« Windows error reports | Main | More info on BuddyLinks »
February 11, 2004
Buddylinks spyware
Update: Brad sent along this link with more information.
I got infected with some spyware last night (despite running ad-aware and McAfee). It was called BuddyLinks. It came disguised in an Osama game. I downloaded it from www.wgutv.com. Since Ad-aware doesn't yet seem to be aware of this and there is quite a bit to removing it (Thanks for the help Brad), here are some basic instructions.
1. Go to Add or Remove programs in the control panel. I had a program called BuddyLinks. Remove it if it is there. Ed had it too but said it was named PSD tools and that there were 2 entries.
2. In explorer go to C:\Program Files\Common Files\PSD Tools. The exe should be gone if the remove worked OK, but if not delete it from there.
3.Search the registry using regedit for "BLMessagingIntegration". I found one key that caused it to be run at startup. Delete any keys you find.
4. Go to C:\WINDOWS\Downloaded Program Files (assuming you have everything installed in the default location) and delete ShellInstaller.
5. (optional). I also added two lines to my hosts file that I use to block ad servers
0.0.0.0 www.buddylinks.net
0.0.0.0 www.wgutv.com
I think that should be it. I'm really sorry if I infected you. As far as I can tell the spyware doesn't do anything more malicious than send out that link to random people on your AIM buddy list (thus causing havoc, grief, and other pandemonium).
Posted by mikel at February 11, 2004 12:42 PM
Comments
Post a comment
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)