adlinstallwin32.exe, file size is 93.5kb.

It came up as a browser plugin of some sort I believe. I hope this helps you guys too.

J Dogg · Administrator Joined: 16 Jan 2002 Location: Sunnyvale, CA

any URL you can provide?
_________________

Terra (Red) · Trick Member Joined: 24 Jan 2002

I'm looking thru AVG right now. This is about all I can find as of now.

C:\Documents and Settings\Lance\Local Settings\Tempoary Inenternet Files\Content.IE5\8523O92Z\id201{1}.exe

This is from what AVG called a backup copy.

eyebrowsoffire · Posted: Tue Dec 21, 2004 2:47 pm Post subject:

Same thing happened to me. Stupid Internet Explorer and Windows XP. I can't wait until I get back to my own computer, with Firefox and Linux...
_________________

qkumbr wrote:

this man knows what the fuck is up. give him some tokens.

rampage wrote:

I'd like to sanction some qkumbr tokens for eyebrowsoffire.

It's official, people. I have qkumbr tokens.
My tiny little NNR is open for business! Challenges wanted!

Terra (Red) · Trick Member Joined: 24 Jan 2002

Here's a pic of the damned thing here:

VxJasonxV · Posted: Thu Dec 30, 2004 7:37 pm Post subject:

You should have moved the installer window so we could see the banner ad too

.
_________________

Amusing Pictures: lolddrfreak | Road of LoQ

RevenG-D · Trick Member Joined: 07 Nov 2004

yea this also happned to me i turned off my antivirus program for a bit.. then i visited this site and i had about 12 new icons on my dekstop and a ton of installer crap showing up... i got rid of it though

_________________

http://www.revengd.net/index.php

[DMB]dman.exe · Trick Member Joined: 28 Mar 2003

I got the same Trojan - with that same popup and same secruity thing.
_________________

hi

rampage · Administrator Joined: 24 Jan 2002 Location: Redmond, WA

.. and shame on you guys for not running XP SP2.

Spike · Administrator Joined: 17 Jan 2002 Location: Denver

Mr. A · Trick Member Joined: 20 Oct 2003 Location: INTERNET

With all due respect (to the above person- what the hell is/was your name?) and not to sound like schadenfreude, isn't this the second or third time this happened?

Anyways, does anyone know the specific security settings or registry tweak (besides the SP2 thing, that would probably fix it, or Firefox) for MSIE to kill those damn things? BTW, did this infection require you to confirm through an installer like that or was it more automatic?

How bad was the infection, was it cleanable? I'm fairly sure (not 100% certain, to be fair) got dyfuca from here on two computers, very nasty infection.

VxJasonxV · Posted: Fri Jan 07, 2005 1:47 pm Post subject:

Mr. A · Trick Member Joined: 20 Oct 2003 Location: INTERNET

Hmm. I agree re: Firefox. I downloaded the new Microsoft scanner, looks pretty decent actually.