GET /lm/imp_rxt.asp spyware

#1 (**permalink**) 10-27-2005, 01:01 AM

This seems to be a new spyware with no record over the Internet.
My son has installed it from Kazza today.

The browser seems to send information as it browses the Internet, with
url information to:
206.252.137.82 www.srch-results.com

I am researching the removal of this pest.
It is not LSP type of intrusion.

Do you have any idea regarding it?

No. Time Source Destination
Protocol Info
2687 32.139751 10.0.0.5 206.252.137.82 HTTP
GET /lm/imp_rxt.asp?si=19902&k=sip%20telephone HTTP/1.1

Hypertext Transfer Protocol
GET /lm/imp_rxt.asp?si=19902&k=sip%20telephone HTTP/1.1\r\n
Request Method: GET
Accept: */*\r\n
Accept-Language: en-us\r\n
Accept-Encoding: gzip, deflate\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n
Host: www.srch-results.com\r\n
Connection: Keep-Alive\r\n
Cookie: ASPSESSIONIDCAQBQSDC=BMLLDOGAMGPNDBAFNGOCADID;
ASPSESSIONIDSABTASSD=HKCILAPCCELEJAKGFIDJPMCG\r\n
\r\n

#2 (**permalink**) 10-27-2005, 02:19 AM

From: "mik" <rivael_il@yahoo.com>

|
| This seems to be a new spyware with no record over the Internet.
| My son has installed it from Kazza today.
|
| The browser seems to send information as it browses the Internet, with
| url information to:
| 206.252.137.82 www.srch-results.com
|
| I am researching the removal of this pest.
| It is not LSP type of intrusion.
|
| Do you have any idea regarding it?
|
| No. Time Source Destination
| Protocol Info
| 2687 32.139751 10.0.0.5 206.252.137.82 HTTP
| GET /lm/imp_rxt.asp?si=19902&k=sip%20telephone HTTP/1.1
|
| Hypertext Transfer Protocol
| GET /lm/imp_rxt.asp?si=19902&k=sip%20telephone HTTP/1.1\r\n
| Request Method: GET
| Accept: */*\r\n
| Accept-Language: en-us\r\n
| Accept-Encoding: gzip, deflate\r\n
| User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\r\n
| Host: www.srch-results.com\r\n
| Connection: Keep-Alive\r\n
| Cookie: ASPSESSIONIDCAQBQSDC=BMLLDOGAMGPNDBAFNGOCADID;
| ASPSESSIONIDSABTASSD=HKCILAPCCELEJAKGFIDJPMCG\r\n
| \r\n

You can't go by what the adware/spyware connects to. You need the software that makes the
connection to make a determination of what the malware is.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

#3 (**permalink**) 10-28-2005, 01:50 AM

"mik" <rivael_il@yahoo.com> wrote in message
news:1130374915.264212.105010@g49g2000cwa.googlegr oups.com...
>
>
> This seems to be a new spyware with no record over the Internet.
> My son has installed it from Kazza today.
>
> The browser seems to send information as it browses the Internet, with
> url information to:
> 206.252.137.82 www.srch-results.com
>
##################################
Go to that URL and scroll to the bottom. Click on uninstall instructions. It
will take you to
http://www.srch-results.com/hyperlin.../uninstall.asp
donnie.

#4 (**permalink**) 10-31-2005, 01:07 AM

Thanks Donnie!