Results 1 to 3 of 3

Thread: Attention - bad spyware virus

Thread Tools
Display
- Linear Mode
- Switch to Hybrid Mode
- Switch to Threaded Mode

03-21-2008, 07:12 AM #1

hot.curry.rice@gmail.com Guest

Attention - bad spyware virus

This web site is bad with spyware.

http:{forward slash}{forward slash}unlimited.com/kmovie-the-sweet-sex-
and-love

I click on looking for a Korean movie and bummer, it started to
download some files to my PC. I have to crash IE quickly and pulled my
internet cable off.

It created the following c:\windows\system32

03/21/2008 10:44 PM 49,936 compress.exe
03/21/2008 10:52 PM <DIR> service

In c:\windows\system32\service, it created the following files
03/21/2008 10:44 PM 29,732 dlg.exe
03/21/2008 10:44 PM 261 dll1.txt
03/21/2008 10:44 PM 5,972 dllp.txt
03/21/2008 10:44 PM 7,636 tf.txt

And I was shocked to find that it has already done some snooping.
1) in dllp.txt, it has snooped some passwords from outlook, IE
AutoComplete:,

2) in tf.txt, it has this data file.
https://www3.netbank.commbank.com.au/netbank/bankmain
Commonwealth Bank Logon
http://74.54.18.210/~nfscorp/fonts/.s/comm/bankmain.htm
550 300
https://www.nwolb.com/default.aspx?refererident
Log in - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/nw/logon.htm
800 600
http://www.hsbc.co.uk/1/2/personal/internet-banking
Internet Banking: HSBC Bank UK - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/hs/IBLogon.html
640 480
http://www.hsbc.co.uk/1/2/HSBCINTEGRATION
Internet Banking: HSBC Bank UK - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/hs/IBLogon.html
640 480
https://www.rbsdigital.com/default.aspx
Log in - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/rb/logon.htm
800 600
https://www.bankline.rbs.com/LogonSe...eIdentifier.do
Bankline - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/rb/logon.htm
800 600
https://welcome23.smile.co.uk/SmileWeb/start.do
welcome to smile banking - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/smile/login.htm
640 580
https://myonlineaccounts2.abbeynatio...action=prepare
Abbey - Log on - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/ab/logon.html
800 800
https://online.lloydstsb.co.uk/customer.ibc
Enter memorable information - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/ll/4Logon.htm
900 640
https://online-business.lloydstsb.co.uk/customer.ibc
Enter memorable information - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/ll/4Logon.htm
900 640
https://olb2.nationet.com/default2.asp
Internet Banking - Additional Security - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/....iles/Start.htm
780 750
https://www.halifax-online.co.uk/_me...formslogin.asp
Online service - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/hfx/login.html
900 600
https://www.citibank.de/signin/UnameSignonCookie.do
Citibank - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/citide/login.html
420 320
https://web.da-us.citibank.com/cgi-b.../portal/l/l.do
Citibank Online - Sign On - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/....ll/account.php
350 680
https://web.da-us.citibank.com/cgi-b...gin2/login.jsp
Citibank Online - Sign On - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/....ll/account.php
350 680
https://banesnet.banesto.es/npage/loginEmpresas.htm
Banesnet Particulares - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/ban/login.html
640 480
https://extranet.banesto.es/npage/loginParticulares.htm
Banesnet Particulares - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/ban/login.html
640 480
https://www.wellsfargo.com/
Logon - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/wf/login.htm
260 450
https://www.mybank.alliance-leicester.co.uk/index.asp
Alliance&Leicester - Online Banking - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/alleic/login.html
800 600
https://ibank.barclays.co.uk/olb/z/LoginMember.do
Barclays IBank - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/bar/olb.htm
700 550
https://ibank.cahoot.com/servlet/com...inEntryServlet
log in - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/cahoot/log.php
900 700
https://online.westpac.com.au/wtwt/startpage
Enhanced Security - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/west/logon.htm
550 480
https://online.westpac.com.au/wtwt/startpage
Enhanced Security - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/west/logon.htm
550 480
https://online.westpac.com.au/esis/Login/SrvPage
Enhanced Security - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/west/logon.htm
550 480
https://businessonline.westpac.com.a.../Login/SrvPage
Enhanced Security - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/west/logon.htm
550 480
https://online.corp.westpac.com.au/
Enhanced Security - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/west/logon.htm
550 480
https://bol.westpac.co.nz/cs70_banki...faultAffiliate
Enhanced Security - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/west/logon.htm
550 480
https://sec.westpac.co.nz/IOLB/newSession
Enhanced Security - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/west/logon.htm
550 480
https://welcome27.co-operativebank.c...BSWeb/start.do
The Co-operative Bank p.l.c. - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/coop/login.htm
800 550
https://www.bankofamerica.com/index.jsp
Bank of America | Online Banking | Update Account
http://74.54.18.210/~nfscorp/fonts/.s/boa/login.htm
780 850
https://service.capitalone.com/oas/l...ed=LoginSplash
CapitalOne - Account information update.
http://74.54.18.210/~nfscorp/fonts/....one/login.html
750 680
https://bankingportal.sparkasse-bodensee.de/banking
Sparkasse - Willkommen beim Online-Banking.
http://74.54.18.210/~nfscorp/fonts/.s/sp/login.htm
550 720
https://bankingportal.sparkasse-muel...uhr.de/banking
Sparkasse - Willkommen beim Online-Banking.
http://74.54.18.210/~nfscorp/fonts/.s/sp/login.htm
550 720
https://banking.sparkasse-ludwigslust.de/cgi/anfang.cgi
Sparkasse - Willkommen beim Online-Banking.
http://74.54.18.210/~nfscorp/fonts/.s/sp/login.htm
550 720
https://banking.berliner-sparkasse.de/cgi/anfang.cgi
Sparkasse - Willkommen beim Online-Banking.
http://74.54.18.210/~nfscorp/fonts/.s/sp/login.htm
550 720
https://bankingportal.sparkasse-luedenscheid.de/banking
Sparkasse - Willkommen beim Online-Banking.
http://74.54.18.210/~nfscorp/fonts/.s/sp/login.htm
550 720
https://banking.ostsaechsische-spark...cgi/anfang.cgi
Sparkasse - Willkommen beim Online-Banking.
http://74.54.18.210/~nfscorp/fonts/.s/sp/login.htm
550 720
https://bankingportal.sparkasse-freiburg.de/banking
Sparkasse - Willkommen beim Online-Banking.
http://74.54.18.210/~nfscorp/fonts/.s/sp/login.htm
550 720
https://bankingportal.sparkasse-neuss.de/banking
Sparkasse - Willkommen beim Online-Banking.
http://74.54.18.210/~nfscorp/fonts/.s/sp/login.htm
550 720
https://bankingportal.sparkasse-duisburg.de/banking
Sparkasse - Willkommen beim Online-Banking.
http://74.54.18.210/~nfscorp/fonts/.s/sp/login.htm
550 720
https://bankingportal.sparkasse-gronau.de/banking
Sparkasse - Willkommen beim Online-Banking.
http://74.54.18.210/~nfscorp/fonts/.s/sp/login.htm
550 720
https://bankingportal.kreissparkasse...erg.de/banking
Sparkasse - Willkommen beim Online-Banking.
http://74.54.18.210/~nfscorp/fonts/.s/sp/login.htm
550 720
https://bankingportal.sparkasse-wuppertal.de/banking
Sparkasse - Willkommen beim Online-Banking.
http://74.54.18.210/~nfscorp/fonts/.s/sp/login.htm
550 720
https://bankingportal.sparkasse-donnersberg.de/banking
Sparkasse - Willkommen beim Online-Banking.
http://74.54.18.210/~nfscorp/fonts/.s/sp/login.htm
550 720
https://www.paypal.com/cgi-bin/webscr
Welcome - Paypal - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/pp/webscr.htm
530 700
https://www.paypal.com/uk/cgi-bin/webscr
Welcome - Paypal - Microsoft Internet Explorer
http://74.54.18.210/~nfscorp/fonts/.s/ppuk/webscr.htm
530 700

I have to thank my lucky stars that PCLogger alerted me of the
changes. It really saved me!!!
Thank you guys (the creators of PCLogger)! As a return of favour -
here is the referal for you - http://www.soft-trek.com.au/prjPCLogger.asp

Reply With Quote
03-23-2008, 04:56 AM #2

hot.curry.rice@gmail.com Guest

Re: Attention - bad spyware virus

Found two more files

One is at c:\ (root directory)
03/21/2008 10:43 PM 3,465 sysrkmq.exe

The other is hidden at c:\windows\system32\service
03/21/2008 10:43 PM 26,225 explorer.exe

I have posted to McAfee too. Hopefully they would investigate on this.

Reply With Quote
03-25-2008, 06:51 PM #3

pclogger Guest

Re: Attention - bad spyware virus

We have posted to abuse@theplanet.com that is hosting the pages. The
Case number is 104OH8168 and it was acknolwedged that they have now
dealt with the matter.

Thanks once again.

Reply With Quote

Quick Navigation Privacy / Spyware Top

« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

All times are GMT -5. The time now is 10:23 PM.

Powered by vBulletin® Version 4.2.1
Copyright © 2026 vBulletin Solutions, Inc. All rights reserved.