Zelda Classic installs hyjack brower

Discussion in 'privacy problems' started by Mint Chip, Sep 6, 2003.

Thread Status:
Not open for further replies.
  1. Mint Chip

    Mint Chip Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    4
    http://zeldaclassic.armageddongames.net/thirdparty.shtml zc190.zip

    installs two program a data tracker showbehind.exe and a hyjack browser to change your search engine page.

    I usually do a scan with AdWare after downloading software. I downloaded Zelda Classic at 4:52 Sept and did the scan a few minutes later. It found a program called showbehind.exe. I believe AdAware disabled it function but I also went in and deleted the folder for the program.

    This is the results.

    Ad-aware 6 Scanning Result, 9-2-2003 4:59:03 PM
    Created with Ad-aware Personal, free for private use.
    Vendor Type Category Object Comment
    ShowBehind RegValue Data Miner HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ "ShowBehind"
    Possible Browser Hijack attempt RegData Data Miner HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main"Search Page" ("http://www.searchgateway.net/search/") Possible browser hijack attempt
    Possible Browser Hijack attempt RegData Data Miner HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main"Search Bar" ("http://www.searchgateway.net/search/") Possible browser hijack attempt
    Possible Browser Hijack attempt RegData Data Miner HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\SearchURL"" ("http://www.searchgateway.net/search/%s") Possible browser hijack attempt
    Possible Browser Hijack attempt RegData Data Miner HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\Search"SearchAssistant" ("http://www.searchgateway.net/search/") Possible browser hijack attempt
    ShowBehind Folder Data Miner c:\windows\sbnet\
    ShowBehind File Data Miner c:\windows\sbnet\removead.bat
    ShowBehind File Data Miner c:\windows\sbnet\showbehind.exe
    :eek:
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi Mint Chip,

    You did the right thing. Showbehind is a known baddie.
    Also have a look here: http://www.pacs-portal.co.uk/startup_pages/startup_s.php

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.