Grokster and LimeWare install trojan
Posted on 01/01/02 19:33 by Jan Willem                             
Grokster and LimeWare install trojan

Justace used our newssubmit to tell us that Symantec is reporting that during the installation of Grokster there is a trojan installed.

This Trojan is known to be installed (as part of the normal installation) by two "freeware" file-sharing programs:


  • Grokster, which is a file sharing system.
  • LimeWare, which is the LimeWire Gnutella Client.

    During the installation process of these programs, you are asked if you want to install the (spyware) program "Clicktilluwin." Regardless of whether you click Yes or No, the Trojan code is installed.

    This Trojan has two components:

  • Explorer.exe, which is the main Trojan.
  • Dlder.exe, which is the downloader for Explorer.exe.


    • I have Grokster installed, but could not find the mentioned files, I'm not sure if this is only with the latest versions, as I already have it installed for months, but well it never hurts to be warned...

    Source: Symantec

    Reactions
    Discuss this article with your fellow community members! We appreciate your valuable input, but please keep the reaction policy in mind and make sure your reaction is constructive.
    By JLP, Tuesday 01 January 2002 22:16
    I have LimeWire 2.0.2 installed and Norton Antivirus 2002 detected the trojan W32.DlDer.Trojan.
    By anton, Tuesday 01 January 2002 23:33
    Antiviral programs detect cdrwin cracks as "trojans" too. What does that mean? Limewire and Grokster do install Spyware, but calling this a "trojan" is spreading roumors on a nil base.
    By Guest, Tuesday 01 January 2002 23:44
    I have Grokster Istalled ans AVP Detected The W32.DlDer.Trojan in Dlder.exe Embarrassment
    By chalbing, Tuesday 01 January 2002 23:52
    GOD freaking, that is why i have been getting this stupid Explorer.exe error almost every 2 hours in xp, cause i installed limeware for one of my friends to use, this is freakign GAY.
    By Guest, Wednesday 02 January 2002 00:19
    Cleaning Instructions Here.. http://securityresponse.symantec.com/avcenter/ venc/data/pf/w32.dlder.trojan.html
    By Guest, Wednesday 02 January 2002 01:42
    That means your CDRWIN crack has a Trojan!!
    By the111, Wednesday 02 January 2002 02:30
    Somehow, I doubt that this is the case; consider this if you will: Symantec, a large antivurus software corp, wants to create a scare to get it publicity and sales. It will have to think of something that will get people talking - something new. They decide to target a popular p2p program that they don't like - kill two birds with one stone - so to speak. Sound unreasonable? Sometimes it does hurt to be warned 'Justice'! Imagine being grokster right now!
    By Guest, Wednesday 02 January 2002 02:53
    I was wondering how i had got this virus, and I just installed Limewire 2.0.2. It is true.
    By Guest, Wednesday 02 January 2002 03:08
    If this was a ploy then explain to me how other programs like net2phone have had the same install programs, and its the program clicktilluwin that is installing it, not grokster or any other thing. And also i guess mcafee is in on it too since they discovered it also. So dont bitch at me because you have some stupid theory.
    By AweShucks, Wednesday 02 January 2002 03:57
    I highly doubt that Symantec would make it up. Not only that if it was all just a scare there may be the possibility that symantec could be sued. There are plenty of idiots writing malicious code to keep them in bussiness they don't need to start this.
    By Everitt, Wednesday 02 January 2002 05:38
    i always thought grokster was the best out the kazaa, morpheus and grokster clones oh well i would rather spyware than a virus
    By NightHawk, Wednesday 02 January 2002 13:13
    I found tihs at ZeroPaid: Zeropaid Note It has come to Lime Wire's attention over the past 24 hours that one of the bundled software installers included with LimeWire 2.0.2 for the PC is now considered a SpyWare/Trojan by various anti-virus software packages. We have received complaints from our users and we have worked quickly to resolve this issue by putting out a new beta immediately yesterday and rolling LimeWire 2.0.4 for the PC into production at 3:30PM EST today (Jan 1. Note that this did not affect LimeWire 2.0.2 P (LimeWire PRO) users.. We will be communicating further with LimeWire 2.0.2 PC users as information becomes available. BTW Morheus is better than Grokster, as the version of Grokster I was using a few months a seems to eat up my system resources, where as I don't think Morpheus has this problem, and of course it's spyware free :7
    By Guest, Wednesday 02 January 2002 15:33
    WEll to those who don't think this is a Trojan - Of courrse it is - it has to be by definition of the word!!! OK we all know about spyware - but to install a program even if you have said NO is blantant privacy invasion etc and therefore definitly a Trojan!!!
    By Guest, Thursday 03 January 2002 16:36
    Get the cleaning utility Here
    By Guest, Saturday 05 January 2002 06:48
    Unfortunatly, Kazaa also installs this trojan. I am running Norton Systemworks 2001 and on december 30th It found backdoor.trojan which is a group name for a certain type of Trojan Family. I had the latest definitions(dated dec 29) and it was unable to clean it because it didn't know what it was.(kinda kool that it still recognizes malicious code tho) I had to manually track down the registry key and delete it, after that I booted into the raped version of dos that comes with win98se, and deleted the two files dlder.exe and explorer.exe. After seeing this post I have had all my questions answered. I just wanted to let everyone know that it is in Kazaa and that it is easily removed by logic and simple technical computer knoledge.(anyway, back to my beer :9 )
    Name: Email:



    Your comment:

    Receive notification on new comments?