Switeck
10-04-2003, 05:15 AM
This is actually a rather OLD trojan and it's EASY to get.
Many popular EXEs in the size range of 50 KB to 3 MB are copies of it.
It has about 100 fake filenames it uses and secretly shares them from the c:\windows\cache32
c:\windows\scache32
OR
c:\windows\sscache32
folder.
This causes reported files shared at bottom right to EXCEED the number reported shared in My Kazaa Lite! (those hidden files won't show up in the shared list...)
Also, to SEE the files on your hard drive, you have to turn on show all hidden files in Windows Explorer and browse the above-mentioned directories (if they exist, which if you're NOT infected should NOT exist.)
Regular FIND files on your computer WON'T detect it due to Microsoft disabling whole-drive-search ability (at least on Drive C:) to prevent 'newbies' from accidentally damaging the Windows/system/programs files.
It is NOT in the installer for Kazaa Lite shared by any of the KL++ file mirrors, although a newer version of this virus/trojan may include that as yet another of its fake names.
The filenames I sometimes use to intentionally find it and warn people are:
BearShare 5.1.1.exe (a nonexistant BearShare version)
and
Ad Aware 6.5.exe (I don't know if Ad Aware has reached this version number yet...)
and
Kazaa 2.5.0.exe (yet another reason NOT to use regular Kazaa!)
Lastly, if infected, you may be able to spot them uploading/uploaded to people in your UPLOADS window.
Many popular EXEs in the size range of 50 KB to 3 MB are copies of it.
It has about 100 fake filenames it uses and secretly shares them from the c:\windows\cache32
c:\windows\scache32
OR
c:\windows\sscache32
folder.
This causes reported files shared at bottom right to EXCEED the number reported shared in My Kazaa Lite! (those hidden files won't show up in the shared list...)
Also, to SEE the files on your hard drive, you have to turn on show all hidden files in Windows Explorer and browse the above-mentioned directories (if they exist, which if you're NOT infected should NOT exist.)
Regular FIND files on your computer WON'T detect it due to Microsoft disabling whole-drive-search ability (at least on Drive C:) to prevent 'newbies' from accidentally damaging the Windows/system/programs files.
It is NOT in the installer for Kazaa Lite shared by any of the KL++ file mirrors, although a newer version of this virus/trojan may include that as yet another of its fake names.
The filenames I sometimes use to intentionally find it and warn people are:
BearShare 5.1.1.exe (a nonexistant BearShare version)
and
Ad Aware 6.5.exe (I don't know if Ad Aware has reached this version number yet...)
and
Kazaa 2.5.0.exe (yet another reason NOT to use regular Kazaa!)
Lastly, if infected, you may be able to spot them uploading/uploaded to people in your UPLOADS window.