GET /lm/imp_rxt.asp spyware

Discussion in 'Computer Security' started by mik, Oct 27, 2005.

  1. mik

    mik Guest

    This seems to be a new spyware with no record over the Internet.
    My son has installed it from Kazza today.

    The browser seems to send information as it browses the Internet, with
    url information to:
    206.252.137.82 www.srch-results.com

    I am researching the removal of this pest.
    It is not LSP type of intrusion.

    Do you have any idea regarding it?

    No. Time Source Destination
    Protocol Info
    2687 32.139751 10.0.0.5 206.252.137.82 HTTP
    GET /lm/imp_rxt.asp?si=19902&k=sip%20telephone HTTP/1.1

    Hypertext Transfer Protocol
    GET /lm/imp_rxt.asp?si=19902&k=sip%20telephone HTTP/1.1\r\n
    Request Method: GET
    Accept: */*\r\n
    Accept-Language: en-us\r\n
    Accept-Encoding: gzip, deflate\r\n
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n
    Host: www.srch-results.com\r\n
    Connection: Keep-Alive\r\n
    Cookie: ASPSESSIONIDCAQBQSDC=BMLLDOGAMGPNDBAFNGOCADID;
    ASPSESSIONIDSABTASSD=HKCILAPCCELEJAKGFIDJPMCG\r\n
    \r\n
    mik, Oct 27, 2005
    #1
    1. Advertising

  2. From: "mik" <>

    |
    | This seems to be a new spyware with no record over the Internet.
    | My son has installed it from Kazza today.
    |
    | The browser seems to send information as it browses the Internet, with
    | url information to:
    | 206.252.137.82 www.srch-results.com
    |
    | I am researching the removal of this pest.
    | It is not LSP type of intrusion.
    |
    | Do you have any idea regarding it?
    |
    | No. Time Source Destination
    | Protocol Info
    | 2687 32.139751 10.0.0.5 206.252.137.82 HTTP
    | GET /lm/imp_rxt.asp?si=19902&k=sip%20telephone HTTP/1.1
    |
    | Hypertext Transfer Protocol
    | GET /lm/imp_rxt.asp?si=19902&k=sip%20telephone HTTP/1.1\r\n
    | Request Method: GET
    | Accept: */*\r\n
    | Accept-Language: en-us\r\n
    | Accept-Encoding: gzip, deflate\r\n
    | User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n
    | Host: www.srch-results.com\r\n
    | Connection: Keep-Alive\r\n
    | Cookie: ASPSESSIONIDCAQBQSDC=BMLLDOGAMGPNDBAFNGOCADID;
    | ASPSESSIONIDSABTASSD=HKCILAPCCELEJAKGFIDJPMCG\r\n
    | \r\n

    You can't go by what the adware/spyware connects to. You need the software that makes the
    connection to make a determination of what the malware is.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Oct 27, 2005
    #2
    1. Advertising

  3. mik

    Donnie Guest

    "mik" <> wrote in message
    news:...
    >
    >
    > This seems to be a new spyware with no record over the Internet.
    > My son has installed it from Kazza today.
    >
    > The browser seems to send information as it browses the Internet, with
    > url information to:
    > 206.252.137.82 www.srch-results.com
    >

    ##################################
    Go to that URL and scroll to the bottom. Click on uninstall instructions. It
    will take you to
    http://www.srch-results.com/hyperlink_uninstall/uninstall.asp
    donnie.
    Donnie, Oct 28, 2005
    #3
  4. mik

    mik Guest

    Thanks Donnie!
    mik, Oct 31, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?c2FuanU=?=

    information about asp ,oracle,asp.net certification?

    =?Utf-8?B?c2FuanU=?=, May 18, 2005, in forum: Microsoft Certification
    Replies:
    1
    Views:
    528
    Bob Christian
    May 18, 2005
  2. Zabron Muyambo

    Easy Moving from ASP to ASP.NET???

    Zabron Muyambo, Oct 26, 2004, in forum: MCSD
    Replies:
    7
    Views:
    499
    Zabron Muyambo
    Oct 27, 2004
  3. thehobbit
    Replies:
    0
    Views:
    3,728
    thehobbit
    Nov 22, 2006
  4. imman

    session from asp to asp.net

    imman, Feb 20, 2008, in forum: General Computer Support
    Replies:
    0
    Views:
    910
    imman
    Feb 20, 2008
Loading...

Share This Page