New Dialer: ConnectSwitch

Discussion in 'SpywareBlaster & Other Forum' started by alphaZer0, Oct 21, 2003.

Thread Status:
Not open for further replies.
  1. alphaZer0

    alphaZer0 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    6
    Hello,

    I found a nasty dialer ConnectSwitch at this popup 64.237.52.181/2003/Fresh_MP3s.htm.

    Its a active-X control that install dialersoftware on the computer.
    Warning: it opens a endless chain of popups when u refuse the installation

    I have installed it on my testcomputer for this kind of purpose.

    It don't install a CLSID key but this: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5CBF8C22-E9A6-11D7-90FE-000AE4012DB4}

    I made the custom key in SpywareBlaster and it works just fine :cool:

    (Sorry about my poor english)

    Greetz

    alphaZer0
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi alphaZer0,

    Good find. Looking at the code on that page, it's this one: http://securityresponse.symantec.com/avcenter/venc/data/dialer.lohan.html

    So the CLSID of the main component is already in SpywareBlaster:
    {8B22270A-71D9-4AB9-B11A-2EA1E5292F42} (under MSConnect)

    Regards,

    Pieter
     
  3. alphaZer0

    alphaZer0 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    6
    H Pieter,

    Sorry, but its not the same.
    I have tested it over again without my selfmade protection and i get still this activex.
    With protection it works.

    Greetz

    AlphaZer0
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi alphaZer0,

    I'm not arguing about the ActiveX, that is a new one. But the dialer itself should not work with SpywareBlaster's protection.

    I'll PM you about the site where I found it thanks to your post.

    Regards,

    Pieter
     
  5. alphaZer0

    alphaZer0 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    6
    Hi Pieter,

    In the link You give i read:

    4° Adds the subkey:

    {8B22270A-71D9-4AB9-B11A-2EA1E5292F42}

    to the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\


    I use the tool 'Active Registry Monitor' to find out what is changed to the system.

    I found the key i have published earlier:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5CBF8C22-E9A6-11D7-90FE-000AE4012DB4}


    Its a different key and its not blokked in SpywareBlaster

    If you dont believe me just test it. ( on your own risks) ;)


    Greetz

    alphaZer0
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    I believe you, but don't worry: I will. ;)

    Regards,

    Pieter
     
  7. alphaZer0

    alphaZer0 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    6
    Thanks ;)

    alphaZer0
     
  8. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    4,017
    Nice catch! :D

    I'll have protection for this added in the next database update of SpywareBlaster.

    Thanks!

    Best regards,

    -Javacool
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.