«

You have any nfo on the animal you mentioned? I can't find mention (by
that name) on the web. Kinda curious about how new stuff works. Where
in the hive does it embed?
Winged

David H. Lipman wrote:
> McAfee sent me an EXTRA.DAT today for this Adware object, presently identified as
> "Adware-adwr" and will be included in next week's release of v4413 DAT files.
>
> Dave
>
>
>
>
> "Jim Watt" <_way> wrote in message
> news:...
> | I have a couple of machines that pop up IE with adverts from nowhere;
> |
> | There is nothing suspicious run from the registry etc, and spybot
> | finds nothing.
> |
> | There is a process running with rundll32 shown, but no idea what
> | DLL its running.
> |
> | Any suggestions on how to exorcise this ill ?
> |
> | OS is windows/98
> | --
> | Jim Watt
> | http://www.gibnet.com
>
>

Winged:

I didn't load the DLL on a test PC, I just provided it to McAfee. They indicated it looked
like a "Look2me" adware component and would require the /program switch be used with the
Command Line Scanner or the Program check box checked in the >v7.x VirusScan.

What do you use at your locale ?

The MIS/IS group around me use Norton. However, I use McAfee and my success rate and
prevention blows away those that use NAV.
One "QHosts-1" Trojan infection, in over 10 years, on a notebook from someone who would not
practice Safe Hex. On the other side of that T1 I mentioned to you know whom, I had a
satellite office. While the contractor was infected with the Lovsan/Blaster running rampant
on their LAN, McAfee blocked infection of the BLASTER.EXE file and none of my platforms were
affected more than being shut down. That is until I pushed via my Kixtart Login Script the
(first in a series of) patch for the RPC/DCOM Buffer Overflow vulnerability. I considered
my satellite LAN a good neighbourhood in a slum. The contractors subnets were a bad
influence on my LAN

Dave



"winged" <> wrote in message news:cpb94u$...
|
| You have any nfo on the animal you mentioned? I can't find mention (by
| that name) on the web. Kinda curious about how new stuff works. Where
| in the hive does it embed?
| Winged
|
| David H. Lipman wrote:
| > McAfee sent me an EXTRA.DAT today for this Adware object, presently identified as
| > "Adware-adwr" and will be included in next week's release of v4413 DAT files.
| >
| > Dave
| >
| >
| >
| >
| > "Jim Watt" <_way> wrote in message
| > news:...
| > | I have a couple of machines that pop up IE with adverts from nowhere;
| > |
| > | There is nothing suspicious run from the registry etc, and spybot
| > | finds nothing.
| > |
| > | There is a process running with rundll32 shown, but no idea what
| > | DLL its running.
| > |
| > | Any suggestions on how to exorcise this ill ?
| > |
| > | OS is windows/98
| > | --
| > | Jim Watt
| > | http://www.gibnet.com
| >
| >