PDA

View Full Version : german delayed reaction pops


havaloc
04-11-2002, 10:43 AM
I don't know where I picked it up from, but something installed this program called openme.exe in my registry. For a while, out of the blue I woudl receive two pops, in german. For the life of me I could not understand where they were coming from.

This morning, an investigation revealed the following.

openme is a self extracting exe file with an index.html inside.

This is what I found.

Despite being very annoying, it was very stealthy. Adaware missed it, a virus scan missed it, but here it is.


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 FINAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
<META NAME="Generator" CONTENT="NetObjects Fusion 4.0.1 für Windows">
<TITLE>®®®</TITLE>
<META HTTP-EQUIV=REFRESH CONTENT=1200;URL=http://217.69.237.130/advertz/opener.html>

</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#0000FF" VLINK="#800080" TEXT="#000000" TOPMARGIN=0 LEFTMARGIN=0 MARGINWIDTH=0 MARGINHEIGHT=0>

</BODY>
</HTML>

Click Here!