B
bomb#20
DarkSentinel said:That wasn't the question, now was it? He said that nothing was going
to slip into the C:\windows folder. I just proved otherwise. Whether
it is low-impact or not, has no bearing. WAS it found in that
directory? Yes, it was. Be it virus, malware, trojan, whatever. Don't
try changing the parameters on the fly, just because you don't like
the answer. Here is the link to the description of the threat.
http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2006-062612-1530-99&tabid=1
Notice what it says under behavior...
Behavior
CasinoOnNet is an application that allows users to play online
gambling games. The software has reportedly been installed on
computers without notice or consent and is a potentially unwanted
program.
Without notice or consent it says. That fits the bill for needing
protection wouldn't you say? And it DID slip past Vista's built in
security as well. I don't game or gamble on line. So this crap got
picked up somewhere while I was researching something, and was added
WITHOUT telling me, and WITHOUT my consent. That alone fits the bill
for needing protection for me and others.
The question you have to ask right now IS...
If a low-risk threat got past, what's to stop a high risk threat from
doing the same thing? I for one would rather be overly anal about
security, and be protected, than lose my data because I took a
lackadaisical view towards it.
Technical details from the Symantec page you supplied:
Updated: June 1, 2007 3:46:06 PM
Type: Potentially Unwanted App
Risk Impact: Low
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When CasinoOnNet is installed, it creates the following files:
%ProgramFiles%\CasinoOnNet\Casino.exe
%ProgramFiles%\CasinoOnNet\INSTALL.LOG
%ProgramFiles%\CasinoOnNet\UNWISE.EXE
%ProgramFiles%\CasinoOnNet\Unwise.ini
%ProgramFiles%\CasinoOnNet\Utils\CasinoOnNet.exe
%ProgramFiles%\CasinoOnNet\Utils\CCRD.iss
%ProgramFiles%\CasinoOnNet\Utils\Conditions.txt
%ProgramFiles%\CasinoOnNet\Utils\CST.iss
%ProgramFiles%\CasinoOnNet\Utils\ecinw.iss
%ProgramFiles%\CasinoOnNet\Utils\ExtractZip.dll
%ProgramFiles%\CasinoOnNet\Utils\mfc42.dll
%ProgramFiles%\CasinoOnNet\Utils\Msvcp60.dll
%ProgramFiles%\CasinoOnNet\Utils\msvcrt.dll
%ProgramFiles%\CasinoOnNet\Utils\Pl.iss
%ProgramFiles%\CasinoOnNet\Utils\sdlconf.cxm
%ProgramFiles%\CasinoOnNet\Utils\SoundDrv.dll
%ProgramFiles%\CasinoOnNet\Utils\TarotBonusGamesDLL.dll
%ProgramFiles%\CasinoOnNet\Utils\ToolTips.ini
%ProgramFiles%\CasinoOnNet\Utils\ViSBonusGamePlayer.ocx
%UserProfile%\Desktop\Casino-on-Net.lnk
%UserProfile%\Start Menu\Programs\Casino-on-Net\Casino-on-Net.lnk
%UserProfile%\Start Menu\Programs\Casino-on-Net\Uninstall Casino-on-Net.lnk
The program then creates numerous folders, .mpg files, and .bmp files under the %ProgramFiles%\CasinoOnNet folder.
Next, the program creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Casino-on-Net
HKEY_ALL_USERS\Software\CasinonetInstaller
HKEY_ALL_USERS\Software\casinoonnet
HKEY_ALL_USERS\Software\VHLD
As you can see , no mention of CasinoOnNet affecting Vista.
No mention of it writing any files to the Windows folder.
No mention of Install.exe
No mention of Install.$$A
Are you sure you were running Vista ?
If you were running Vista I would contact Symantec as I am sure they would love to blow their own trumpet
about blocking something that Vista couldn't.
..