PDA

View Full Version : Dangerous Spyware


ebacon
03-19-2013, 09:42 AM
As you guys know I got suckered into installing spyware on my PC. At first I thought the spyware belonged to the US Govt so I kept my mouth shut. I did not want to blow the cover of US servicemen.

After researching my attackers I think I have figured them out. I suspect they are software developers and/or venture capitalists in Silicon Valley. They spied on my PC and then like the little coward fucks they are they called the US Marines out at Selfridge Air Base and told them I was some sort of counterfeiter.

I think these are the guys and their software is called Relevant Knowledge. It's real. It's dangerous. Don't install it. Check your PC for it. It's a m*ther f*cker to remove.

http://www.zdnet.com/blog/btl/the-missing-glue-in-the-fight-against-malware/1353

Oerets
03-19-2013, 09:44 AM
How did you remove it?



Barney

ebacon
03-19-2013, 09:52 AM
How did you remove it?



Barney


I'm not sure I have yet. I just found another piece in my root directory the other night.

Search you PC for rel*.* and rl*.*

Look for shit like rlvntknldg.exe, rlvntknwldg.dll, etc.

What makes it dangerous is that it installs out in the open. It uses a weasel worded click-though agreement to think you will get money for filling out surveys. It might do that, but behind the scenes the owners are using the data against you if they want.

Oerets
03-19-2013, 10:01 AM
Doubt anyone in the house would click and open anything doing with a survey. Even if they offered compensation. Searched the lap top and nothing. Will pass the info on.

Did you run in safe mode a scan?



Barney

ebacon
03-19-2013, 10:12 AM
Doubt anyone in the house would click and open anything doing with a survey. Even if they offered compensation. Searched the lap top and nothing. Will pass the info on.

Did you run in safe mode a scan?



Barney

No. I did not think of that. I tried removing it by hand and am monitoring my network traffic. I think I'm clean.

What makes it so sneaky is that it says its legitimate software. The virus checkers won't touch it. At least Norton won't.

ebacon
03-19-2013, 10:58 AM
Here is more software from the same company. I would not touch any of it, not even with a stick.

http://downloads.zdnet.com/search/?compid=50273

ebacon
03-19-2013, 12:43 PM
Some more stuff that I would not touch with a stick. I think this stuff is from the same software writer.

http://www.download32.com/christian-carrillo-software.html

bobabode
03-19-2013, 03:16 PM
Doubt anyone in the house would click and open anything doing with a survey. Even if they offered compensation. Searched the lap top and nothing. Will pass the info on.

Did you run in safe mode a scan?



Barney

I'm in that camp. I don't do surveys for love or money. I never ever click on popups. My prefered AV is AVG free and I stay the hell away from adding anything extra.

bhunter
03-19-2013, 03:22 PM
As you guys know I got suckered into installing spyware on my PC. At first I thought the spyware belonged to the US Govt so I kept my mouth shut. I did not want to blow the cover of US servicemen.

After researching my attackers I think I have figured them out. I suspect they are software developers and/or venture capitalists in Silicon Valley. They spied on my PC and then like the little coward fucks they are they called the US Marines out at Selfridge Air Base and told them I was some sort of counterfeiter.

I think these are the guys and their software is called Relevant Knowledge. It's real. It's dangerous. Don't install it. Check your PC for it. It's a m*ther f*cker to remove.

http://www.zdnet.com/blog/btl/the-missing-glue-in-the-fight-against-malware/1353

What did it do that made you aware that there was a problem? Lately, I've had several clients open email supposedly from FedEx that installed various spyware and malware. Since the FedEx scam has been around so long, I'm suprised it's making the rounds again.

bhunter
03-19-2013, 03:41 PM
You likely found this, but here's some instructions for removing RelevantKnowledge:

http://www.exterminate-it.com/malpedia/remove-relevantknowledge#howreg

ebacon
03-19-2013, 03:41 PM
What did it do that made you aware that there was a problem? Lately, I've had several clients open email supposedly from FedEx that installed various spyware and malware. Since the FedEx scam has been around so long, I'm suprised it's making the rounds again.

The software takes your information and downloads it to a server in Reston, VA. Your data is then mined for information related to counterfeit goods and the data is provided to government for enforcement.

That's the published use.

Who knows what the hell else they do with the data.

I won't say what it did that tipped me off. But look at the title of the software -- Relevant Knowledge. Basicly some stuff happened on my PC that made me think, hmmm, whoever sent this to my PC knows me a little too well. Luckily I have friends that work in the data mining business so my spidey sense tingled.

ebacon
03-19-2013, 03:48 PM
The problem is that now I can't trust anyone that tries to befriend me if it looks like they are trying to hide even just a little. Take rajoo for instance. If his username is rajoo on AK then why the hell did he use his corporate name here? Why would any CEO in his right mind associate his company trademark with a political website? That's crazy. One reason people do crazy shit is because they are hiding something.

That's my take.

piece-itpete
03-19-2013, 03:54 PM
Quite a few people here would rather not be linked to their AK account. Good friendships have been strained arguing politics online.

Tube vs SS? Ok. LPs vs CDs? Sure. Those topics stop at murder and usually do not cross over into torture and mutilation first ;)

One little thing about google, the more your name is mentioned the higher on the list you go. My personal opinion is in this little corner of the net I don't care and I doubt anyone would ever make the connection to his company.

I think a little proof is in order, my personal take - not official. I would not be as nice as BeamOn.

Pete

ebacon
03-19-2013, 04:05 PM
Quite a few people here would rather not be linked to their AK account. Good friendships have been strained arguing politics online.

Tube vs SS? Ok. LPs vs CDs? Sure. Those topics stop at murder and usually do not cross over into torture and mutilation first ;)

One little thing about google, the more your name is mentioned the higher on the list you go. My personal opinion is in this little corner of the net I don't care and I doubt anyone would ever make the connection to his company.

I think a little proof is in order, my personal take - not official. I would not be as nice as BeamOn.

Pete

I've laid out my case. If he's innocent then fine. I just can't trust him yet. There are way too many coincidences with his timing, his location, and what happened on my machine. On top of that he never poked his head up until after I questioned 1TubeGuru. Why did rajoo/BeamOn wait until AFTER that event? Because he didn't want to get banned, that's why. And if he wanted to protect his AK identity then he wouldn't have mentioned it. But he did. To gain our trust. Because being an AK member is Relevant Knowledge.

bobabode
03-19-2013, 04:10 PM
Has anyone been banned around here, other than spammers? Pete?

Oerets
03-19-2013, 04:21 PM
Having been infected with nasty's and going to a fresh install before I don't fault anyone for being gun shy.

I do hope that we can have adult conversations here and still be friendly.


Barney

bobabode
03-19-2013, 06:00 PM
What are your internet security settings, Ed.

BlueStreak
03-19-2013, 08:00 PM
You all suck. I hate you. That's why I come here, every effin' day.

Dave

JJIII
03-20-2013, 06:05 AM
Is it my imagination, or does anyone else hear the sound of black helicopters off in the distance?:D

ebacon
03-20-2013, 09:07 AM
Silly. The black ones are silent. Everyone knows that.

ebacon
03-20-2013, 09:11 AM
What are your internet security settings, Ed.

They vary by machine. IIRC Relevant Knowledge's install survey asked how many PCs are in the house. I still need to check my daughter's PC. If they infected my kid then they stepped over the line. There is no contract defense for that.

ebacon
03-20-2013, 09:47 AM
The rats are starting to scurry.

Relevant Knowledge downloads your user information to a web site called relevantknowledge.com (among others). relevantknowledge.com is owned by MarkMonitor, Inc, which was recently aquired by Thomson-Reuters.

Guess who just started sniffing around my LinkedIn page? You guessed it , Thomson-Reuters. And what does Thomson-Reuters do? Oh yeah, they are a news company.

Now can you guys understand why I did not want to click on rajoo's news link?

ebacon
03-20-2013, 09:49 AM
I think they are Ayn Rand zealots.

I'm rollin'. They hatin'.

ebacon
03-20-2013, 10:14 AM
Here is an interesting bit of news. A protoge' of MarkMonitor's CEO went to Ireland and operates a similar company there. Check out what happened in Ireland and who chimed in with a comment.

http://profabm.blogspot.com/2011/12/facebook-changes-privacy-rules-after.html

ebacon
03-20-2013, 10:19 AM
RelevantKnowledge.com and Reuters show up in this book, "Handbook on Electronic Commerce". Might be an interesting read. Or a disgusting one. Depends on which end of the f*cking you are on I guess.

http://books.google.com/books?id=jedOcG9sNUsC&pg=PA718&lpg=PA718&dq=RelevantKnowledge+Reuters&source=bl&ots=V-qsh20WH_&sig=ieHFv8SFnePJZ_Da4SSzxnQfAPo&hl=en&sa=X&ei=I9JJUbWMMuvDyAHZ7oCAAQ&ved=0CDMQ6AEwAA#v=onepage&q=RelevantKnowledge%20Reuters&f=false

Rajoo
03-20-2013, 10:54 AM
Hey eBacon, are you this stupid or easily intimidated or both?
Here is how I introduced myself on this forum, my very first post:
"My user name in AK is "rajoo" but on this forum chosen the name "BeamOn" so I can shed some light on this troubled world we live in. Actually it's the name of my company and we have a cool logo that I plan to use as my avatar if I am allowed to hang around long enough. An engineer by education (Illinois) and a long time small business owner without any affiliation to business groups."
That is full disclosure you idiot. And I am known as the founder of Beam On Technology. President/CEO is the required legal titles for incorporation (C corp.)
So WTF am I hiding? You need to come out of what ever hell hole you live in.
I will not permit assholes like you to ever besmirch my integrity, ever.

ebacon
03-20-2013, 10:58 AM
Hey eBacon, are you this stupid or easily intimidated or both?
Here is how I introduced myself on this forum, my very first post:
"My user name in AK is "rajoo" but on this forum chosen the name "BeamOn" so I can shed some light on this troubled world we live in. Actually it's the name of my company and we have a cool logo that I plan to use as my avatar if I am allowed to hang around long enough. An engineer by education (Illinois) and a long time small business owner without any affiliation to business groups."
That is full disclosure you idiot. And I am known as the founder of Beam On Technology. President/CEO is the required legal titles for incorporation (C corp.)
So WTF am I hiding? You need to come out of what ever hell hole you live in.
I will not permit assholes like you to ever besmirch my integrity, ever.

You may have gotten hit in the crossfire. If so I apologize. But please take away a lesson -- keep your business and politics seperate. No good comes of mixing the two.

Now go ask Obama for more tech money and STFU. You probably want something in return for the $750 you donated to him.

Do you want to keep going? I can do this shit all day.

Rajoo
03-20-2013, 11:13 AM
STFU.

But you don't seem to be able to, but I will as I am done with on this topic.
I have better things to do like run a small company, pay taxes and so on. You on the other hand can spew venom all day. Now please GFY and not too kindly please.

ebacon
03-20-2013, 11:18 AM
But you don't seem to be able to, but I will as I am done with on this topic.
I have better things to do like run a small company, pay taxes and so on. You on the other hand can spew venom all day. Now please GFY and not too kindly please.

Have a nice day, job creator. Tell your Ayn Rand buddies I said hi :D

ebacon
03-20-2013, 12:12 PM
It appears that RelevantKnowledge started out as a clean company. Here is an article from 1998 where they provided traffic data on the growing internet.

http://www.siliconinvestor.com/readreplies.aspx?msgid=4813679

ebacon
03-20-2013, 01:20 PM
Now I get an e-mail from a guy looking for something that has been for sale on CL since forever. Really? Now?

And the phone number he gave me goes back to the same area as Thomson-Reuter's office in SE Michigan? Riiight. As if I'm going to bite that hook.

Looks like the job creators have ruined some CL action. What's their next big idea in their new economy based on hassling each other?

CarlV
03-20-2013, 02:55 PM
I got an email the other day from the Badoo with a hotlink in it. I am glad I web searched the name first. It was in Swedish(?) too BTW. But I did go on Facebook to enter a Newegg contest the other day and I always get weird emails after using the Facebook site so not much of a surprise there.

http://en.wikipedia.org/wiki/Badoo


Carl

ebacon
03-20-2013, 03:03 PM
I was on Facebook and LinkedIn for a while, stopped, and recently rejoined LinkedIn. Now I regret it.

The people that collect the data can't control themselves. On top of that the data serves no useful purpose except for pandering.

wgrr
03-20-2013, 07:24 PM
Quite a few people here would rather not be linked to their AK account. Good friendships have been strained arguing politics online.

Tube vs SS? Ok. LPs vs CDs? Sure. Those topics stop at murder and usually do not cross over into torture and mutilation first ;)

One little thing about google, the more your name is mentioned the higher on the list you go. My personal opinion is in this little corner of the net I don't care and I doubt anyone would ever make the connection to his company.

I think a little proof is in order, my personal take - not official. I would not be as nice as BeamOn.

Pete

I use my same username here as I use on AK. I notice so does ebacon. A little politics/world affairs debate, should not create enemies on AK that happen to visit here. It looks like there are a lot of lurkers here. Each time I see a new member post I am encouraged. Most are too thin skinned to take the heat and leave.

Me, I am a member of a listserv called "Banned". Most of you would not last a couple of days there. I am a sweet schoolboy here because I like a balanced debate and I like the people here. If I were to go rouge, as the wicked bitch from the North says, I would be banned here in a heartbeat.

I have friends that are Libertarians, Members of the Green party, and alas the newly minted Tea party also. I will listen to all points of view when it comes to politics. I may disagree but, if they take offence to my views, and snub me on AK or anywhere else, then fuck them. Is that clear enough?

BlueStreak
03-20-2013, 07:31 PM
I LOVE the heat of battle, when it comes to this. Most of the time I find humor in the insults hurled at me. I dunno, maybe it's having been raised in one of the most morose and darkly sarcastic corners of America, the verbal abuse just bounces off. A minor annoyance at worst........

Regards,
Dave

wgrr
03-20-2013, 07:51 PM
Come on folks, drop Micro$oft. I surf on Linux right now and I am fairly secure as long as I delete my cache everyday. Never open email attachments from an unknown source on Microslop or any other OS.

I am considering going back to UNIX, probably FreeBSD. Unbuntu Linux is getting too popular. Too many security updates.

Unix has ported Linux programs that I am sure are a lot better than seven years ago, and the power of UNIX, in the right hands, can ferret out all kinds of BS and intrusions. There is a learning curve though.

I have not checked out new releases of FreeBSD lately. Looks like a weekend project. I am interested.

ebacon
03-20-2013, 07:53 PM
Well I just checked my PC in safe mode. It looks like the spyware is gone. There are still some pecker tracks in a bunch of .xml and .asp files but I don't yet know where those are. They showed up when I searched the C: drive in Safe Mode but now in regular mode I can't find them. Here is a redacted screen shot from safe mode.

Oerets
03-20-2013, 09:45 PM
Here's to hoping you got rid of the nasties!



Barney

d-ray657
03-20-2013, 10:14 PM
I use my same username here as I use on AK. I notice so does ebacon. A little politics/world affairs debate, should not create enemies on AK that happen to visit here. It looks like there are a lot of lurkers here. Each time I see a new member post I am encouraged. Most are too thin skinned to take the heat and leave.

Me, I am a member of a listserv called "Banned". Most of you would not last a couple of days there. I am a sweet schoolboy here because I like a balanced debate and I like the people here. If I were to go rouge, as the wicked bitch from the North says, I would be banned here in a heartbeat.

I have friends that are Libertarians, Members of the Green party, and alas the newly minted Tea party also. I will listen to all points of view when it comes to politics. I may disagree but, if they take offence to my views, and snub me on AK or anywhere else, then fuck them. Is that clear enough?

Arguing frightens me.

Regards,

D-Ray

piece-itpete
03-21-2013, 07:43 AM
LMAO!!

Pete

ebacon
03-21-2013, 08:29 AM
Arguing frightens me.

Regards,

D-Ray

It frightens rich people, too. That's why they unduly burden workers with taxes that pay US servicemen to fight for the rich. They have a cool phrase for that trick -- cost externalization.

Putting it in economic terms is supposed to take the edge off and sucker workers into thinking they are smart. It's just a mind trick.

ebacon
03-21-2013, 08:53 AM
Here is a story about how malware is used in an attempt to silence writers. This is real stuff.

http://www.zdnet.com/malicious-malware-targets-journalists-free-press-organizations-7000003659/

budgetaudio6
03-28-2013, 11:46 PM
What about that piece of shit north korea...argueing doesnt do anything for me...as most of you well may know from my posts in the past...pretty much why i stopped comming here...being a political forum...well tehy can be fun to read....my threads i dont know...but im sure it has turned me to a thread killer on ak...but i dont really care....you can take my posts or leave tehm. I have had so much gear pass through here on the cheap as you may know...i just dont know if its jealousy or not...i dont know. But at one point i did find reading here interesting....did i skirt around and interest? beside my spelling of course...:D

bhunter
03-29-2013, 07:20 AM
Come on folks, drop Micro$oft. I surf on Linux right now and I am fairly secure as long as I delete my cache everyday. Never open email attachments from an unknown source on Microslop or any other OS.

I am considering going back to UNIX, probably FreeBSD. Unbuntu Linux is getting too popular. Too many security updates.

Unix has ported Linux programs that I am sure are a lot better than seven years ago, and the power of UNIX, in the right hands, can ferret out all kinds of BS and intrusions. There is a learning curve though.

I have not checked out new releases of FreeBSD lately. Looks like a weekend project. I am interested.

Are you familiar with OpenBSD? It's my favorite security/firewall/penetration testing system. I like LinuxMint as a desktop OS, but use the various BSDs for servers. Currently, my desktop GUI of choice is OS X, then again, I used Nextstep for quite a few years. FreeBSD doesn't seem as clean as it was,s say, fifteen years ago, but still is less bloated by default than most of the popular Linux systems. My current gripe is that everyone seems to think that a desktop computer ought behave like a smartphone or a pad device—scrolling horizontally drives me nuts as does Apple's move to a so-called "natural" scrolling direction.

ebacon
03-29-2013, 07:31 AM
The internet is getting nasty. Yesterday Norton antivirus detected a back door trojan on my machine. It could not say where it came from. My hunch is that it might be embedded in the history of neocon videos that I posted. I watched those the night before.

Is it possible for virusus to propagate through videos?

ebacon
03-29-2013, 07:41 AM
Looks like it is at least possible for a virus to spread through YouTube.

http://www.informationweek.com/trojans-lurking-in-fake-video-postings-o/199905685

merrylander
03-29-2013, 08:05 AM
I run Avira anti-virus and Malwarebytes, yet yesterday I was trying to login to AK and I got a Yahoo message that some anti phishing software on my PC was causing problems.

So I look and sure enough Panda Software had somehow installed their anti-phishing software. Soon go rid of that, it is like those programs that come with installing someone else's toolbar in Explorer.

wgrr
03-29-2013, 09:00 AM
Are you familiar with OpenBSD? It's my favorite security/firewall/penetration testing system. I like LinuxMint as a desktop OS, but use the various BSDs for servers. Currently, my desktop GUI of choice is OS X, then again, I used Nextstep for quite a few years. FreeBSD doesn't seem as clean as it was,s say, fifteen years ago, but still is less bloated by default than most of the popular Linux systems. My current gripe is that everyone seems to think that a desktop computer ought behave like a smartphone or a pad device—scrolling horizontally drives me nuts as does Apple's move to a so-called "natural" scrolling direction.

No, I have not explored the new UNIX operating systems for PC's lately. I need to do some research. Thanks for the info. I

merrylander
03-29-2013, 09:17 AM
I used to have a SUN worhstation, 20" monitor Pizza box computer with max memory and Free standing tower with Tape drive and Hard drive,

While loading Open BSD I had enough time to read a good novel.

ebacon
03-29-2013, 09:25 AM
I have an old HP X4000 workstation like that. It is from about 1998 with dual Xeon 2GHz processors. It's a workhorse when it gets going, but the power on self test (POST) is so thorough that it takes about five minutes to execute.

bhunter
03-29-2013, 01:54 PM
I used to have a SUN worhstation, 20" monitor Pizza box computer with max memory and Free standing tower with Tape drive and Hard drive,

While loading Open BSD I had enough time to read a good novel.

Are you referring to the Openlook GUI? The OpenBSD OS requires very little in resources. I used to run it on a SparcStation 10 with no problems. Come to think of it, I really liked those Sparc pizza box machines.

icenine
03-29-2013, 02:07 PM
I used to install Slackware and play with that....and I run Linux Mint on the PC my wife uses.

I could never configure X when I tried to install Free BSD....and I was pretty good at doing stuff like modifying the kernal to install things like Nvidia drivers.

merrylander
03-29-2013, 02:53 PM
Are you referring to the Openlook GUI? The OpenBSD OS requires very little in resources. I used to run it on a SparcStation 10 with no problems. Come to think of it, I really liked those Sparc pizza box machines.

Reading it in off those giant cassettes was not the fastest thing in town.

ebacon
03-29-2013, 03:00 PM
Reading it in off those giant cassettes was not the fastest thing in town.

ROFL :D

When I worked in research we had a computer that still used 8" floppy discs. Whenever the "computer guy" loaded software he would hold the disc like a pizza box and announce, "Watch out! Coming through with the disc!"

Good times.