I don't recall meeting this one,

but I have removed quite a few of these types of programs from others computers (and once my own, but only once) and it does not seem to me one hundred dollars worth of work, if you know windows well enough to check the obvious registry keys and system files the problem is that after such an edit you often end up with problems anyway and have to reinstall from backups. On the other hand trojans you never really get rid of you have to reinstall. Probably they should have all their money removed from them and have to serve a couple of years in jail. Possibly some community service removing malware for free would not be amiss either.

@Alan Donaly

In most organisations you would not want a random Windows genius users fixing the problems. They'd be handled by IT techs.

At, say, $100 her hour even the fixing time costs quite a bit.

Then there's down time too. While the computer it being fiddled by IT, the knowledge worker is unproductive. Perhaps another $200 or so....

No doubt any competent lawyer could add a long shopping list of other expenses: lost good-will etc etc,

1,000,000 Euro fine is just the first shot

As I understand it, the fine is just something the regulator imposed, NOT a punishment dealt out by the courts. Also, the fine has been slapped on the directors PERSONALLY, not on their companies, so they cannot just let their companies collapse and escape their fine. The prosecutors office is also investigating the case, so there may be a criminal case brought against them.

@Alan Donaly

To most of us mere mortals there is no such thing as "obvious registry keys"

Iframedollars

Will Blake> Just for accuracy this is actually "iframedollars"

Presumably that's what they're trying to refer to. (I can find no record of 'infradollars' ever having existed.)

However, although CWS.IframeDollars were a big DR installer (they were affiliate 1030), the exploit group associated most strongly with DollarRevenue was CWS.VladZone. They went as far as hosting their worse installs at VladZone servers under the DR name.

Alan Donaly> I don't recall meeting this one

You would have met the things it then went on to install. Whilst DR did have their own spyware, their primary tactic was installing other people's for cash.

> On the other hand trojans you never really get rid of you have to reinstall.

And DR have bundled exactly those kinds of trojans (rootkits etc.).

In any case, unless you're a security expert (and sometimes even then) you're not going to be able to detect the stealthier malware, so you must assume the machine is still compromised and re-install.