KaZaA users brace for hijack (more than a million PCs could be hijacked)

Sydney Morning Herald ^ | April 30 2002 | Nathan Cochrane

[Poohbah]

Ah, the joys of trojanware!

[Huck]

I use Grokster. It's decent. About 500,000 users at any given time.

[dead]

I use Morpheus, but I think that might be the same thing as Kazaa. I also have Kazaa on my desktop, but not for long.

[Johnny Gage]

I stopped using Morpheus because their new "preview edition" sucks crap, and I could never get anything to download.

I found another one called "Bear Share" that is easier to use and appears more user friendly than Morpheus/Kazaa.

I think I'll look at Grokster too.. I've heard from others that use that one.

[Krafty123]

I used to use Morpheus too... For music, I find winmx works best... Also check out KazaaLite - KMD with all the spyware stuff stripped out.

Ari

[proxy_user]

NAT is the answer. Broadband users, learn how to configure your router. Just because you have an app listening on a port on a PC on your intranet doesn't mean you have to let outsiders connect. Get a hardware firewall and use it!

[JenB]

Did you guys get all traces of this system off your PCs? Even the hidden files?

[AdA$tra]

When all the traffic generated by this "Distributed computing" hits my part of the Internet world, my cable connection is going to look like a dial-up connection. I have Kazaa on an old p133 in the basement. A few months ago I needed some old file off of it. I shared my C: drive for about 15 minutes. In that time 5 different intruders traveling via Kazaa planted various trojan files on my old PC. The trick is to not share the C:\Windows directory, of which I was aware at the time, but underestimated the amount of damage that could be inflicted in 15 minutes.

[Penny1]

I couldn't find the hidden files that Cnet said I should look for...which makes me very nervous.

[IoCaster]

Ad Aware <---latest version

This will remove all the trojan/spyware.

[AdA$tra]

I brought home an extra SonicWall firewall appliance from work. I recomend the Linksys router to my friends/clients as it is less than $100.00 on the web and has a built in 10/100 auto-sensing 4 port switch included. Both of these allow for easy setup of NAT between your perimeter and secure or un-routable side of your home network.

[MarkL]

NAT is the answer. Broadband users, learn how to configure your router. Just because you have an app listening on a port on a PC on your intranet doesn't mean you have to let outsiders connect. Get a hardware firewall and use it!

Sorry, but you're wrong... A trojan works like the "Trojan Horse." Once it's inside your NAT router, it connects to the outside from within your network. The only way to block it is by knowing what port the trojan will use, and then blocking that port at the router. Most people who will buy a HW firewall (i.e. not businesses) will use the plug and play features, never really configuring the device.

Mark

[Benson_Carter]

check out Kazaa Lite but be sure to download LavaSoft's AdWare first, which will remove all trojans/adware/spyware on your computer.

Also, who wants to talk about this new "tax" they talk about? This is brought to you by our friends at the RIAA, those evil bastard... more backdoor legislation, just like the inflated price of blank video/audio cassettes due to the hidden tax that goes to combat the MPAA/RIAA 'a "losses" from piracy.

Speaking of all this horsecrap, check out this LONG but WORTHWHILE read, FRANK'S NIGHTMARE, which is transcript of the infamous U.S. Senate, Committee on Commerce, Science and Transportation hearing from THURSDAY, SEPTEMBER 19, 1985. Yes, the same hearing brought forward by our friends Al and Tipper Gore!

this makes me so mad I can hardly type.

TAR AND FEATHER ALL CONGRESSIONAL LOBBYISTS NOW!!!

[Principled]

Thanks for the link, IoCaster.

Good bye Morpheus.

[HairOfTheDog]

They are there Penny - I found them and uninstalled them...

Here are the instructions from C/Net for removing them: Link: How to uninstall Brilliant Digital's software

By John Borland
Staff Writer, CNET News.com
April 3, 2002, 4:10 PM PT

Brilliant Digital Entertainment quietly installs its own software with every copy of the Kazaa file-swapping software. The Brilliant Digital software, which is being progressively distributed over the next few weeks, can later be remotely "turned on" to become part of a new network.

Executives from Brilliant Digital and Kazaa's parent company say people can uninstall the Brilliant Digital or Altnet software from their computers without interfering with the Kazaa program itself. This is true, but it's not an easy process.

These three steps will remove most traces of the Brilliant Digital software from most machines. CNET News.com did it using a computer running Windows 2000, but the same process should work for other Windows operating systems. Please be aware, however, that these instructions represent just one uninstall method and may not be suitable for all machines and software configurations.

CNET Networks assumes no liability in publishing these instructions, which people may choose to follow at their own risk. As always, it's a good idea to make a backup of any critical files before proceeding.

1. In the Windows Control Panel, select an option called "Add/Remove Programs." One of the options will be "b3d Projector." Highlight this and click the "Change/Remove" button.

You may get a message that the uninstall has been successful. Search your computer for a "BDE" folder, which most likely will be found in the "WinNT" or "Windows" directory. In this folder will be a file called "bdeclean.exe". Run this to finish the first part of the process. Delete the BDE folder.

Caution: An unrelated piece of software called Borland Database Engine also creates a BDE directory. If you think you may have this software installed, or if there is any confusion whatsoever, do not delete this directory.

2. In the "Temp" directory (this will normally be found inside the "Windows" or "WinNT" directory) is a folder called "Brilliant." This contains many files. Delete the entire folder.

3. After performing steps 1 and 2, you will need to locate and remove some additional Brilliant Digital files that have been placed in critical system-level computer directories. CAUTION: Deleting the wrong files could interfere with the normal functioning of your computer. These files will most likely be in the "WindowsSystem" or "WinNTSystem32" folder:

bdedownloader.dll
bdedata2.dll
bdefdi.dll
bdeinsta2.dll
bdeinstall.exe
bdesecureinstall.cab
bdesecureinstall.exe
bdeverify.exe
bdeverify.dll

Delete these files.

[JenB]

Thank you!!!

I just installed and ran that program, thinking there wouldn't be anything.... guess what? There were 35 gator files sitting on my computer. I have NO idea how they get there as I NEVER download shareware or click pop up ads or anything. This program is getting run twice a week from now on!

[Dick Vomer]

If I have Kazaa and have removed the files that were mentioned do I have a problem? Also how will I know if my computer is "hijacked"?

[MarkL]

I couldn't find the hidden files that Cnet said I should look for...which makes me very nervous.

Are you using Windows2000? There's an undocumented registry setting known as "super hidden," which will hide files from Explorer, even if you tell the system to show them. The only way to see them is by opening a command prompt and using DIR FILENAME /S /A /P . This was an exploit used by a number of the Nimda variants to really screw with me!

Here are a few links:

1

2

Mark

[HairOfTheDog]

Another thing to consider Penny, if you still don't find them after following the steps again. - hadn't you had Kazaa on your machine for awhile before our recent escapade? - I think these BDE files are a fairly recent addition that you may have lucked out on, - just a theory.