Psyme

  • Thread starter Thread starter puzling
  • Start date Start date
P

puzling

Greetings folks -

Just some info here, and a domain warning. I was deep cleaning my
machine and found a Vb script file, and AVG popped up a warning,
calling the file "JS/Psyme.E.DROPPED". Lots of people use my machine,
unfortunately, so I don't know where it came from. I opened the file
in notepad and viewed the script contents. There is a reference to
download the following infamous file (WARNING - don't run this):
http://www.stopannoyingpopups.com/jbe1/winpup32.exe .

Checked out the site, and it looks like they're pushing a pop-up
blocker product. But the product is a separate download file. So...
my question is: did someone hijack the site and place this EXE out
there, or is this company just dishonest and installing spy-ware?

- Dave
 
McAfee calls this: "AdClicker-O"

http://vil.nai.com/vil/content/v_100446.htm

I'd say the act is deliberate.

Dave



| Greetings folks -
|
| Just some info here, and a domain warning. I was deep cleaning my
| machine and found a Vb script file, and AVG popped up a warning,
| calling the file "JS/Psyme.E.DROPPED". Lots of people use my machine,
| unfortunately, so I don't know where it came from. I opened the file
| in notepad and viewed the script contents. There is a reference to
| download the following infamous file (WARNING - don't run this):
| http://www.stopannoyingpopups.com/jbe1/winpup32.exe .
|
| Checked out the site, and it looks like they're pushing a pop-up
| blocker product. But the product is a separate download file. So...
| my question is: did someone hijack the site and place this EXE out
| there, or is this company just dishonest and installing spy-ware?
|
| - Dave
 
Greetings folks -

Just some info here, and a domain warning. I was deep cleaning my
machine and found a Vb script file, and AVG popped up a warning,
calling the file "JS/Psyme.E.DROPPED". Lots of people use my machine,
unfortunately, so I don't know where it came from. I opened the file
in notepad and viewed the script contents. There is a reference to
download the following infamous file (WARNING - don't run this):
http://www.stopannoyingpopups.com/jbe1/winpup32.exe .
Click to expand...


I went to the url that you posted to check it out. It's pretty clear
from the url that it's an executable to be downloaded. No big mystery
there. Hell, Ray Charles could see that. IE asked if I wanted to
download the file and I declined. No problem.

What's so suspicious about that?
 
On 24 Nov 2003 18:15:28 -0800, (e-mail address removed) (puzling) wrote:

<snip>

Upon downloading the file, but not executing it, I received the
following AV warning.

Scan type: Manual Scan
Event: Virus Found!
Virus name: Trojan.Adclicker
File: C:\My Downloads\winpup32.exe
Location: Quarantine
Action taken: Clean failed : Quarantine succeeded :
Date found: Mon Nov 24 20:24:06 2003
 
My Proxy anti virus program found the virus as TROJ_ADCLICKER.O Have to
agree that they knew what they were doing when they posted this spyware.
 
Greetings folks -

Just some info here, and a domain warning. I was deep cleaning my
machine and found a Vb script file, and AVG popped up a warning,
calling the file "JS/Psyme.E.DROPPED". Lots of people use my machine,
unfortunately, so I don't know where it came from. I opened the file
in notepad and viewed the script contents. There is a reference to
download the following infamous file (WARNING - don't run this):
http://www.stopannoyingpopups.com/jbe1/winpup32.exe .

Checked out the site, and it looks like they're pushing a pop-up
blocker product. But the product is a separate download file. So...
my question is: did someone hijack the site and place this EXE out
there, or is this company just dishonest and installing spy-ware?

- Dave
Click to expand...

bastards!! Ok - thanks for the interesting info and varying AV responses.
 
Back
Top