Closet_Flashaholic
Enlightened
Yet another ball that energizer has dropped over the years:
http://www.theregister.co.uk/2010/03/08/energizer_trojan/
http://www.theregister.co.uk/2010/03/08/energizer_trojan/
Energizer charger PC software infected with trojan
- Thread starter Closet_Flashaholic
- Start date
Help Support Candle Power Flashlight Forum
HypnoticSilence
Newly Enlightened
- Joined
- Dec 15, 2009
- Messages
- 16
Wasn't surprised this was posted here. Actually searched to make sure it was.
My initial though was that it seems somewhat odd that the .dll mentioned actually checks to see if the device is inserted.
My initial though was that it seems somewhat odd that the .dll mentioned actually checks to see if the device is inserted.
mknewman
Newly Enlightened
Energizer bunny spyware
Energizer Bunny carries backdoor malware
March 8, 2010 - 6:26am
http://www.federalnewsradio.com/?nid=15&sid=1906611
Researchers at United States Computer Emergency Readiness Team have found that software that accompanies the Energizer DUO USB battery charger contains a Trojan horse which gives hackers total access to a Windows PC, reports ComputerWorld. Energizer has since discontinued the charger and they are working with CERT to find the source of the code. Energizer's DUO was sold in the U.S., Latin America, Europe and Asia starting in 2007. The Trojan can download and execute files,
transmit files stolen from the PC, or tweak the Windows registry and automatically executes each time the PC is turned on. It remains active, even if the Energizer charger is not connected to the machine.
US-CERT urged users who had installed the Energizer software to[FONT="] uninstall it, which disables the automatic execution of the Trojan[/FONT]
Energizer Bunny carries backdoor malware
March 8, 2010 - 6:26am
http://www.federalnewsradio.com/?nid=15&sid=1906611
Researchers at United States Computer Emergency Readiness Team have found that software that accompanies the Energizer DUO USB battery charger contains a Trojan horse which gives hackers total access to a Windows PC, reports ComputerWorld. Energizer has since discontinued the charger and they are working with CERT to find the source of the code. Energizer's DUO was sold in the U.S., Latin America, Europe and Asia starting in 2007. The Trojan can download and execute files,
transmit files stolen from the PC, or tweak the Windows registry and automatically executes each time the PC is turned on. It remains active, even if the Energizer charger is not connected to the machine.
US-CERT urged users who had installed the Energizer software to[FONT="] uninstall it, which disables the automatic execution of the Trojan[/FONT]
Mr Happy
Flashlight Enthusiast
n3eg
Newly Enlightened
That's interesting...did a virus scan two days ago, and it removed something...today I get a message "Cannot execute C:/Windows/system32/arucer.dll".
Next step...clean registry...done.
The charger and software actually run fine without ARUCER.DLL.
Next step...clean registry...done.
The charger and software actually run fine without ARUCER.DLL.
Last edited:
bshanahan14rulz
Flashlight Enthusiast
Shouldn't this be in the danger forum of the batteries section?
jblackwood
Enlightened
Energizer Duo Virus ALERT!!!!!!!!!!!!!!!!
Mods, please feel free to post this in other fora (I didn't want to violate any rules by doing so myself).
For you Energizer Duo users out there, there is a backdoor that is created by installing the software for this device. I'm not sure what operating systems if affects but follow this link in order to read this article. I don't have one myself, but I know a lot of us here use them and I'd hate for any of us to have computer problems!
EDIT: Mods please close/delete.
Mods, please feel free to post this in other fora (I didn't want to violate any rules by doing so myself).
For you Energizer Duo users out there, there is a backdoor that is created by installing the software for this device. I'm not sure what operating systems if affects but follow this link in order to read this article. I don't have one myself, but I know a lot of us here use them and I'd hate for any of us to have computer problems!
EDIT: Mods please close/delete.
Last edited:
FlashInThePan
Enlightened
Re: Energizer bunny spyware
Fascinating! Who would have thought the little bunny to be so mischievous?
Thanks for the link!
- FITP
Fascinating! Who would have thought the little bunny to be so mischievous?
Thanks for the link!
- FITP
Mr Happy
Flashlight Enthusiast
Re: Energizer bunny spyware
<void>
<void>
Last edited:
Mr Happy
Flashlight Enthusiast
Re: Energizer Duo Virus ALERT!!!!!!!!!!!!!!!!
http://www.candlepowerforums.com/vb/showthread.php?t=264774<void>
http://www.candlepowerforums.com/vb/showthread.php?t=264774<void>
Last edited:
jblackwood
Enlightened
Re: Energizer Duo Virus ALERT!!!!!!!!!!!!!!!!
Sorry about that, Mr. Happy. All to help our fellow CPFers.
Sorry about that, Mr. Happy. All to help our fellow CPFers.
SilverFox
Flashaholic
Re: Energizer Duo Virus ALERT!!!!!!!!!!!!!!!!
If things read a little strange it's OK. I just merged two new threads into this one.
Tom
If things read a little strange it's OK. I just merged two new threads into this one.
Tom
Stress_Test
Flashlight Enthusiast
- Joined
- Feb 18, 2008
- Messages
- 1,334
Okay, if I understand right it looks like you're only vulnerable if you clicked "allow" in the Windows firewall alert screen.
I have one of these chargers I bought maybe a year or two ago, and I downloaded the software and everything, but I don't remember a firewall message asking if I wanted to unblock or block anything (and I'm pretty sure I wouldn't have clicked "allow" anyway).
I have Vista, and I checked the C\windows\system32 folder for the Arucer.dll file, and it's there, but the date modified is 5/10/2007, and I know that predates when I bought the charger, so I don't know what all that's about.
And finally, I opened up the Windows Defender program and checked the list of Allowed Items, and there's nothing there.
So, I don't know if I was just lucky and my charger wasn't infected, or what happened. I uninstalled the software and I'll try removing the .dll file too.
Anyone have further details or advice?
I have one of these chargers I bought maybe a year or two ago, and I downloaded the software and everything, but I don't remember a firewall message asking if I wanted to unblock or block anything (and I'm pretty sure I wouldn't have clicked "allow" anyway).
I have Vista, and I checked the C\windows\system32 folder for the Arucer.dll file, and it's there, but the date modified is 5/10/2007, and I know that predates when I bought the charger, so I don't know what all that's about.
And finally, I opened up the Windows Defender program and checked the list of Allowed Items, and there's nothing there.
So, I don't know if I was just lucky and my charger wasn't infected, or what happened. I uninstalled the software and I'll try removing the .dll file too.
Anyone have further details or advice?
Last edited:
I had the arucer file, had to reboot after I uninstalled the program to delete the file because it was "running". From what I read of it this trojan I think requires someone to search computers and find an infected computer able to talk to it, it doesn't do anything on its own.
was.lost.but.now.found
Enlightened
I get these warning messages all the time. I'll insert a driver CD for a new printer and I automatically get these warnings from my virus protection software that say something to the effect of "do you really want to allow such and such to happen to your computer?" WTF!! Why? Isn't it the software's job to tell me what's safe and what's not? Maybe I'm naive in this respect but I'm the opposite; I've been conditioned to accept every error message, auto acknowledge terms and conditions, ignore problems and move on. I mean, damn, if I threw up a red flag and hit cancel evey time I got an error message or a "do you really want to do this?" message, I may as well not even have a computer.
