| VID |
27321 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
MALWARE |
| Detailed Description |
The "BonziBuddy" program has been installed on the system.
The presence of this program is sometimes perceived as Spyware that can secretly monitor system activity, or as Hijacker that can reset your browser's home page and/or search settings to point to other sites, or as Adware that can display ads. Generally, Spyware, Adware and Hijacker may violate your privacy or expose your browsing habits or confidential information to attacker or another computer and prevent you from changing your browser's home page or from visiting a particular site.
The BonziBuddy runs when you start Windows and sets your home page to "www.bonzi.com/bonziportal/index.asp". This program also tries to connect to various controlling servers, and then to download and execute arbitrary code from them.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://securityresponse.symantec.com/avcenter/venc/data/adware.bonzi.html
http://www.spywareguide.com/product_show.php?id=512
http://www.kephyr.com/spywarescanner/library/bonzibuddy/index.phtml
http://www.safersite.com/PestInfo/b/bonzibuddy.asp
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
Remove it from your system using the following methods, if it's silently installed without the users knowledge or the use of it dose not match your security policy.
1. Using the uninstaller for it on the Add/Remove Program entry.
2. Using spyware/adware removal program or Vaccine(Anti-Virus) program. You can use the following programs:
- Norton AntiVirus: http://www.symantec.com/downloads
- McAfee VirusScan: http://download.mcafee.com/default.asp |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
