Last Friday I was asked to look at a system. The system would hardly work. Click an icon and five minutes later it would activate. The desktop was covered with icons that wasn't suposed to be there. Everythig from "optimize your system" to "get free porn".

Client was using the latest Norton AV. Used task manager and msconfig to disable most of it to get Norton to run at a half way decent speed. Eight hour later and Norton hung up. Tried Norton again on Saturday and again it hung up. Tried again and it finished only to come in on Monday to find out the client closed Norton before I could get there.

Monday afternoon, a second computer infected with the same worm only this one was on MY network. Stupid blond biatch secretary decided to open an attachment in an email that said "Here's the postcard you requested!" I felt like punching her in the face. Three days of getting nowhere with the other one and here I am faced with the exact same thing on my network because of stupidity.

The worm un-installed McAfee on her computer. I disabled as much as I could in task manager and msconfig and re-installed McAfee. Rebooted and updated McAfee and slowly but surly found the culprit. HTML/DEBESKI was the bastage causing all this havok. McAfee found what the lastest version of Norton couldn't.

Ran McAfee and got rid of the main virus/worm/trojens. Had to run it 3 times before everything was clean. However, the worm installed a BOAT load of adware and spyware. Had to run Ad-Aware 6 times and Spybot Search and Destroy 3 times to completly remove everything. Repeated on the first computer infected and fixed it also.

SAIE.exe was there the whole time on both machines. If I find out it's adware, I'm gonna make it my misson to make sure the people responsible pay for it. :mad:

nice story.. lmao @ the BOAT load of spy/adware (pictures noas arc of 2 of every spyware) :lol:

When I was attacked by a wave of spyware/adware, I decided to try making the people responsible pay for it. The problem is that when I traced and resolved sources and destinations, they often led me places like Croatia, the Czech Republic, Russia, and China. There is not much I can do legally, as far as I know, G/L with your pursuits.

I must admit, I've never understood why this should be such a big problem to deal with. It just seems to be lack of political will. The answer surely is to make internet web hosts legally responsible for all the content that they host. They, in turn, would have to enforce contracts with their own customers, holding each customer responsible for their own content and ensuring that every web site gives (somewhere on the site) some contact details for the host.

In practice, it would work like this.... If I visit a site which infects my computer - or downloads something undesirable, without my consent - I can find out who is hosting that site and complain to them. It's then up to that host to contact their customer and ensure that the offending content is removed. If the customer won't comply, their site is shut down. If the host won't comply, they can be fined.

In fact, an even better idea would be to have a recognised organisation policing the system. Therefore, I would make my complaint to the relevant authority and they would decide whether or not to prosecute any offenders depending upon how many complaints they receive.

There are plenty of precedents for such a system and it's not exactly rocket science.

won't work.. that's how they make money and how most stuff on the net is free...

SAIE.EXE intrusion
 

I received a call this morning to look at a system that was "freaking out". There are 15-20 icons on the desktop for everything from porn to credit cards (interesting how those two go hand-in-hand ;) ) and everytime the icons are removed and the computer restarted they reappear. The system is a HP running XP Home. The Norton Personal Firewall is continually warning of outbound TCP traffic and when "Block" is selected along with "Always Use This Action" it doesn't seem to have much effect. The computer will not shut down and is EXTREMELY slow -about 10 minutes to open a single Word file.

I too did a search on google and found only a handful of results, this site being one of them. I even searched Norton and McAfee's sites to no avail.

If ANYONE has a solution or tested suggestion for removal I would (along with the others) appreciate it very much!

-

do that

With all due respect Jason, that's just being defeatist. History is full of companies who made money from selling shoddy goods, quack remedies, condemned meat etc - but political will eventually closed them down. Of course, that was when people became politicians because they cared about society. Things are different now.

Nevertheless, anyone who provides a service by damaging the people who use that service is committing fraud and the law is there to deter such things. The fact that the perpetrator is making money from the enterprise is no excuse for allowing it to continue. The internet could easily be rid of these viruses and trojans if the political will was there... and I'd be prepared to bet that one day it will be. A day will come when someone manages to wipe the entire records of the CIA or something like that. Then and only then, will something magically get done about it. In the meantime, it looks as though we're all going to have to suffer.

based on my digging and diagnoisis of a computer I just got dne with, saie.exe appears to be part of 180 search assistant. Adaware finds it, Spybot, Spy Sweeper don't. uninstalling 180 search assistant didn't appear to remove it.
Housecall.antivirus.com, and symantec's web based virus scans also do not detect it as malware.

It has a log file, saie.log, which appears to get very large, which may be the reason it was causing the machine to slow down (this machine had a total memory in use of 450 mb, and the log file was 425mb. the machine had 128mb of ram.)

w00t for 425mb log file! (see name) :P