View Full Version : SpyBot S&D - Is RingRing a bot??
September 2nd, 2002, 11:55 AM
I got the latest dat update for Spybot S&D. After running it found the followings:-
RingRing : Desktop icon
C:\Documents and Settings\All USers\Desktop\Studio Version 7.lnk
RingRing : Desktop icon
C:\Documents and Settings\All USers\Desktop\Ulead VideoStudio 6.lnk
As I could not find anything on RingRing under Bot Info, could someone explain as to whether I'm having bots on my system. Are they safe to remove?
September 2nd, 2002, 12:44 PM
Just a guess - but Ringring (because of the name) sounds like a dialer; don't take my word for it or anything; just a guess!
September 2nd, 2002, 01:38 PM
RingRing is a dialer from Italy.
Also FYI... It appears you have this software??
September 2nd, 2002, 02:13 PM
I am post this information here for other who have not run into this file extension before and why you should approach one with caution.
Clicking on each link below will give you more information.
How to NOT hide extensions in Windows
Even after you unhide the extensions using the above steps, you still cannot see certain hidden extensions for files ending with .shs, .pif, and .lnk (blame Microsoft for its infinite lack of wisdom).
How the "Stealth Attachment" trick works
A couple things to cover first is that I don't know why there isn't a handler in the command key it is the way my registry was. Secondly adding the server's location is one way of running it but that means that all .lnk files will run an invisible file (the server) making it awful suspicious. But this example doesn't accour when clicking desktop links. I don't know why. What you must do is create a file and rename it too a .lnk that will make it run the (Default) value. I m currently working on a method to run the executed file and to run the server at the same time.
Eudora's roughly 20 million Windows-version users get warnings from their computers when they click on e-mail attachments with code extensions ".exe," ".com" or ".bat," all of which launch Windows-based programs. However, Haselton told Newsbytes Friday that Eudora programmers neglected to include ".lnk," on their list of warning-triggering extensions; ".lnk" is the file extension that activates Windows shortcuts, which in turn trigger programs.
Because of that gaffe, Haselton said, all a hacker needs to do to compromise the terminal of a Eudora user is to e-mail them the malicious code, disguised inside an HTML (hypertext markup language) hyperlink to make it look like a link to a harmless Web page. Because the Eudora program will not warn the users about the ".lnk" file, the users will have no opportunity to stop the program from running, and will not know they have just activated a virus.
September 3rd, 2002, 07:23 AM
Yes, I'm having Ulead VideoStudio 6 and Pinnacle Studio Version 7
But these 2 programs were with me for some times and I don't understand why now SpyBot S&D is picking them up since it did not detect them previously.
Anyway, are they safe to be removed?
September 3rd, 2002, 10:39 AM
I certainly would make sure that ringring was not a false positive..
Are you owning these two prgrams...
Ulead VideoStudio 6 and Pinnacle Studio Version 7
or just checking them out on trial..
In any case if you used them and it just happened to pick up this dialer from a site that had a MOVIE you watched or downloaded..I could see them also sending you that" gift"
of the dialer ;)
Is it actually there on your system and can you find the .exe that controls it...I think it if it there you can certainly clean IT off.
vBulletin® Copyright ©2000-2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums