Housecleaning.
4 December 2002 09:52![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
denI found the file giving me problems. AdAware, Spychecker and OptOut didn't pick up the program, but I found it! In /winapps there was a small exe called emylthro.exe which had a date that matched the day I started having problems. This is how I reckon it worked:
When windows is started emylthro.exe is executed and resides in mem. All it does is set the homepage on IE to a porn site, and create in /windows/temp a .tmp file with a random name like hxvc7391.TMP They were always llllnnn.TMP Emylthro.exe stayed resident in mem but did nothing after it executed the .TMP. This .tmp created an icon in the systray called Music Search Online, but actually linked to a hard-core porn site. I connected once to see where it took me, but hit the LOCK switch on ZoneAlarm as soon as it started asking to upload some more s/ware. I set the firewall to deny the Music Search Online access to all networks. Proxomitron killed all the popups and ads so I don't know how many there were, but I expect the site is popoup central.
anyway. That's the story. I'll run regclean again to clean up the mess.
Next step is to remove the programs listed in add/remove programs that don't have an attachment to anything.
The kid who installed this mongrel bastard thing has had all his PC priveliges revoked. I was so pissed off with him I told his mum exactly what he'd been doing:
Surfing the 'net for hard core lesbian porn.
When windows is started emylthro.exe is executed and resides in mem. All it does is set the homepage on IE to a porn site, and create in /windows/temp a .tmp file with a random name like hxvc7391.TMP They were always llllnnn.TMP Emylthro.exe stayed resident in mem but did nothing after it executed the .TMP. This .tmp created an icon in the systray called Music Search Online, but actually linked to a hard-core porn site. I connected once to see where it took me, but hit the LOCK switch on ZoneAlarm as soon as it started asking to upload some more s/ware. I set the firewall to deny the Music Search Online access to all networks. Proxomitron killed all the popups and ads so I don't know how many there were, but I expect the site is popoup central.
anyway. That's the story. I'll run regclean again to clean up the mess.
Next step is to remove the programs listed in add/remove programs that don't have an attachment to anything.
The kid who installed this mongrel bastard thing has had all his PC priveliges revoked. I was so pissed off with him I told his mum exactly what he'd been doing:
Surfing the 'net for hard core lesbian porn.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 3 Dec 2002 15:38 (UTC)no subject
Date: 3 Dec 2002 15:40 (UTC)Except it doesn't have a point'n'click GUI.
no subject
Date: 3 Dec 2002 17:10 (UTC)no subject
Date: 3 Dec 2002 19:01 (UTC)no subject
Date: 4 Dec 2002 01:37 (UTC)no subject
Date: 6 Dec 2002 09:09 (UTC)Surfing the 'net for hard core lesbian porn.
ROFL!
Oh, man, I would have loved to have been a fly on the wall and seen the expression on the young man's face when his mum got hold of him :)