Malware from MP3 player

Malware from MP3 player
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Malware from MP3 player Lauren 07-10-2007
Posted by Lauren on July 11, 2007, 1:32 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Thanks for the tip. I submitted the files.


> you can submit a copy of such here
>
> http://support.microsoft.com/kb/921161/en-us
>
> --
> Milo
> MSPSS
>
>
> "Lauren" wrote:
>
>> My apologies if this is the wrong group. I recently bought a Lasonic
>> MP-02GY MP3 player from Fry's and have found it loads a program called
>> jjjha.exe which appears to be sending information whenever a google
>> search
>> is done to a website in China. The device has an autorun inf which
>> changes
>> the right click menu for the drive and runs an exe on the root of the
>> device. It loads a fake svchost file into Windows/inf and sets an
>> autorun
>> key. The svchost then loads and reloads the jjjha.exe which monitors the
>> browser. Once you stop the svchost process it is not to bad to remove
>> everything. I don't know where something like this should be reported.
>>
>> Thanks
>> Lauren
>>
>>
>>



Posted by Sharon Franks on July 10, 2007, 7:31 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Google blocks certain Chinese websites and censors others, perhaps since
this is an MP3 player that software may aid in the censoring.


--

Sharon Franks
MCC group
Microsoft Certified Solutions Developer (MCSD)
Microsoft Certified Trainer (MCT).



> My apologies if this is the wrong group. I recently bought a Lasonic
> MP-02GY MP3 player from Fry's and have found it loads a program called
> jjjha.exe which appears to be sending information whenever a google search
> is done to a website in China. The device has an autorun inf which
> changes the right click menu for the drive and runs an exe on the root of
> the device. It loads a fake svchost file into Windows/inf and sets an
> autorun key. The svchost then loads and reloads the jjjha.exe which
> monitors the browser. Once you stop the svchost process it is not to bad
> to remove everything. I don't know where something like this should be
> reported.
>
> Thanks
> Lauren
>



Posted by =?Utf-8?B?amVzYnVyZ2Vycw==?= on July 18, 2007, 10:24 am
If you were  Registered and logged in, you could reply and use other advanced thread options


"Lauren" wrote:

> My apologies if this is the wrong group. I recently bought a Lasonic
> MP-02GY MP3 player from Fry's and have found it loads a program called
> jjjha.exe which appears to be sending information whenever a google search
> is done to a website in China. The device has an autorun inf which changes
> the right click menu for the drive and runs an exe on the root of the
> device. It loads a fake svchost file into Windows/inf and sets an autorun
> key. The svchost then loads and reloads the jjjha.exe which monitors the
> browser. Once you stop the svchost process it is not to bad to remove
> everything. I don't know where something like this should be reported.
>
> Thanks
> Lauren
>
>
>

Posted by =?Utf-8?B?amVzYnVyZ2Vycw==?= on July 18, 2007, 11:10 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> Hi,
same experience when I bought a mp3-player via ebay (1 GB mp3 player
shuffle). The program "icygddkg.exe" contains the malware trojan TR/VB.Yongfu.


My antivirus program ANTIVIR did recognize and killed it. Anyway this lousy
chinese programm did read my outlook adressbook. Short time afterwards a lot
of chinese spam emails occured to my partners.

My Advice: By the original products.

Posted by Lauren on July 18, 2007, 12:13 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I bought mine from Fry's, a well known outlet.
Lauren
>> Hi,
> same experience when I bought a mp3-player via ebay (1 GB mp3 player
> shuffle). The program "icygddkg.exe" contains the malware trojan
> TR/VB.Yongfu.
>
>
> My antivirus program ANTIVIR did recognize and killed it. Anyway this
> lousy
> chinese programm did read my outlook adressbook. Short time afterwards a
> lot
> of chinese spam emails occured to my partners.
>
> My Advice: By the original products.



Similar ThreadsPosted
windows media player error! February 28, 2006, 6:45 pm
Windows Media Player DRM Exploit August 11, 2006, 7:54 pm
Windows Media Player DRM Exploit II August 12, 2006, 7:46 pm
Hotmail login / Media Player Not Working July 26, 2006, 6:23 pm
static and slow play when playing music with media player May 7, 2006, 7:40 pm
Flash Player security update is available; Security Bulletins released by Adobe July 10, 2007, 7:29 pm
New Malware.j August 29, 2005, 6:02 am
malware September 5, 2005, 11:16 am
Malware March 5, 2006, 7:39 am
VBS: Malware (GEN) March 14, 2006, 3:11 pm

The site map in XML format XML site map

Contact Us | Privacy Policy