I don't know how widespread t (Question 5769)| Data Doctors Free Help

I don't know how widespread this is, but an outfit called Xupiter is pushing their search engine in a rather unorthodox fashion smacking of the telephone company slamming. But read on.
My Internet Explorer has been set to open on GOOGLE, my favorite search engine, for years, although I do visit others for specific searches. About 4PM PST on 29 January 02 I clicked on my Internet Explorer icon and when it opened I was greeted by an "uninvited" browser, Xupiter. I cleared the address block and put in GOOGLE, but again, up popped Xupiter! Going to "name-space.com", I could find nothing on their domain, or an IP associated with it.
Quite evidentally, I'd been slammed, much as with the games the phone companies play! This "intruder" woould not accept the name GOOGLE for a search. I eventually got GOOGLE back on the screen and when asked if I wanted to make it my default "home page", it bumped Xupiter aside, but not out of my computer.
Doing some digging I found that Xupiter had insinuated itself on me by planting a bunch of files totalling 260 MB, with first intrusion on 01/14/03, with more on 01/29/03 and 01/30/03, as follows:
Popunder.exe, 28MB, Application, 01/14/03, 8:31AM
XTCfgLoader.exe, 56KB, Application, 01/14/03, 832AM
XTSearch.dll, 28KB, 01/29/03, Application Extension, 3:40PM
XTUpdate.dll, 28 KB, 01/29/03, Application Extension, 3:40PM
XupiterCampaigns.... 1KB, DAT file, 01/30/03, 4:38PM
XupiterMenu.dat 28 KB, DAT file, 01/30/03, 4:37PM
XupiterStartup200... 32KB, Application, 01/14/03, 8:34AM
XupiterToolbar, 60KB, Application Extension, 01/29/03, 3:40PM
As of 01/30/5:30PM, I managed to delete all of the above files and they were in my Recycle Bin. It took a bit of work to delete them in the Recycle Bin and the Folder Xupiter took a number of tries to obliterate.
When I attempted to check "name-space,com" for domain and IP info for Xupiter, they had no record, but doing this caused my browser to revert to Xupiter!! When at last i got Google back up and made it my "home page", it seemed to be gone, plus this time I found no Xupiter files.
Another check at name-space.com found this and the outfit is in Hungary (HU):
Registrant: Tempo Internet P.F. 284 Gyongyos I, 3201 HU Domain Name: XUPITER.COM Administrative Contact: Reg, Dom [email protected] P.F. 284 Gyongyos I, 3201 HU +36.203548526 Fax: +36.203548526 Technical Contact: Reg, Dom [email protected] P.F. 284 Gyongyos I, 3201 HU +36.203548526 Fax: +36.203548526 Registrar of Record: TUCOWS, INC. Record last updated on 18-Dec-2002. Record expires on 31-May-2004. Record Created on 31-May-2002.
Have you heard anything about this and have any suggestion?

This question was answered on February 6, 2003. Much of the information contained herein may have changed since posting.

Plenty.

Go here for a brief exlanation and a link to the removal tool : http://www.techtv.com/news/security/story/0,24195,3416606,00.html

Hope this helps.

--alex

Posted by Alex of Katharine Gibbs School - New York on February 6, 2003

We help people with technology! It's what we do.
Contact or Schedule an Appointment with a location for help!