(Alternative Title: "Nobody Likes A Cheat")
The following table shows you what the pornstarguru site will try to download and install onto your computer. It is all EASILY removed using AdAware, or you can remove the rubbish manually by deleting the registry keys and files listed below. Just to be safe, empty your IE cache and delete any files in c:\windows\temp or equivalent.
If you are running ZoneAlarm, free from http://www.zonelabs.com/store/content/home.jsp or any other firewall, Tinybar.exe doesn't get the chance to phone home. As for the search engine and home page hijackings, delete the registry keys and Internet Explorer will revert back to its original defaults. Go to Internet Explorer, Tools, Internet Options, Security (Internet Zone) Ensure that the option to download "signed" activex controls is set to PROMPT so that hijackware cannot install silently.
For lots more information about Internet Explorer hijacking and how to avoid them go to Prevent browser hijackings
Vendor | Type | Category | Object | Comment |
---|---|---|---|---|
Possible Browser Hijack attempt | RegData | Data Miner | HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main"Search Page" ("http://www.couldnotfind.com/search_page.html?&account_id=131067") | Possible browser hijack attempt |
Possible Browser Hijack attempt | RegData | Data Miner | HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main"Search Bar" ("http://www.couldnotfind.com/search_page.html?&account_id=131067") | Possible browser hijack attempt |
Possible Browser Hijack attempt | RegData | Data Miner | HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Search"SearchAssistant" ("http://www.couldnotfind.com/search_page.html?&account_id=131067") | Possible browser hijack attempt |
Possible Browser Hijack attempt | RegData | Data Miner | HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main"Start Page" ("http://www.slotch.com/?&account_id=131067") | Possible browser hijack attempt |
xxx-toolbar | Process | Malware | c:\windows\tinybar.exe | |
xxx-toolbar | RegKey | Data Miner | HKEY_CLASSES_ROOT:CLSID\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}\ | |
istbar | RegKey | Malware | HKEY_CLASSES_ROOT:ISTactivex.Installer\ | |
istbar | RegKey | Malware | HKEY_CLASSES_ROOT:ISTactivex.Installer.1\ | |
istbar | RegKey | Malware | HKEY_CURRENT_USER:Software\IST\ | |
SearchbarCash | RegKey | Malware | HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Code Store Database\Distribution Units\{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}\ | |
istbar | RegKey | Malware | HKEY_CLASSES_ROOT:TYPELIB\{8C752C5E-3C10-4076-AF0A-FFC69FA20D1B}\c:\windows\downloaded program files\istactivex.dll | |
istbar | File | Malware | c:\windows\downloaded program files\istactivex.dll | |
istbar | RegKey | Malware | HKEY_LOCAL_MACHINE:Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll\ | |
istbar | RegValue | Malware | HKEY_LOCAL_MACHINE:Software\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\windows\downloaded program files\istactivex.dll | |
istbar | File | Malware | c:\windows\downloaded program files\istactivex.inf |
SOAP BOX EDITORIAL
The rules of the game say that 'spamming' an address to try and get more hits is prohibited. The owner of the above pornstarguru address has been including the shortened URL as part of his signature... He may not be breaking the letter of the law, but he sure seems to be breaking the 'spirit' of the law by posting his page's address, disguised as a shortened URL, to newsgroups. Specifically the anti-spam policy says:
"PornStarGuru.com prohibits its members from using
spam and other forms of Internet abuse to gain character advantages. Spam is
defined as including, but not limited to, the following:
Electronic mail messages addressed to a recipient with whom the initiator does
not have an existing business or personal relationship or is not sent at the
request of, or with the express consent of, the recipient;
Messages posted to Usenet and message boards that are off-topic (unrelated to
the topic of discussion), cross-posted to unrelated newsgroups, or posted in
excessive volume;
Solicitations posted to chat rooms, or to groups or individuals via Internet
Relay Chat or "Instant Messaging" system (such as ICQ);
Certain off-line activities that, while not considered spam, are similar in
nature, including distributing flyers or leaflets on private property or where
prohibited by applicable rules, regulations, or laws.
PornStarGuru.com may undertake, at its sole discretion and with or without prior
notice, the following enforcement actions...."
Copyright © 1999 - 2004, Sandra Hardmeier, No content may be reproduced without the express written permission of the author.
Reproduction, in any form, of information on this site is prohibited without
express written permission.
Microsoft is in no way affiliated with, nor offers endorsement of, this site
Last updated Saturday, May 06, 2006