Zelda Classic installs hyjack brower

Discussion in 'privacy problems' started by Mint Chip, Sep 6, 2003.

Thread Status:
Not open for further replies.
  1. Mint Chip

    Mint Chip Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    4
    http://zeldaclassic.armageddongames.net/thirdparty.shtml zc190.zip

    installs two program a data tracker showbehind.exe and a hyjack browser to change your search engine page.

    I usually do a scan with AdWare after downloading software. I downloaded Zelda Classic at 4:52 Sept and did the scan a few minutes later. It found a program called showbehind.exe. I believe AdAware disabled it function but I also went in and deleted the folder for the program.

    This is the results.

    Ad-aware 6 Scanning Result, 9-2-2003 4:59:03 PM
    Created with Ad-aware Personal, free for private use.
    Vendor Type Category Object Comment
    ShowBehind RegValue Data Miner HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ "ShowBehind"
    Possible Browser Hijack attempt RegData Data Miner HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main"Search Page" ("http://www.searchgateway.net/search/") Possible browser hijack attempt
    Possible Browser Hijack attempt RegData Data Miner HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main"Search Bar" ("http://www.searchgateway.net/search/") Possible browser hijack attempt
    Possible Browser Hijack attempt RegData Data Miner HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\SearchURL"" ("http://www.searchgateway.net/search/%s") Possible browser hijack attempt
    Possible Browser Hijack attempt RegData Data Miner HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\Search"SearchAssistant" ("http://www.searchgateway.net/search/") Possible browser hijack attempt
    ShowBehind Folder Data Miner c:\windows\sbnet\
    ShowBehind File Data Miner c:\windows\sbnet\removead.bat
    ShowBehind File Data Miner c:\windows\sbnet\showbehind.exe
    :eek:
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Mint Chip,

    You did the right thing. Showbehind is a known baddie.
    Also have a look here: http://www.pacs-portal.co.uk/startup_pages/startup_s.php

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.