Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Email Solicitations?


  • Please log in to reply
3 replies to this topic

#1 lillady_48

lillady_48

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 08 May 2006 - 12:20 PM

I recieved an email solicitation to be a part of testing a product known as Algebrator. Here is the download link: http://www.seo99.com/alg3029.exe

I bought the product a couple of years ago and have never recieved anything from them. But I was looking up the website and found this and I got to wondering is this ( below) just a way for someone to put a virus in my email if I downloaded it?

BleepingComputer.com > Winhound.exe Infection
www.seo99.com/kasp.txt Judging by dates - all those happened on my old PC where I didn't have any virus protection. (I just transfered all mail folders to ...
www.bleepingcomputer.com/ forums/lofiversion/index.php/t36987.html - 290k -


Thanks
Lillady

BC AdBot (Login to Remove)

 


#2 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:09:55 PM

Posted 08 May 2006 - 12:54 PM

The Algebrator link appears to be legitimate. I downloaded and installed it and scanned it and there is nothing there but the Algebrator program. I'm not sure what you're referring to in the kaspersky link, because I can't see anything in that scan that relates to Algebrator or seo.com.

No, there's nothing in it that will affect your email.

I just transfered all mail folders to ...
www.bleepingcomputer.com/ forums/lofiversion/index.php/t36987.html


Really? I have no idea how or why you would do that. The worst thing that could happen if this was actually possible would be for anyone who looked at it to become infected. Did someone ask you to do that?

#3 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:08:55 PM

Posted 08 May 2006 - 12:58 PM

I recieved an email solicitation to be a part of testing a product known as Algebrator. Here is the download link: http://www.seo99.com/alg3029.exe

I bought the product a couple of years ago and have never recieved anything from them. But I was looking up the website and found this and I got to wondering is this ( below) just a way for someone to put a virus in my email if I downloaded it?

BleepingComputer.com > Winhound.exe Infection
www.seo99.com/kasp.txt Judging by dates - all those happened on my old PC where I didn't have any virus protection. (I just transfered all mail folders to ...
www.bleepingcomputer.com/ forums/lofiversion/index.php/t36987.html - 290k -


Thanks
Lillady


I believe that www.bleepingcomputer.com/ forums/lofiversion/index.php/t36987.html
is a reference to this topic at Bleeping Computer


---> Winhound.exe Infection, followed steps but still....
http://www.bleepingcomputer.com/forums/t/36987/winhoundexe-infection/

Here is the actual source of the text in above quote.

http://www.bleepingcomputer.com/forums/ind...ndpost&p=204521

Judging by dates - all those happened on my old PC where I didn't have any virus protection.
(I just transfered all mail folders to the new PC)


What the above Bleeping Computer topic and Algebrator have to do with one another I have no idea.

Edited by Scarlett, 08 May 2006 - 01:13 PM.

Posted Image

#4 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:09:55 PM

Posted 08 May 2006 - 01:10 PM

Just for kicks I downloaded the file and then uploaded it to Virus Total and Jotti for analysis. Like they say on the Jotti web site: "You're free to (mis)interpret these automated, flawed statistics at your own discretion."

Virus Total Results:


Avast 4.6.695.0 05.08.2006 no virus found
AVG 386 05.08.2006 no virus found
Avira 6.34.1.58 05.08.2006 no virus found
BitDefender 7.2 05.08.2006 no virus found
CAT-QuickHeal 8.00 05.08.2006 no virus found
ClamAV devel-20060426 05.08.2006 no virus found
DrWeb 4.33 05.08.2006 no virus found
eTrust-InoculateIT 23.72.2 05.07.2006 no virus found
eTrust-Vet 12.4.2199 05.08.2006 no virus found
Ewido 3.5 05.08.2006 no virus found
Fortinet 2.71.0.0 05.08.2006 no virus found
F-Prot 3.16c 05.08.2006 no virus found
Kaspersky 4.0.2.24 05.08.2006 no virus found
McAfee 4757 05.08.2006 no virus found
Microsoft 1.1372 05.08.2006 no virus found
NOD32v2 1.1524 05.08.2006 no virus found
Norman 5.90.17 05.08.2006 no virus found
Panda 9.0.0.4 05.08.2006 no virus found
Sophos 4.05.0 05.08.2006 no virus found
Symantec 8.0 05.08.2006 no virus found
TheHacker 5.9.7.140 05.08.2006 no virus found
UNA 1.83 05.06.2006 no virus found
VBA32 3.11.0 05.08.2006 no virus found


Jotti Results:

The Jotti engine was too busy to help.

I then installed this program on a shop computer, and it installed ok, although I have already noticed two funny things. 1) There was no End User License Agreement (EULA) that usually you have to agree to, and 2) when I open the program and click on HELP > ABOUT nothing happens. Usually a window would open telling what version the program is, and where to get support etc. In fact, nothing in the help menu works at all.

Then I scanned the computer with AVG Anti Virus - clean. Then I scanned using Microsoft Defender - also clean.

EDIT:
I don't know who owns seo99.com as their registry says:

Registrant:
Domains by Proxy, Inc


You register a domain name with Domains by Proxy, Inc. if you don't want anyone finding out who you are. That may or may not be significant. A lot of people who spread malware use Domains by Proxy, but so do a lot of legit people.

www.seo99.com/kasp.txt simply refers to a page named kasp.txt (a text file) that contains a report from a kaspersky scan. These are usually huge reports and can be too big to post in the forums here at BC. The person who created the kasp.txt file was being helped by someone in the HiJackThis forum here at BC, and that is why they created this page, but it has nothing to do with the algebra program from what I can tell. Somehow this person had access 'behind the scenes' at www.seo99.com in order to create this page.

Edited by Albert Frankenstein, 08 May 2006 - 01:26 PM.

ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users