Gnutella Forums  

Go Back   Gnutella Forums > Current Gnutella Client Forums > LimeWire+WireShare (Cross-platform) > Open Discussion topics
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Today's Posts

Open Discussion topics Discuss the time of day, whatever you want to. This is the hangout area. If you have LimeWire problems, post them here too.


Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old December 30th, 2001
Unregistered
Guest
 
Posts: n/a
Post p2p Trojan info

A trojan called dlder.exe is hidden in a mutlitude of p2p apps.

The most prominent are Kazza and Limewire, Grokster, and the new Bearshare Beta.

It is a hidden part of the ClickTiluWin adware. The people of Limewire and kazza and Bearshare did not even know it was a trojan.

This is a newly discovered trojan, but it has been in distribution for quite some time. Tens of thousands must have been infected.


For more information see the Bearshare forums


Description which is somewhat incomplete:
The following was obtained from TrendMicro
W32.DlDer.Trojan

TROJ_DLDER.A
(continued from profile page)

In the wild: No
Detection available: December 27, 2001
Detected by pattern file#: 191 or 991
(note about pattern numbering)
Detected by scan engine#: 5.200
Language:
English
Platform: Windows
Encrypted: No
Size of virus: ~31,232 bytes / ~40,960 bytes

Details:
This trojan is a Visual C++ compiled program. Upon execution it drops a file named DLDER.EXE under the %windows% directory. It adds the registry entries:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run
Dlder=“%windows%\dlder.exe”
HKEY_LOCAL_MACHINE\Software\games\clicktilluwin

After modifying the registry, the trojan connects to the site and provides the user's IP address and default browser. It then sends an incrementing integer that possibly indicates the number of infected computers.

This trojan program is also installed along with two file-sharing programs, Grokster 1.3.3 and LimeWire 2.0.2. Both programs are downloadable from the website Grokster is downloaded from the *US-site* as SETUP.EXE and LimeWire as LIMEWIREWIN.EXE.

Upon installation of these file-sharing programs, TROJ_DLDER.A is also installed on the computer without the user’s knowledge. Aside from the file DLDER.EXE in the %windows% folder, a hidden folder named "explorer" is also created in the %windows% folder. The hidden folder contains a file named EXPLORER.EXE. The following files are also created:

C:\Program Files\Clicktilluwin\clicktilluwin.htm
C:\Program Files\Clicktilluwin\game.ico
C:\Windows\Start Menu\Programs\Clicktilluwin\clicktilluwin.lnk
C:\Windows\Desktop\Clicktilluwin.lnk


It may also add the registry entry:

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run:
Dlder = "%windows%\explorer\explorer.exe"

Last edited by 6_pac; February 1st, 2008 at 12:37 AM.
Reply With Quote
  #2 (permalink)  
Old December 30th, 2001
anti-bearshare
Guest
 
Posts: n/a
Default

If the downloads from LimeWire.com do not contain this trojan then you need to stop spreading this false information. You should always download from the companies own location for any product you may want. Third-party downloads may result in each things being added than otherwise would not be. But since I run FreeBSD http://www.freebsd.org , I dont have to worry about spayware or any kind of stupid Windows non-sense like this. :]
Reply With Quote
  #3 (permalink)  
Old December 30th, 2001
Unregistered
Guest
 
Posts: n/a
Default

the trojan is bundled with the installer

no seperate download required
Reply With Quote
  #4 (permalink)  
Old December 30th, 2001
anti-bearshare
Guest
 
Posts: n/a
Default

Then download the "Other" package from http://www.limewire.com/index.jsp/download_other , its a zip.
Reply With Quote
  #5 (permalink)  
Old December 30th, 2001
Devotee
 
Join Date: November 23rd, 2001
Posts: 29
bub2000 is flying high
Angry

Symantec just identified this trojan on my computer and I downloaded LW 2 from Limewire.com. Yet another reason to stop using Limewire.
Reply With Quote
  #6 (permalink)  
Old December 30th, 2001
SMoon2
Guest
 
Posts: n/a
Default Virus is in the limewire download

I just downloaded from limewire directly as well, and Norton popped right up..

w32.DlDer.Trojan,

altho it was in the Ctywinstaller.exe file

temp/RarSFX/dlder.exe
Reply With Quote
  #7 (permalink)  
Old December 30th, 2001
Data Cartridge
 
Join Date: July 13th, 2001
Posts: 144
Becker is flying high
Default

Quote:
Originally posted by bub2000
Symantec just identified this trojan on my computer and I downloaded LW 2 from Limewire.com. Yet another reason to stop using Limewire.
yet another reason? it wasnt just limewire... i thought it was just bearshare, but after reading this, it is the ad-ware people.. burn them at the key board!!
Becker
Reply With Quote
  #8 (permalink)  
Old December 30th, 2001
Unregistered
Guest
 
Posts: n/a
Default

I recomend getting ad-aware.
Ad-Aware @ Lavasoft - The Original Anti-Spyware Company - Lavasoft (both in english and totally free)

Last edited by 6_pac; February 1st, 2008 at 12:36 AM.
Reply With Quote
  #9 (permalink)  
Old December 31st, 2001
Unregistered
Guest
 
Posts: n/a
Default

Ad-aware is a program that detects spyware on your computer. I keep it on my desktop and scan my PC whenever I download anything from the Internet. I feel bad for those unsuspecting people that are not aware of the spyware secretly being installed. Kind of like Cowards hiding and blending in amoungst us... remind you of anyone?
Reply With Quote
  #10 (permalink)  
Old December 31st, 2001
Novicius
 
Join Date: December 31st, 2001
Posts: 2
webslave is flying high
Default Adaware not aware of this new ad Trojan.

The trojan in:

- Bearshare 2.4.0 Beta 7
- LimeWire 2.02
- Kazaa (unspecified versions)
- Grokster 1.33
- Net2Phone (unspecified versions)

will eventually start popping up adverts in IE (even when not online).

Ad aware - when I last checked - does not remove this. Nor will Norton.

If you've not installed LimeWire 2 - then do not install it. This needs to be sorted first.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
197.7 Trojan/malware info luthier Open Discussion topics 2 October 12th, 2006 07:57 PM
current frame cpu info input output size info on downloaded movies please help peterwom BearShare Open Discussion 0 September 17th, 2005 09:15 AM
Hey--we almost got our first trojan on OSX! stief General Mac OSX Support 11 April 13th, 2004 03:13 AM
Trojan horse Becker BearShare Open Discussion 12 February 11th, 2002 06:58 PM
*Trojan Horse!! ChronKyrios BearShare Open Discussion 8 March 6th, 2001 08:29 AM


All times are GMT -7. The time now is 09:03 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.