Home › Forums › Archives › Instant Messaging › AIM Support › SECURITY WARNING: “We captured Osama” Link
- This topic has 28 replies, 19 voices, and was last updated 20 years, 2 months ago by irresistible49X.
-
AuthorPosts
-
February 11, 2004 at 3:07 pm #84818dewskyMember
Hey everyone:
I am a total dork, and I installed the Osama game. So I thought I had deleted the program completely, not only using the link you guys have put on here as the uninstall program but literally deleting everything off my hard drive down to the cookies. It keeps re-installing itself, so I keep having it put back on my computer as a program. Is there anything I can do to make this program go away for good? I’ve signed off AIM so my buddy list won’t get infected. This is just annoying, and I want to be able to use AIM again on my computer! Please help if you can! Thanks 🙂
February 12, 2004 at 2:18 am #84816RizzanoMemberFIXED IT: HERE IS THE SIMPLE FIX!!!!!
Download HijackThis 1.97
Run ItDelete/Fix the following registry keys IF they appear in your list:
C:Program FilesCommon FilesTotem SharedUninstall0001upd.exe
O4 – HKLM..Run: [Uninstall0001] “C:Program FilesCommon FilesTotem SharedUninstall0001upd.exe” LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 – HKCU..Run: [PSD Tools Channel] C:Program FilesCommon FilesPSD ToolsChannelUp.exe
O4 – HKCU..Run: [BLMessagingIntegration] C:Program FilesCommon FilesPSD Toolsblengine.exe
O16 – DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) – http://download.buddylinks.net/ShellInstaller.cab
PLEASE NOT: Norton, Ad-Aware, SpyBot, or anything else referred to does not fix this, so far, HijackThis is the only known (as far as I know) program to fix it.
Hope this helps, it worked for me.
February 12, 2004 at 3:43 am #84800CharlesMemberSources to look at:
http://vil.nai.com/vil/content/v_101007.htm
http://www.aim.com/help_faq/security/faq.adp?aolp=
If installed visit the first link to make sure that the uninstall (done manually or automatically, supposedly) was completed and that ALL traces of this software are removed to prevent further spread of the adware.
February 12, 2004 at 5:14 am #84807ExeterDelMonMemberFebruary 12, 2004 at 6:05 am #84805IgniteMemberI wrote a tool to remove this virus/adware tool automatically:
http://www.parent-tools.com/files/BlockAIMSpyware.exeFebruary 12, 2004 at 11:22 pm #84821JCrossMemberI’m sure everyone here is anxiously waiting for the owners of this new “Osama Captured” AIM embedded code threat to be revealed. My company, as you may know, is also responsible for preparing research for a class action lawsuit against Xupiter. You can read our Wired article here: http://www.wired.com/news/infostructure/0,1377,60694,00.html
The IPCC is the first (and to my knowledge, the only) group that has confirmed the identity of the owners of BuddyLinks/PSD Tools (the people who make this new AIM threat).
You can read their profile in our Privacy Offender Database here:
http://www.ipccouncil.com/OffenderProfile/BuddyLinksProfile.htmI’d also like anyone who claims that their AIM profile gets deleted after an uninstall, or anyone who cannot access buddylinks.net after being infected, to contact me directly at either [email protected] (preferably) or [email protected] Thanks!!
Jay, IPCC
February 12, 2004 at 11:33 pm #84798Jeff HesterKeymasterGood post, Jay.
I’ll just add what AOL has put on their site regarding this nasty business, including their official instructions for removing it:
Quote:quote:Important Information
We have received reports that a number of AIM users have received Instant Messages from someone on their Buddy List asking them to check out the following link: http://www.wgutv.com/osama_capture.php?dII5IF YOU RECEIVE THIS MESSAGE, DO NOT CLICK ON THE LINK, EVEN IF IT COMES FROM SOMEONE ON YOUR BUDDY LIST.
This link takes users to a web site that asks them to download a game. If the user agrees to download the game, the web site also installs a secret “adware” program on the user’s machine that can deliver unwanted advertisments and promotions. The adware program will also send the same link out to every person on the user’s Buddy List — spamming their friends and associates with a link to the same adware.
HERE’S THE FIX:
If you have already clicked on the link and downloaded that software, you can remove the adware program from your machine by clicking on Start –> Control Panels –> Add/Remove Programs and then removing the applications related to:
• BuddyLinks
• PSDT Messaging Integration
• PSD Tools ChannelUp v1.0 (remove only)Additionally, if you have downloaded this program, you may want to alert friends and associates on your Buddy List how they can remove this software.
The culprits who spread this Osama-hoax-adware should be punished for their deceptive and unethical practices.
February 13, 2004 at 7:42 am #84820JCrossMemberI’m getting even more reports that users who are infected are unable to access buddylinks.net. Is it just me, or does it seem suspicious that an honest “AIM Enhancement” software blocks users from accessing the vendor homepage?
J
February 13, 2004 at 3:51 pm #84797Jeff HesterKeymasterAccording to Wired News, AOL is considering legal action against BuddyLinks.net. While the BuddyLink’s “useful” add-on may have a CYA-TOS, the reality is that this sort of program is unethical and taints everyone associated with it… even, in this case, AOL.
And check out the link on page two of that Wired article — a link to BigBlueBall!
February 13, 2004 at 5:44 pm #84819stev02MemberI have a site also for this…
February 15, 2004 at 9:35 am #84823JosefBudMemberRestart your computer. When it starts booting up, constantly press F8 until you get to a screen that asks how you want to boot up Windows. Go into safe mode. When windows loads up in safe mode, go to start->programs->accessories->system tools->system restore. Click Next. You’ll get a calendar. Pick the day before that you KNOW you got the adware on. You should know what to do from there.
February 15, 2004 at 3:04 pm #84806DavidParticipantQuote:quote:Originally posted by JosefBudRestart your computer. When it starts booting up, constantly press F8 until you get to a screen that asks how you want to boot up Windows. Go into safe mode. When windows loads up in safe mode, go to start->programs->accessories->system tools->system restore. Click Next. You’ll get a calendar. Pick the day before that you KNOW you got the adware on. You should know what to do from there.
Not only does that only work for Windows ME/XP users, but system restore should never be considered a solution to this type of thing.
February 16, 2004 at 12:26 am #84822JosefBudMemberYeah it shouldn’t…it also shouldn’t have to be used at all but considering that my computer wouldn’t boot until I got rid of it from system restore, sometimes you have to.
February 20, 2004 at 1:36 am #84824irresistible49XMemberwhich of the methods listed above of removing it work like the downloading things
-
AuthorPosts
- You must be logged in to reply to this topic.