BargainBuddy, etc

  • Thread starter Thread starter moses
  • Start date Start date
M

moses

I have Bargain Buddy. I have run Symantec, MS Beta, Ad-
aware, Spycatcher, and eTrust Armor. I can't get rid of
it. Any ideas?
 
-----Original Message-----
I have Bargain Buddy. I have run Symantec, MS Beta, Ad-
aware, Spycatcher, and eTrust Armor. I can't get rid of
it. Any ideas?
.Spy Sweeper Spybot S&D and Spyware Blaster all work
 
-----Original Message-----
I have Bargain Buddy. I have run Symantec, MS Beta, Ad-
aware, Spycatcher, and eTrust Armor. I can't get rid of
it. Any ideas?
.
Bargain Buddy seems to be downloaded and installed by some
slime-ware called "mediatickets". The media tickets trojan
is disguised as a valid windows executable or dll and will
be found in the registry. Run regedit, open
HKEY_CURRENT_USER->Software->Microsoft->Windows->Run or
KKEY_LOCAL_MACHINE->Software->Microsoft->Windows->Run.
Look for entries that do not have a full path defined or
that simply say c:\<module name>. Some of the bogus
spyware/adware will be obvious. My wife had the media
tickets trojan on her PC and I eventually figured out the
trojan was "c:\svchost.exe". The REAL svchost.exe lives in
c:\WINNT\SYSTEM32 directory! Look in the c:, c:\WINNT, and
c:\WINNT\SYSTEM32 directories for stuff created recently.
Also look in c:\documents and settings\<user>\local
settings\temp for suspicious garbage. Mediatickets
downloads a BUNCH of stuff. Open task manager and kill any
bargain.exe, msxct.exe,tcrb.exe. Be suspicious if there's
more than one svchost.exe running. Change internet options
to prompt at download and prompt when anything unsigned
wants to execute. Good luck. What the slimebags at
Mediatickets.net have done is criminal - they should be
disemboweled publicly for their crimes!!!!
 
Add in spybot, make sure they are all up to date and run
them all in safe mode. Access Spybot's advanced tools,
and check out the start up files, unchech any file with no
documentation or those listed as baddies.
 
Back
Top