Spywarebomb,, a newcomer?? never heard of it myself.

(2 Pages)
1
2
→

You cannot start a new topic
You cannot reply to this topic

Spywarebomb,, a newcomer?? never heard of it myself. Rate Topic: 1 Votes

#1 Guest_AM2_*

Group: Non-Member - Guests

Posted 11 June 2007 - 06:18 AM

hxxp://www.spywarebomb.com/about.htm

anyone had any exposure to this application?

a one time poster just put this up at computercops.

http://www.castlecops.com/p951689-My_new_a...ood.html#951689

#2 Donna

Guinea Pig???

Group: Admin - Site
Posts: 17,374
Joined: 11-October 03

Users Awards

Posted 11 June 2007 - 06:42 AM

http://www.symantec.com/security_response/...-050122-2434-99

SpywareBomb is a misleading application that may give exaggerated reports about potential risks on the computer.

http://www.symantec.com/security_response/...-99&tabid=2
Infection Length: 3,469,312 bytes
Risk Impact: Low
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, Windows 2000

When the program is executed, it creates the following files:
%ProgramFiles%\Spyware Bomb [VERSION]\3eolmc.dll
%ProgramFiles%\Spyware Bomb [VERSION]\albmhe.dll
%ProgramFiles%\Spyware Bomb [VERSION]\dbmusth.dll
%ProgramFiles%\Spyware Bomb [VERSION]\fntiemrs.dll
%ProgramFiles%\Spyware Bomb [VERSION]\ipseagr.dll
%ProgramFiles%\Spyware Bomb [VERSION]\meutr3fv.ocx
%ProgramFiles%\Spyware Bomb [VERSION]\mrthrepf.dll
%ProgramFiles%\Spyware Bomb [VERSION]\scanning.gif
%ProgramFiles%\Spyware Bomb [VERSION]\sporpmse.dll
%ProgramFiles%\Spyware Bomb [VERSION]\SpywareBomb.url
%ProgramFiles%\Spyware Bomb [VERSION]\unins000.dat
%ProgramFiles%\Spyware Bomb [VERSION]\unins000.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Bomb.lnk
%UserProfile%\Desktop\Spyware Bomb.lnk
%ProgramFiles%\Spyware Bomb [VERSION]\Spyware Bomb on the Web.lnk
%ProgramFiles%\Spyware Bomb [VERSION]\Spyware Bomb.lnk
%ProgramFiles%\Spyware Bomb [VERSION]\Uninstall Spyware Bomb.lnk
%ProgramFiles%\Spyware Bomb [VERSION]\ipuhtens.dll

Next, it creates the following registry subkeys:
HKEY_ALL_USERS\Software\VB and VBA Program Settings\Spyware Bomb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Bomb_is1

The program also creates the following registry entry, so that it starts when Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"SpywareBomb" = "C:\Program Files\Spyware Bomb [VERSION]\SpywareBomb.exe"

It then gives exaggerated reports about potential risks on the computer.

#3 Guest_AM2_*

Group: Non-Member - Guests

Posted 11 June 2007 - 06:56 AM

Donna, on Jun 10 2007, 11:52 PM, said:

THIS NEEDS TO BE POSTED AT COMPUTERCOPS.

#4 Donna

Guinea Pig???

Group: Admin - Site
Posts: 17,374
Joined: 11-October 03

Users Awards

Posted 11 June 2007 - 06:58 AM

http://www.malwareby...base.php?id=338
SpywareBomb is a rogue antispyware utility that uses false positives to lure the user into buying the product.

The above was added in RogueRemover database last May 24th

#5 Donna

Guinea Pig???

Group: Admin - Site
Posts: 17,374
Joined: 11-October 03

Users Awards

Posted 11 June 2007 - 06:59 AM

Please post it in CC as I can't login there for months already. Thanks!

#6 Guest_AM2_*

Group: Non-Member - Guests

Posted 11 June 2007 - 07:01 AM

Donna, on Jun 11 2007, 12:09 AM, said:

Please post it in CC as I can't login there for months already. Thanks!

Posted at CCSP.
I'll ask PAUL to fix your account.

#7 Donna

Guinea Pig???

Group: Admin - Site
Posts: 17,374
Joined: 11-October 03

Users Awards

Posted 11 June 2007 - 07:11 AM

Thanks for posting at CC. It should help by warning users who might fall by downloading SpywareBomb and installing it.

Paul already tried to fix the account many times. I can post there if I create a new account. If I go back, login will fail again. I can create another account again and post but problem will occur again and again.

It's not a problem with their board software but my connection

I had the same problem at Gladiator, Lavasoft, ASAP and other forums and was fixed after many months too.
I didn't do anything but my ISP.
It's tiring but I'm not losing hope to be able to access again other forums like CC.

#8 Donna

Guinea Pig???

Group: Admin - Site
Posts: 17,374
Joined: 11-October 03

Users Awards

Posted 11 June 2007 - 07:12 AM

I refresh the page but I didn't see your post yet at CC.

#9 guest

Contributor

Group: Non-Member - Guests
Posts: 3,812
Joined: 26-November 03

Posted 11 June 2007 - 07:25 AM

Quote

Paul and I already tried to fix the account many times. I can post there if I create a new account. If I go back, login will fail again. I can create another account again and post but problem will occur again and again.

It's not a problem with their board software but my connection

I have the same problem posting over at ComputerCops but I don't worry about it as one of the reasons I wanted to post there was to give my input about WinPatrol but as WinPatrol has become so rock solid for me I don't worry :silly:

Spywarebomb's sites are in the hpHOSTS file :protect:

#10 hewee

hewee

Group: Member - MVC
Posts: 5,021
Joined: 12-May 04

Posted 11 June 2007 - 08:35 AM

I posted a link to this thread over there at CC.

#11 gdhopcroft

SeaEagle

Group: Member - Mod Emeritus
Posts: 2,719
Joined: 01-February 04

Posted 11 June 2007 - 12:39 PM

AM2, on Jun 11 2007, 04:28 PM, said:

http://www.spywarebomb.com/about.htm

anyone had any exposure to this application?

a one time poster just put this up at computercops.

http://www.castlecops.com/p951689-My_new_a...ood.html#951689

A few days ago, at SpywareInfo, they had a similar one-time spam post, like this one, trying to "recommend" something called Spyware-Sweeper (my bolding, to show the differentiation between the "software" they were trying to flog, and the more respectable Webroot SpySweeper).

Every week, a different one, it seems.