Smiley Central and other fun programs 1

[mwesol]

Anybody know if Smiley Central is Spyware? My users love to download these things and install. Now even though I have a Windows 2000 Policy that says only certain executables can run these type of Active X apps can be run installed without having Admin privs on the PC. Anyway to tighten this security up so Active X can't be installed?

Thanks
Mike

 

[carrr]

Adware, but not spyware, to the best of my knowledge.

Tired of waiting for an answer? Try asking better questions. See: faq222-2244

 

[carrr]

Depending on the sophisitcation of your users, you could stem this by going to Tools > Internet options > Security > select Internet > go to Custom Level > disable ActiveX downloading here. A google search should lead to how to lock out users from even geting to this internet options interface to undo your restrictions....if I remember correctly.

Tired of waiting for an answer? Try asking better questions. See: faq222-2244

 

[mwesol]

Thanks Carr! Are most of these type like comet cursor and the browser hijackings done through Active X. If I disable Active - X downloading will I be breaking anyh other functionality?

I have run spybot & Adware but these hijackings are getting out of hand. More staff time is being used by taking care of removing the spyware than doing our normal systems work.

Thanks again
Mike

 

[carrr]

A great many malwares use ActiveX as a vehicle.
Being that these are work pcs, I can't see that you'd need ActiveX enabled (they're not going to be able to check Yahoo mail, for example). BUT...if you need to allow some sites that require ActiveX, you might need to dabble in adding "Trusted" sites. This article might help:

http://www.winnetmag.com/WindowsSecurity/Article/ArticleID/20468/WindowsSecurity_20468.html

I agree with your end note. More and more of our time is getting burnt cleaning up after employee surfing sessions.


Tired of waiting for an answer? Try asking better questions. See: faq222-2244

 

[CableInstaller]

mwesol

You have Look2Me trojan installed, as it's current version alters policy for Administrators so removal utilities will not work.
It also resets the policy every reboot, so even if you fix it once, it will be changed by next reboot.

Current Look2Me trojan is ver 124 and can be found using

http://download.broadbandmedic.com/VbStuff/VX2Finder.exe

Post the log it finds, there is some advanced removal techniques used to remove it.

 

[carrr]

cableinstaller
I'm not sure, from any of the information you've read above, how you can make such a diagnosis.
IF the user did have the Look2Me malware, the only "advanced removal techniques" needed is a system restore disable (if applicable) and the Kill2Me tool, which can be found here:

http://www.majorgeeks.com/download4166.html

Tired of waiting for an answer? Try asking better questions. See: faq222-2244

 

[CableInstaller]

carrr

the Kill2Me tool only works with windows 9x versions and was not upgraded to remove the version124 of the current Look2me threat.
Smiley Central is directly related to the whole "FunWebProducts/Bundleware" install which is a known host for the Look2Me trojan.
Troubles with Nt Admin "policies"(which I see now I misread in the original post) is usually the giveaway that L2M is installed.
There is no removal to date I know of that will remove Look2Me from a NT based system, other than the semi-manual remove specified in other postings here.
Ad-aware with updated reference file, now detects the installed files, but cannot remove them.

 

[carrr]

Interesting.
I'd like to know more about the 124 variant.
Haven't seen/heard of it yet. Can you post a link?
Strange that it has slipped the grasp, as the Kill2Me tool successfully removes variants 115-122 from all Windows OS (

http://www.softpedia.com/public/cat/10/17/10-17-178.shtml

,

http://www.majorgeeks.com/download4166.html

), but...I guess you learn something every day.

Tired of waiting for an answer? Try asking better questions. See: faq222-2244