Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Eblaster


  • Please log in to reply
14 replies to this topic

#1 Thresh

Thresh

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 27 June 2007 - 02:57 AM

I know i have eblaster and I have done A LOT of research on it. I figured out the hot keys to bring up the program (ctrl+alt+shift+s) but it asks me for a password which I do not have. I have read different ways to remove it and how I need to find it in the System32 folder or System folder. All the files that I am supposed to find I have not. I need help PLEASE!

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,129 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 27 June 2007 - 03:53 AM

Have you seen this link?

How to remove eBlaster
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Thresh

Thresh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 27 June 2007 - 11:53 PM

I have checked that, and it did not work for me, I could not find any of those files. I was able to figure out the hot key to open the program, now I need to be able to figure out this password

#4 buddy215

buddy215

  • BC Advisor
  • 6,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 AM

Posted 28 June 2007 - 06:47 AM

Is the info taken from an article written in 2003 still true as far as the default hotkey info?

http://www.theregister.co.uk/2003/06/16/eb..._achilles_heel/

It is easy to prevent eBlaster from sending e-mail alerts if one is using a firewall product with egress filtering like ZoneAlarm (the native Win-XP 'firewall' does not have this feature), and denying Internet access to explorer.exe. However, this is only a partial solution since the person using eBlaster can check the activity reports whenever they have physical access to the infected machine.

Otherwise the program is quite stealthy. The default hotkey for accessing eBlaster configuration is Alt+Ctrl+Shift+T, but this can be changed by the owner. Of course a careless person might not bother to change it, so if you get a password prompt when you enter Alt+Ctrl+Shift+T, you can be pretty sure you have spyware. The default location for eBlaster log files, C:\WINDOWS\system32\iase\, can also be changed.

Activity reports sent via e-mail are automatically given a dummy return address so the spy won't accidentally forward a report to the person being monitored. Obviously, the reports don't turn up in the victim's 'sent mail' directory.

"If you are not able to physically go to the computer on which you wish to install eBlaster, you may benefit from our Remote Install Add-On, which allows you to e-mail the eBlaster program to the recipient's e-mail address. Perfect for parents with kids away at school or employers with remote offices."


--------------------------------------------------------------------------------



The stand alone program in the link below has two tools in it that may or may not help you find the password. One searches for passwords and the other works by mousing over the hidden password.
http://www.gtopala.com/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”
Lawrence M. Krauss


#5 Thresh

Thresh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 29 June 2007 - 07:20 PM

okay so i downloaded that program, but now how do I use it to figure out the password?

#6 buddy215

buddy215

  • BC Advisor
  • 6,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 AM

Posted 29 June 2007 - 08:13 PM

Click on the icon in the toolbar that has a magnifying glass and the word EUREKA when you mouse over it. When it opens, drag the magnifying glass over any hidden password.

The other tool searches for passwords. In the list of tools on the left, click on SECRETS.

Here's hoping one of those does the trick. Please let me know whether it works or not.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”
Lawrence M. Krauss


#7 Thresh

Thresh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 30 June 2007 - 05:25 PM

Unfortunately none of those worked, Eureka has to have the **** to read the password, and the other that searches for it I must know where I want it to search, it won't just search my whole computer. Thanks though, those were good ideas.

#8 buddy215

buddy215

  • BC Advisor
  • 6,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 AM

Posted 30 June 2007 - 05:39 PM

It was worth a try. That is a good tool to keep around though. I don't know if you checked out the other uses for that program. If you ever need technical info on your hardware or software it will find it.

Do you know how this got on your comp?

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”
Lawrence M. Krauss


#9 Thresh

Thresh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 01 July 2007 - 06:57 PM

Not sure, it's on there though and I need to get rid of it. I tried to mess around with different tools in that program, some useful stuff for other things, but not for this.

#10 buddy215

buddy215

  • BC Advisor
  • 6,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 AM

Posted 01 July 2007 - 07:13 PM

Why not give the Hijack This Team a shot at it. The info on how to post a Hijack This log in the Hijack This Forum is in the link below. Be sure to post in that forum NOT here.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”
Lawrence M. Krauss


#11 Thresh

Thresh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 03 July 2007 - 03:35 AM

I tried that, nobody replied to my posts.

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,129 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 03 July 2007 - 03:38 AM

The HijackThis team are usually very busy and it may take a few days until they get around to your post.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 buddy215

buddy215

  • BC Advisor
  • 6,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:43 AM

Posted 03 July 2007 - 06:28 AM

I can't find where you have posted a Hijack This log.
Here is a link to a program that you might be interested in. It encrypts everything that is typed on your keyboard so that keyloggers decipher what you have typed in search, emails, logins, etc. There is a very limited free version that I believe only encrypts login info.
http://www.qfxsoftware.com/products.htm

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”
Lawrence M. Krauss


#14 Thresh

Thresh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 05 July 2007 - 04:57 AM

The hijackthis log I posted quite awhile ago, so it may be quite a few pages back. Sorry it took so long to reply, was busy on the third and fourth!

#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,129 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 05 July 2007 - 05:02 AM

Thresh, I recommend that you post to the following topic, with a link to your HijackThis post. It may have been overlooked.

Haven't Had A Reply In Five Days?, Post your link
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users