SpyBot S&D - Is RingRing a bot??

Discussion in 'privacy problems' started by WE Sim, Sep 2, 2002.

Thread Status:
Not open for further replies.
  1. WE Sim

    WE Sim Guest

    Hi!

    I got the latest dat update for Spybot S&D. After running it found the followings:-

    RingRing : Desktop icon

    C:\Documents and Settings\All USers\Desktop\Studio Version 7.lnk

    and

    RingRing : Desktop icon

    C:\Documents and Settings\All USers\Desktop\Ulead VideoStudio 6.lnk

    As I could not find anything on RingRing under Bot Info, could someone explain as to whether I'm having bots on my system. Are they safe to remove?

    Thanks
     
  2. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Just a guess - but Ringring (because of the name) sounds like a dialer; don't take my word for it or anything; just a guess!
     
  3. RingRing is a dialer from Italy.

    Also FYI... It appears you have this software??
    http://www.ulead.com/vs/runme.htm
     
  4. Background on the famous .LNK file extension

    I am post this information here for other who have not run into this file extension before and why you should approach one with caution.

    Clicking on each link below will give you more information.


    _____________________
    How to NOT hide extensions in Windows
    Even after you unhide the extensions using the above steps, you still cannot see certain hidden extensions for files ending with .shs, .pif, and .lnk (blame Microsoft for its infinite lack of wisdom).
    http://www.irchelp.org/irchelp/security/trojanext.html






    How the "Stealth Attachment" trick works

    http://www.peacefire.org/security/stealthattach/explanation.html





    A couple things to cover first is that I don't know why there isn't a handler in the command key it is the way my registry was. Secondly adding the server's location is one way of running it but that means that all .lnk files will run an invisible file (the server) making it awful suspicious. But this example doesn't accour when clicking desktop links. I don't know why. What you must do is create a file and rename it too a .lnk that will make it run the (Default) value. I m currently working on a method to run the executed file and to run the server at the same time.
    http://www.searchlores.org/drwho_01.htm




    Eudora's roughly 20 million Windows-version users get warnings from their computers when they click on e-mail attachments with code extensions ".exe," ".com" or ".bat," all of which launch Windows-based programs. However, Haselton told Newsbytes Friday that Eudora programmers neglected to include ".lnk," on their list of warning-triggering extensions; ".lnk" is the file extension that activates Windows shortcuts, which in turn trigger programs.

    Because of that gaffe, Haselton said, all a hacker needs to do to compromise the terminal of a Eudora user is to e-mail them the malicious code, disguised inside an HTML (hypertext markup language) hyperlink to make it look like a link to a harmless Web page. Because the Eudora program will not warn the users about the ".lnk" file, the users will have no opportunity to stop the program from running, and will not know they have just activated a virus.
    http://www.computeruser.com/news/00/04/29/news3.html
     
  5. WE Sim

    WE Sim Guest

    Hi MyNethingyman!

    Yes, I'm having Ulead VideoStudio 6 and Pinnacle Studio Version 7

    But these 2 programs were with me for some times and I don't understand why now SpyBot S&D is picking them up since it did not detect them previously.

    Anyway, are they safe to be removed?

    TIA
     
  6. Hi WE,

    I certainly would make sure that ringring was not a false positive..


    Are you owning these two prgrams...

    Ulead VideoStudio 6 and Pinnacle Studio Version 7



    or just checking them out on trial..


    In any case if you used them and it just happened to pick up this dialer from a site that had a MOVIE you watched or downloaded..I could see them also sending you that" gift"
    of the dialer ;)

    Is it actually there on your system and can you find the .exe that controls it...I think it if it there you can certainly clean IT off.
     
Thread Status:
Not open for further replies.