Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about economics of the iLivid rootkit cleanup I'm in the middle of


  • Please log in to reply
2 replies to this topic

#1 bwales

bwales

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 29 June 2012 - 10:02 AM

I'm cleaning up a laptop that was recently infected with a rootkit that installed iLivid, searchqu and some other browser redirection piece.

Am I correct in assuming that the person spreading the rootkit infection is somehow paid by iLivid and searchqu? I would like to learn more about how that happens and if there is anything those entities could do to prevent the malware author from profiting or do they quietly condone this?

Thanks

Edit: Moved topic from Breaking Virus & Security News to the more appropriate forum. ~ Roger

Edited by rotor123, 29 June 2012 - 10:56 AM.


BC AdBot (Login to Remove)

 


#2 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:53 AM

Posted 05 August 2012 - 05:45 PM

Hi Bwales

I have been offered the iLivid downloader several times and always resisted the temptation to install it, but with regard to the economics of the situation, malware writers get their payback in several ways.

At its simplest, there is scareware :- "Your computer is infected with umpteen thousand infections, send us money and we will clean it !". If you send them money ( don't, ever ) (1) they have your money; (2) they have your credit card details; (3) you still have the infection !

Next there are silent things like keyloggers, quietly working away sending somebody your passwords and other log-in data. This can be deadly if you do on-line banking for example.

Then there are trojans which just take over your computer and use it to generate spam or worse. This has happened to at least three of my acquaintances. Usually the first you know that this is happening is when your e-mail account gets suspended.

There are other means of making money by infecting some innocent bystander's computer - click-jacking for example - but it all comes down to criminal endeavour. Gone are the days when it was some smart-alec bored teenager playing games to show how smart he ( usually ) is.

I think, but would not stand up in court and testify, that iLivid itself is a legitimate product, but I have only come across it on one or two 'interesting' websites which are the sort of places you can very easily pick up malware along with anything like iLivid you may legitimately wish to download.

I assume by now that this computer is clean and its owner happy - I hope you made sure he had up to date protection and that it is kept up to date.

Chris Cosgrove

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:53 AM

Posted 06 August 2012 - 02:02 PM

iLivid is a download manager which includes the Searchqu toolbar.

Many toolbars, Add-ons, screensavers, and weather monitoring programs come bundled with other software and can be the source of various issues and problems to include Adware. They usually can be removed via Add/Remove Programs from the Control Panel or Programs and Features in Vista/Windows 7, so always check there first.

If using Firefox or Google Chrome, please refer to:
When done, be sure to restart the computer. <- Important!

In order to change Searchqu as your homepage setting please refer to the link for your browser:


Reset Internet Explorer or go here and click the Posted Image button.

This will automatically reset registry keys and the browser back to the way it was when initially installed. If you check the Delete personal settings checkbox in Advanced settings, it will reset the home page(s), search providers and Accelerators to their default values. It will also delete temporary Internet files, history, cookies, web form information (passwords) and InPrivate Filtering data.

-- Note: Microsoft Fix it does not work in Windows 7. Instead, you can use the Internet Explorer troubleshooters to achieve this automatically.itially installed. Then clear your browser history.

If using FireFox, refer to these instructions to reset all user preferences, toolbars and search engine to their default settings using Firefox Safe Mode.

iLivid also has removal instructions posted here: How do I uninstall the software?

You may also want to read:

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users