Thanks Plun
Its very similar to the bundle from the Wallpapers site I
use for testing all the same junk also the 020
repairs.dll line but Ive not seen them include these
banking sites before in the downloads or the password
stealers. I sent Eric the links I use a few days ago when
I was chatting to him about the suspect registry cleaners
Winfixer,ErrorGuard & RegistryCleaner and then gave him
screenshots but its not as nasty as this one he's found,
This is the nature of prOn sites though they are very
malicious and who can you complain to when you visit them
sites. They see it as fair game if you are there you
better have good protection.
The bundle I get from a wallpaper site kills the machine
If I run any antispy apps it will crash the system to a
blue screen then say its recovered from a serious error
on reboot, running Hijack this gave errors everytime
because of the 020 entry but it looks like Eric was able
to at least save the logs, for me it will not fix the
lines as it gives a error everytime because of
repairs.dll, I sent my logs to merijn but will retry the
tests and figure out whats causing the crashes.
I thinks its mainly becuase of the amount of junk that
gets installed without consent the coding is probably
buggy and that 020 repairs.dll is definitly a problem
file but I keep meaning to do some tests in safe mode on
this, But as Eric says no one should attempt this from
there main pc I used to do it like that but learnt the
hard way so now all my testing is done on a unpatched
test pc with no passwords or anything installed just
firewall, AV and antispy products then monitoring tools
like registry monitors and packet sniffers.
I'll check back with that one tomorrow and see what else
Eric has found out. Im also reviewing his log, the
malware is obvious but Im more interested in the video
capturing tools he uses as that would be very usefull
Thanks Plun and Great work Eric
