hobbyhacker

  • Thread starter Thread starter JJ
  • Start date Start date
J

JJ

An icon showed up on my desktop this morning called hobbyhacker. (No, I
wasn't dumb enough to click on it.) I tried searching it with google but
all the sites mentioning it were in German.

I ran Norton anti virus, and a program called Anti Trojan 5.5 and neither of
them turned up anything.

Does anyone know anything about this program? Is it a Trojan Horse?

Thanks for any info.
 
I found the program running called "coder". It was in a windows folder
called coder. I deleted the file and the folder.

Am I now safe?
 
from the wonderful person said:
An icon showed up on my desktop this morning called hobbyhacker. (No, I
wasn't dumb enough to click on it.) I tried searching it with google but
all the sites mentioning it were in German.
Click to expand...

So run them through babelfish?!
 
What is the difference between spyware and a trojan horse? Could this
program have lifted my passwords? Is there a way to see what info was sent
out from my computer?
 
GSV Three Minds in a Can pounced upon this pigeonhole and pronounced:
So run them through babelfish?!
Click to expand...

...or click on Google's "Translate this page" link associated with the
search results. (makes for some interesting reading)
 
JJ said:
I found the program running called "coder".
Click to expand...

Never heard of it myself, but there are lots of things I
have never heard of. Maybe it rings a bell with someone
else here.
It was in a windows folder called coder.
Click to expand...

A foolish consistency is the hogoblin of small minds....
I deleted the file and the folder.
Poof!

Am I now safe?
Click to expand...

Obviously not! There is nothing safe about having *any* file
just appear on your desktop, or anywhere else for that matter.

You have deleted a file that you have no idea about, so how
do you expect to determine what it may have done to your
system. Also, it is not generally a good idea to delete files
you know nothing about. What if there were another program
installed which checked for the non-existence of that one as
a trigger for a nasty payload?

Consider the following:

I got up this morning and found an intruder trying to steal
my television set. He dropped the TV and ran out the
door when heard me yell. I cleaned the greasy fingerprints
off of my TV and put it back where it belonged.

Am I now safe?

Aside from the fact that some people have been killed by
surprising a burglar, you proceeded to clean up the crime
scene.
 
JJ said:
What is the difference between spyware and a trojan horse?
Click to expand...

Hard to define, really.

A trojan horse is more like a method of tricking someone
into executing an undesireable program.

It is also a term sometimes used for any non self-replicating malware.
(worms and viruses being the self-replicating types)

Spyware uaually refers to programs that leak information out
of your computer in some way. Even info as seemingly innocent
as your browsing habits (data mining/cookies)
Could this program have lifted my passwords?
Click to expand...

It is easy to speculate that this program *could* have done
almost anything imaginable, since we know next to nothing
about it.
Is there a way to see what info was sent out from my computer?
Click to expand...

The first thing I would do is to see if I could retrieve the
deleted file and submit it to experts to see what it was.

Then we would have a direction to go....
 
This all sounds like good solid advice. I guess I freaked when I saw the
guy holding my TV set.

If I can recover the file where would I send it?
 
JJ said:
This all sounds like good solid advice. I guess I freaked when I saw the
guy holding my TV set.

If I can recover the file where would I send it?
Click to expand...

Here are some submission addresses I grabbed from this group
(or was it a.c.v. ?)

Command Software <[email protected]>
Computer Associates (US) <[email protected]>
Computer Associates (Vet/EZ) <[email protected]>
DialogueScience (Dr. Web) <[email protected]>
Eset (NOD32) <[email protected]>
F-Secure Corp. <[email protected]>
Frisk Software (F-PROT) <[email protected]>
Grisoft (AVG) <[email protected]>
H+BEDV (AntiVir): <[email protected]>
Kaspersky Labs <[email protected]>
Network Associates (McAfee) <[email protected]>
Norman (NVC) <[email protected]>
Sophos Plc. <[email protected]>
Symantec (Norton) <[email protected]>
Trend Micro (PC-cillin) <[email protected]>
(Trend may only accept files from registered users of its products)

Another ~ (e-mail address removed) (Kasperski ?)

Online submissions:

https://www.webimmune.net/default.asp
http://www.kaspersky.com/remoteviruschk.html
 
JJ said:
This all sounds like good solid advice. I guess I freaked when I saw the
guy holding my TV set.

If I can recover the file where would I send it?
Click to expand...
Here are some submission addresses I grabbed from this group
(or was it a.c.v. ?)

Command Software <[email protected]>
Computer Associates (US) <[email protected]>
Computer Associates (Vet/EZ) <[email protected]>
DialogueScience (Dr. Web) <[email protected]>
Eset (NOD32) <[email protected]>
F-Secure Corp. <[email protected]>
Frisk Software (F-PROT) <[email protected]>
Grisoft (AVG) <[email protected]>
H+BEDV (AntiVir): <[email protected]>
Kaspersky Labs <[email protected]>
Network Associates (McAfee) <[email protected]>
Norman (NVC) <[email protected]>
Sophos Plc. <[email protected]>
Symantec (Norton) <[email protected]>
Trend Micro (PC-cillin) <[email protected]>
(Trend may only accept files from registered users of its products)

Another ~ (e-mail address removed) (Kaspersky ?)

Online submissions:

https://www.webimmune.net/default.asp
http://www.kaspersky.com/remoteviruschk.html
 
In Message-ID:<NLZeb.668209$uu5.108834@sccrnsc04> posted on Thu, 02 Oct
What is the difference between spyware and a trojan horse?
Click to expand...

Like the difference between a Toyota and an SUV,
either can be the other, but isn't always the other.
 
| An icon showed up on my desktop this morning called hobbyhacker. (No, I
| wasn't dumb enough to click on it.) I tried searching it with google but
| all the sites mentioning it were in German.
|
| I ran Norton anti virus, and a program called Anti Trojan 5.5 and neither
of
| them turned up anything.
|
| Does anyone know anything about this program? Is it a Trojan Horse?
|
| Thanks for any info.
|
|

There is some discussion on it here:
http://216.239.41.104/search?q=cach...owtopic=1694&st=60+hobbyhacker&hl=en&ie=UTF-8

(http://tinyurl.com/pjg6)

Both "coder" and "hobbyhacker" are mentioned. Appears indeed to be German in
origin. The thought on that page is that it's a 1-900 dialer. The install
file appears to be here: http://install.global-netcom.de/t4/hobby.exe

Beneficiary:

domain: global-netcom.de
descr: Global Netcom GmbH
descr: Lessingstr. 34 B
descr: 58300 Wetter
descr: DE
nserver: ns1.consiliere.de
nserver: ns2.consiliere.de
status: connect
changed: 20030122 143417
source: DENIC

[admin-c]
Type: PERSON
Name: Bernhard Syndikus
Address: global netcom gmbh - Geschaeftsfuehrer
Address: Heilkenstr. 8a
City: Wetter
Pcode: 58300
Country: DE
Changed: 20030228 121309
Source: DENIC



You may want to check your Connection settings to make sure that none of
them have been changed to connect to this German 1-900 number for your
Internet connection. Other than that, you're probably OK now that you've
removed the files.

To ensure it doesn't happen again: install SpyBot Search & Destroy and use
all immunization options. Keep your Windows and your virus checker up to
date. Set Internet Explorer to maximum security for generic Internet sites
(set sites that you really trust as Trusted Sites to give them some more
capabilities.


SB
 
Spam Buster said:
origin. The thought on that page is that it's a 1-900 dialer. The install
file appears to be here: http://install.global-netcom.de/t4/hobby.exe
Click to expand...

I am assuming this is related then..translated by Google (badly lol) from
this site:
http://translate.google.com/transla...obbyhacker+dialer&hl=en&lr=&ie=UTF-8&oe=UTF-8

Hobbyhacker.com offers a view of the world of chopping.

The user selects itself with a Dialer with 3.63 DM per

Minute is accounted for. Web masters receive a turnover

participation of 0,80 euro (60%) up to 1,07 euro (80%) per

Minute and Web masters recruited with 10% at the conversion become

taken part.


So now we are fairly sure what it is, the most important thing is how you
got it JJ..been visiting any naughty sites or anything recently??

Nicky
 
Wow, thank you spam buster. This was excellent.
Click to expand...

Then contact your telephone company and put a 'block' on 1-900
numbers from your phone. There are many legal and illegal scams
that try to run up 1-900 phone bills.

The legal one's convince you, or your kids, to install their program.
My neighbor didn't know his grandson had loaded it on his computer
until he got the first phone bill.

BoB
For the duration of Swen, my address is inoperative.
 
On that special day, JJ, ([email protected]) said...
An icon showed up on my desktop this morning called hobbyhacker. (No, I
wasn't dumb enough to click on it.) I tried searching it with google but
all the sites mentioning it were in German.

I ran Norton anti virus, and a program called Anti Trojan 5.5 and neither of
them turned up anything.

Does anyone know anything about this program? Is it a Trojan Horse?
Click to expand...

It is a dialer of the 0190 kind. You must have been visiting a German
page (did you look for a no-cd crack?).

Just today I stumbled across
http://www.herbstlicher.de/sicherheit.record.htm

which downloads a program when cklicking a link. I unpacked it (it is
compressed with UPX) and found strings that are a sure sign for a
dialer, like the phone number, the price (1,86 EUR per minute) and some
text about the recent restriction that dialers aren't allowed to connect
for longer than 60 minutes.

I don't think that you can "use" if you are living outside of Germany
though, as it doesn't seem to provide international call numbers.


Gabriele Neukam

(e-mail address removed)
 
Gabriele Neukam said:
On that special day, JJ, ([email protected]) said...


It is a dialer of the 0190 kind. You must have been visiting a German
page (did you look for a no-cd crack?).

Because of Swen, my address is changed.
Please contact (e-mail address removed)
Wegen Swen musste ich meine Adresse veraendern.
Bitte an (e-mail address removed) schreiben
Click to expand...

if it is a dialer as suggested, and I have no doubt that it probably is, I
would suggest getting Spybot, it would hunt down and on command kill most
dialer programs and other programs spying on you or your system. You can
get a free copy at http://security.kolla.de , strangely enough a German
site.

Good luck
Eric
 
Back
Top