Back to Main Page

The Ugliness: EE affiliate uses virus to spam EE

Well, as the owner of the evidence-eliminator-sucks.com domain, I'm getting pounded by people who have been hit by yet another one of the spamarific tactics of the EE guy's affiliates. They (the affiliates, at least) have come up with a virus based on js.fortnight that makes these peoples' browsers go to EE affiliates' sites in order to scare them into buying Evidence Eliminator.

Preventing the Virus

  1. By this time, Norton Antivirus should have an update that'll stop it. So upgrade your Nortan Antivirus's signature files, and that'll stop it. [Note: The signature file has been updated, I tried to send a copy of the virus payload to someone running an up-to-date Symantec mail filter, and it stripped off the virus!].
  2. According to this article on browser hijacks, two products named Spybot S&D and HijackThis are useful for detecting and preventing browser takeovers. Note: This is not a recommendation, I have not used said products, this is just a Google search result.
  3. A product named AdAware may be helpful in preventing takover by the virus.

Cleaning up after the virus

  1. UPGRADE YOUR OPERATING SYSTEM. The virus exploits a hole in your OS and it'll do no good to erase it if you'll just get re-infected!
  2. Upgrade your Norton Antivirus and make sure it's running!
  3. Check out this article on browser hijacks first for some background information and directions that may work.
  4. See Symantec's security response page on js.fortnight for how to remove the registry entries that the js-evidence-eliminator virus inserted into your system.
  5. These additional registry keys may be affected (see Symantec's page for how to fix them):
  6. Some additional links that may be of help in cleaning this, uhm, crud, out of your system:
Good luck getting this crud off of your system!

Finally, regarding the dipstick who is going around Yahoo Groups saying that Yahoo! is cooperating with the FBI and everybody is going to jail unless they buy Evidence Eliminator: under the Patriot Act, it is illegal to divulge the fact that an investigation is underway. Either this guy is a criminal, or he's a scam artist. Either way, he has all the credibility of the Pope talking about the joys of childbirth. I suspect this is the same dipstick who has been spreading this virus around. If you get one of his lame-o EMAIL's, please let me know, so we can forward that information to the FBI -- creating and distributing a virus is a *CRIME*, and if we can get enough people who were affected by this person, we can put his butt in jail.


Copyright 2003 Eric Lee Green All Rights Reserved
Last modified: Sat Jul 19 22:07:57 MST 2003