• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Seekmo - A cautionary tale

Oleron

Muse
Oleron
Joined
Feb 17, 2004
Messages
940
Watch out for this software on your machine - Seekmo.

When installed, it sits in the windows system tray, claiming to be some kind of search assistant. It is spyware of the most pernicious kind.

I had a a problem with my firewall software (McAfee) about a week ago and it disabled briefly (for about a day). During that time my wife was browsing the internet and picked up this passenger (Seekmo) somehow - still not sure exactly how. I spotted the icon and removed the software immediately, then ran a full Ad-Aware sweep which picked up some more nasties and got rid of them.

I rebooted only to find that the software had left hidden hooks all over the registry and system files. A sweep with Spybot removed these.

Since that day, and I realise this could be pure coincidence, I have had failed delivery messages by the hundred for mails that I never sent. The mails are for pharmaceutical products that have my email address as the spoofed sender. This has never happened to me before now.

I am convinced seekmo is a downloader for a mass-mailer or that it is an email harvester. Anyway, don't take the risk - get rid of it now.
 
Mmm, I regularly get these failed delivery messages (I don't have Seekmo), on my rather heavily guarded company PC (it will ask for permission every single time a program tries to send a mail, rather a nuisance when I ask Word to distribute a document). I suspect they are due to some spambot inserting my address as a fake sender address in spam mails to others. Then, when the send fails, I get the failure notification.

Hans
 
I agree with Hans; receiving these "failed delivery" messages doesn't necessarily mean that any emails were sent from your PC or via your ISP. I get a couple of dozen per day, all addressed to different usernames within my domain - if they were really being sent from my email software, they'd have my real email address on them.

Interestingly, I have one email address that receives this type of mail in roughly equal proportions to other types of spam (419s, "you've won the lottery", "this stock is set to soar", etc), but another one that receives only (~95%) "failed delivery" mails. I don't really understand why...
 
I used to mailbomb spammers on a regular basis. Would send them a 880kb compressed file with the text "I BOMB SPAMMERS!!!" 18 times, one every 15 minutes.

Well, one guy was still checking his mail with Netscape through a 28.8 modem, and he was hopping mad. At the time, the NS mail client didn't allow you to skip downloading a message. So he had to sit through all of it. Then, it was a .sit file, so he didn't know how to uncompress it to even see what it was!!!
:hit:

Anyway, the reason I bring this up is that one dude got mad, and got even. He set my address as the return address for his spam. My account started getting about 100 emails per second or more. Couldn't do anything with the account. So I set my .forward to "/dev/null" and called the ISP. They sympathized with me for bombing a spammer, but said it was a bad idea cause some of them get mad and do things like this. They also said the guy had the gall to call them and complain about me! :eye-poppi
 
Oleron, are you certain you got rid of everything?

I never trust software to fully remove adware/spyware from a computer. I find the manual removal instructions and go through it item by item.

Here's the instructions for Seekmo (backup your registry and make a restore point before proceeding):

Stop Seekmo system processes:
seekmo.exe
seekmosetup.exe


Unregister Seekmo DLLs:
seekmohook.dll
npclntax.dll


Remove Seekmo files:
seekmoau.dat
seekmo_gdf.dat
seekmo_hpk.dat
seekmo_kyf.dat
seekmo.com.url
seekmocustomersupport.url
uninstallseekmoinstructions.lnk
180e.tmp


Remove Seekmo registry values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\seekmodisplayicon
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\seekmodisplayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\seekmouninstallstring
HKEY_LOCAL_MACHINE\software\seekmo
HKEY_LOCAL_MACHINE\software\seekmocvf
HKEY_LOCAL_MACHINE\software\seekmoduid
HKEY_LOCAL_MACHINE\software\seekmopartner_id
HKEY_LOCAL_MACHINE\software\seekmoproduct_id
HKEY_LOCAL_MACHINE\software\seekmoumt
HKEY_CLASSES_ROOT\clientax.seekmoclientax
HKEY_CLASSES_ROOT\clientax.seekmoclientax.1
HKEY_CLASSES_ROOT\clientax.seekmoclientax.1\clsid
HKEY_CLASSES_ROOT\clientax.seekmoclientax\clsid
HKEY_CLASSES_ROOT\clientax.seekmoclientax\curver

Good luck.



RayG
 
I got the files OK but I couldn't be certain I got all those reg entries. I'll just go and have a look...

Thanks.
 
You must log in or register to reply here.

Back
Top Bottom