[unisog] New Virus?

Kevin T. Shivers kts at umd.edu
Thu Feb 12 18:43:09 GMT 2004


On Tue, 10 Feb 2004, Phillip G Deneault wrote:

> A student reported that this link was sent to her via AOL Instant 
> Messanger:
> 
> http://www.wgutv.com/osama_capture.php?lmpZ
> 
> A LOT of systems on campus are currently trying to connect to it from my
> Class-B and I cannot connect to anything on the IP address that this URL
> is resolving to(currently 63.251.131.235).
> 
> I'm not sure if this is a new virus, but it sure seems like one... or else 
> someone really did capture Osama. :-)
> 
> Phil

http://vil.nai.com/vil/content/v_101007.htm

It's Adware.  Basically Infectees just need to go to Add/Remove programs 
and remove the following:

    * BuddyLinks
    * PSDT Messaging Integration
    * PSD Tools ChannelUp v1.0 (remove only)

That should remove the BuddyLinks Adware stuff.  Anti-Virus software that 
searches for "potentially unwanting programs" and "joke programs" should 
also turn this up.

I actually got quoted in our school newspaper thanks to this little 
Adware. (I'd post the URL but it's not online yet, just in the print 
version.)

kts

-- 
Kevin T. Shivers

IT Security Analyst                                CSS4417
Office of Information Technology            (301) 405-8836
University of Maryland, College Park
OIT Security: (301) 226 HACK




More information about the unisog mailing list