Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware Floods in Through BitTorrent

Posted by CmdrTaco on from the only-a-matter-of-time dept.

solareagle writes "Public peer-to-peer networks have always been associated with adware program distributions, but BitTorrent, the program created by Bram Cohen to offer a new approach to sharing digital files, has managed to avoid the stigma. Not any more, anti-spyware advocates warn. According to Chris Boyd, a renowned security researcher who runs the VitalSecurity.org nonprofit resource center, the warm and fuzzy world of BitTorrent has been invaded by a massive software distribution campaign linked to New York-based adware purveyor Direct Revenue LLC."

2 of 457 comments (clear)

  1. Re:Oh, the Irony! by Master+of+Transhuman · · Score: 5, Informative


    These spyware programs that use the Registry to spawn renamed multiple copies of the spyware programs are a nightmare to get rid of.

    I had a client last night with the Backdoor.Agent.BA trojan which is incredibly hard to get rid of. There are plenty of varied instructions on the Net on how to detect it and find it, but the problem is deleting the DLL file. You can't delete it from the command line or from Windows - in Safe Mode or not (and of course if it's an NTFS system, DOS can't touch it - Linux with the Captive utility might be able to). Not only that, but the DLL does not EXIST in Safe Mode! It can ONLY be created and accessible during a normal boot - by which time you're screwed.

    The only way to delete it is to get a program called KillBox which will prompt for the filename, set itself to run on reboot before Windows is fully loaded, and then reboot Windows, deleting the file before Windows can lock it down.

    You also have to get into the Registry and delete a key which has an invisible value which is what causes it to recreate itself.

    I get my hands on the asshole who wrote this thing, he's gonna need medical life support for the rest of his life.

    --
    Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
  2. Fight back against Direct Revenue LLC by prezvdi · · Score: 5, Informative

    Don't bother calling their office. Don't bother emailing them for help. And no matter what you do, don't run their uninstall utility myPCtuneup - it simply installs more crap.

    Direct Revenue LLC is VC backed. Please, complain to the right guy.

    Insite Venture Partners
    Mr. Deven Parekh
    His desk number is 212-230-9216 and his real email address is dparekh@insightpartners.com

    May we waste as much of his time as he has of ours. How many people here spend hours "helping" their non-tech friends remove this crap . . .