PDA

View Full Version : Why didn't they detect.........?

WE Sim
February 7th, 2003, 08:48 PM
Hi! ???

Now thinking back the last few days when I was pestered by lop.com, I wondered why SpywareGuard, Spyware Blaster and SpyCop didn't issue dats to detect and eradicate this lop.com spyware except for SpyBot & Ad-aware who are the ones solving the problem?

Or is it that they are detecting different types of spywares?

Any comments would be appreciated. Thanks
Pieter_Arntz
February 8th, 2003, 04:29 AM
Hi WE Sim,

I am still studying (and torturing :) ) the sample you sent me. It´s a whole new version that creates random BHO CSLID´s, random named dll´s and exe´s.
From the programs I have installed Ad-Watch 3 was the only one that recognized the installation as a harmfull process.
As I told you in my e-mail it has been submitted in the meantime.

Regards,

Pieter
WE Sim
February 8th, 2003, 07:52 AM
Hi Pieter_Arntz! ;)

Thanks for your reply.

What would happened if Lop.com is a virus/trojan or worm? By the time those anti-virus/trojan/worm busters develop an effective antidote I think the whole computer system would have collapsed.

This particular one mutates so often creating different variants that make the anti-spyware difficult to cope (clean thoroughly).

Is this the beginning of a new type of spyware and that we will see more of such in the future......and possibly.....viruses, trojans, worms etc of such a nature?

I wonder what the anti-virus/trojan/worm companies are thinking now taking Lop.com as an example?

Thanks again
Pieter_Arntz
February 8th, 2003, 08:13 AM
Hi WE Sim,

Well, in their defense I would have to say that Adaware, Spybot S&D and PestPatrol all found big chunks of it once it was installed. Plus that System Safety Monitor and TDS alerted me to a startup change. And on top of that, my firewall alerted me to a new program trying to contact the internet.
Lop.com is in many ways far worse then a trojan, since it doesn´t bother about installing secretly or try to stay unnoticed as long as possible. It´s "strength" lies in the fact that it tries to be as hard to remove as possible.

Regards,

Pieter
Tassie_Devils
February 9th, 2003, 10:16 PM
Hi WE Sim and Pieter.

Another thing you could do to protect yourself against that type of predatory intrusion would be to install BrowserHijackBlaster from javacool.

It would have detected the BHO's, etc. and asked if you wanted to proceed. Said no, and no installation of it.

I just did an example for you chaning my default Home Page to this page you are viewing now, and up popped BHB to warn me.

see pic
WE Sim
February 9th, 2003, 11:22 PM
Hi Tassie_Devils!

Thanks. I'll give it a try

:)