Back to Main Page
The Ugliness: EE affiliate uses virus to spam EE
Well, as the owner of the evidence-eliminator-sucks.com domain, I'm getting
pounded by people who have been hit by yet another one of the spamarific
tactics of the EE guy's affiliates. They (the affiliates, at least) have
come up with a virus based on js.fortnight that makes these peoples'
browsers go to EE affiliates' sites in order to scare them into buying
Preventing the Virus
- By this time, Norton Antivirus should have an update that'll stop it. So
upgrade your Nortan Antivirus's signature files, and that'll stop it. [Note: The signature file has been updated, I tried to send a copy of the virus payload to someone running an up-to-date Symantec mail filter, and it stripped off the virus!].
- According to this article on
browser hijacks, two products named Spybot S&D and HijackThis are useful for detecting and preventing browser takeovers. Note: This
is not a recommendation, I have not used said products, this is just a Google search result.
- A product named AdAware may be helpful in preventing takover by the virus.
Cleaning up after the virus
Good luck getting this crud off of your system!
- UPGRADE YOUR OPERATING SYSTEM. The virus exploits a hole in your OS and it'll do no good to
erase it if you'll just get re-infected!
- Upgrade your Norton Antivirus and make sure it's running!
- Check out this article on
browser hijacks first for some background information and directions that may work.
- See Symantec's security response page on js.fortnight for how to
remove the registry entries that the js-evidence-eliminator virus
inserted into your system.
- These additional registry keys may be affected (see Symantec's page for how to fix them):
- HKCU\Software\Microsoft\Internet Explorer\Main\Search Page
- HKCU\Software\Microsoft\Internet Explorer\Main\Search Bar
- HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab
- HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AdvancedTab
- Some additional links that may be of help in cleaning this, uhm, crud, out of your system:
Finally, regarding the dipstick who is going around Yahoo Groups
saying that Yahoo! is cooperating with the FBI and everybody is going to
jail unless they buy Evidence Eliminator: under the Patriot Act, it is illegal
to divulge the fact that an investigation is underway. Either this guy
is a criminal, or he's a scam artist. Either way, he has all the credibility
of the Pope talking about the joys of childbirth. I suspect this is the
same dipstick who has been spreading this virus around. If you get one
of his lame-o EMAIL's, please let me know, so we can forward that information
to the FBI -- creating and distributing a virus is a *CRIME*, and if we
can get enough people who were affected by this person, we can put his
butt in jail.
Copyright 2003 Eric Lee Green All Rights Reserved
Last modified: Sat Jul 19 22:07:57 MST 2003