- Apr 30, 2001
- 8,691
- 1
- 81
I'm posting this to try to alert some people out there to a new trojan virus which is installed *with* the following software:
- Bearshare 2.4.0 Beta 7
- LimeWire 2.02
- Kazaa (unspecified versions)
- Grokster 1.33
- Net2Phone (unspecified versions)
- BonziBUDDY (unspecified versions)
Here is what is known so far:
These software packages are bundled with an infected adware installer called "ClickTillUWin", which carries the "backdoor.trojan" or "W32.DlDer.Trojan".
This virus is a relatively new one, and as of today (12/30/01) the following virus scanners will NOT detect this virus:
- McAfee
Here are the virus scanners which WILL detect this virus:
- Norton Antivirus (latest virus definitions ONLY!)
- TrendMicro online
Here is a description of the trojan:
This trojan is a Visual C++ compiled program. Upon execution it drops a file named DLDER.EXE under the %windows% directory. After modifying the registry, the trojan connects to the site www.2001-007.com and and provides the user's IP address and default browser. It then sends an incrementing integer that possibly indicates the number of infected computers.
Upon installation of these file-sharing programs, TROJ_DLDER.A is also installed on the computer without the user?s knowledge. Aside from the file DLDER.EXE in the %windows% folder, a hidden folder named "explorer" is also created in the %windows% folder. The hidden folder contains a file named EXPLORER.EXE. (more)
I hope I don't get flamed for posting a virus warning here, but I thought it would be a good idea given the number of affected software packages involved here.
Please check out these links for more discussion of this virus:
Anandtech Discussion
Anandtech Discussion #2
Anandtech Discussion #3
BearShare.net Discussion
LimeWire Discussion (scroll to bottom)
DSLReports Discussion
DSLReports Discussion #2
- Bearshare 2.4.0 Beta 7
- LimeWire 2.02
- Kazaa (unspecified versions)
- Grokster 1.33
- Net2Phone (unspecified versions)
- BonziBUDDY (unspecified versions)
Here is what is known so far:
These software packages are bundled with an infected adware installer called "ClickTillUWin", which carries the "backdoor.trojan" or "W32.DlDer.Trojan".
This virus is a relatively new one, and as of today (12/30/01) the following virus scanners will NOT detect this virus:
- McAfee
Here are the virus scanners which WILL detect this virus:
- Norton Antivirus (latest virus definitions ONLY!)
- TrendMicro online
Here is a description of the trojan:
This trojan is a Visual C++ compiled program. Upon execution it drops a file named DLDER.EXE under the %windows% directory. After modifying the registry, the trojan connects to the site www.2001-007.com and and provides the user's IP address and default browser. It then sends an incrementing integer that possibly indicates the number of infected computers.
Upon installation of these file-sharing programs, TROJ_DLDER.A is also installed on the computer without the user?s knowledge. Aside from the file DLDER.EXE in the %windows% folder, a hidden folder named "explorer" is also created in the %windows% folder. The hidden folder contains a file named EXPLORER.EXE. (more)
I hope I don't get flamed for posting a virus warning here, but I thought it would be a good idea given the number of affected software packages involved here.
Please check out these links for more discussion of this virus:
Anandtech Discussion
Anandtech Discussion #2
Anandtech Discussion #3
BearShare.net Discussion
LimeWire Discussion (scroll to bottom)
DSLReports Discussion
DSLReports Discussion #2
Facebook
Twitter