BingoBingo
@shawcable.net |  reply to Randy Bell
Re: The trojan Clean Space 8.
Oh well. Maybe I made a mistake then. OK;).
Teosoft and clean space 8 needs to be checked out, IMHO.
BingoBingo. |
|
K McAleavey
Premium
join:2003-11-12
Voorheesville, NY
| reply to BingoBingo
BOClean detects that also - I back up the TDS folks on this 100% as we often work together on these things. It was carefully examined by a number of us who, in addition to "back doors" also protect against "foistware," "spyware" and other nasties ... What saddens me in particular is that like the infamous "Evidence Eliminator" clowns like these are trading on years of good will based on products we've made since 1995 known as NSClean and IEClean which this product also claims to do. That required us to take some EXTRA steps in our own protocols since it would look mighty nasty for us to declare a so-called "Competitor" malware.
But here's the details as presented to us when we decided to include it in BOClean after verifying the claims made ourselves:
Every other page pl0ps this * fake* alert:
»www.teocash.com/cgi-bin/warning2···d=493539
==================================
ISP INVESTIGATION
Your computer has been tracked.
=======================================
After the very big guys have taken your home by storm and switched your computer on, you will face very big problems. Have you ever thought what you'll answer in the court to the following question: " Have you visited an illegal site by chance or deliberately?" To avoid answering this question and facing very big problems use the package of software and services Clean Space developed by TeoSoft Company.
Protect your privacy now!
Use CLEAN SPACE for your protection
»collections.inhost.info/privacy.html
After UNINSTALLING the program, you end up with the following:
========================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSNSysRestore"="C:\\WINDOWS\\SYSTEM\\pc32.exe bg"
===================================================
Which is nothing but a virus hawk!
Similar reports:
»groups.google.com/groups?hl=en&l···N&tab=wg
Received: pc32.exe
Seems to be an incarnation of the infamous EE trash!
First, they trash you with junkware and later try to 'force' you the ultimate cure that leaves this trash behind...hmmmmm
Next, allowing all to execute, namely mshta, produced:
-main.exe; divx.exe on the desktop.
--------------------------------------
First FW alert (before disabling it)
"'MAIN.EXE' from your computer wants to connect to vs.mastak.ru [217.106.234.104], port 80
One of the *BIG* downsides of "freeware" is that you get what you pay for ... and in many cases, "and THEN some."  |
|
K McAleavey
Premium
join:2003-11-12
Voorheesville, NY
| Important addition - the words between:
"Every other page pl0ps this * fake* alert:"
and
"First FW alert (before disabling it)
"'MAIN.EXE' from your computer wants to connect to vs.mastak.ru
[217.106.234.104], port 80"
are NOT mine ... those were the comments by the analysis team that submitted this to us ... we work with a number of independent researchers who find, analyze and turn in these kinds of "critters" in addition to our OWN team. Just wanted to make it clear that all of those words are quoted from the researchers, and are not MY or "our" opinion as to the products mentioned ... |
|
catseyenu
Ack Pfft
Premium
join:2001-11-17
Fix East
| reply to K McAleavey
said by K McAleavey  :
After UNINSTALLING the program, you end up with the following:
========================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSNSysRestore"="C:\\WINDOWS\\SYSTEM\\pc32.exe bg"
===================================================
Which is nothing but a virus hawk!
Similar reports:
»groups.google.com/groups?hl=en&l···N&tab=wg
One of the *BIG* downsides of "freeware" is that you get what you pay for ... and in many cases, "and THEN some."
Priceless?;)
--
Cox Support Arrogance... faster than you can say spam. |
|
dino195
join:2003-08-30 | just had them hit me with a cox warning and i'm pissed. If I can find a way i'll take them out. nothing pisses me off more than threatening spam. |
|
GS Monks
@shawcable.net | reply to BingoBingo
Teosoft is malware/spyware. I'm still trying to get it off my hard-drive. |
|
b11ng00
join:2003-12-26
Canada
1 edit | Look here and see if you can find teosoft. Delete it if you do.
That's how to disable it. Or rename it to theosoft or some other name word. That'll disable it too.
Look here for it.
Start button \ Run button \ type regedit hit enter \ HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main \ Search page
Start button \ Run button \ type regedit hit enter\HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Currentversion \ Run |
|
josef
@213.175.x.x | reply to BingoBingo
what url was be in search page? |
|
StevenMc
@65.66.x.x
| reply to K McAleavey
Many thanks, K McAleavey! I had been experiencing problems for a few days and had already deduced that Clean Space 8 was most likely my problem. I uninstalled it, and then started getting hits on the file by McAfee SecurityCenter stating that the file was attempting to write information to the registry. I simply searched google for the file name to find your post, which left no doubt in my mind that the folks at teosoft are in the business of publishing viruses. Since installing their program, I also received at least 3 messages from organizations stating that a virus had been sent to them from my email address. My Outlook file did not contain any messages to the companies or individuals claiming that I had sent them an infected email, which leads me to believe there is more inside Clean Space 8 than you guys have discovered and posted here.
Again, my sincerest thanks for your posting!:) Have a great year!!
Steven |
|
