SpywareInfo Home
December 3, 2002

Panicware Popup Stopper - Panicware's top of the line product features our most advanced ad blocking, cleaning and surfing enhancement technology. Say goodbye to those pesky X10 and Casino ads! Protect your family and your privacy by stopping Internet tracking. 30 day free trial - free tech support and an unconditional money back guarantee!

If you missed the previous warning that I sent out about this, you need to be aware that if you use a spyware removal product that flags any component of something called "COMMON NAME TOOLBAR", you should not remove it with anything except Spybot S&D or HijackThis. We have confirmed with several experts that the newest version of Common Name toolbar now tampers with the Windows winsock settings and removing this software incorrectly could cause you to damage your internet connection.

Spybot S&D and HijackThis have been updated to deal with this new problem. The developer of Aluria Spyware Detector says that it is being updated now and should be ready by the end of the week. Do not use any other software to remove the Common Name toolbar unless you know that they have updated to deal with this.

If you or someone you know has already lost internet access, please download HijackThis, transfer it to the effected computer with a floppy and run it to repair the damage.

More info....

New Hijackers To Look Out For
Permlink to this item

Spybot has also updated to handle these new targets which had us all running around in circles at the forums. Rapidblaster, SearchAccurate, Martfinder, and Xrenroder. If you have been infected with any of these, simply update Spybot using it's built-in updater and it will remove these.

The following hijacker file has just started popping up and no software is removing it yet. It hijacks the infected machine to either to megaseek.net, ace-webmaster.com, wowsearch.org, or hastalavista.com (or some combination thereof). These sites are your typical portal sites with nothing but a ton of links for which they get paid a fraction of a cent if you should click them.

Machines with the file below have been hijacked to these sites, but I'm not certain if the file is responsible for all of these sites. It is almost certainly responsible for hijacking people to hastalavista.com. If your machine has been hijacked to any of them, please try these instructions:

Go to Start > Run, type Msconfig, and uncheck MSRegSvc and regsvc32 on the Startup tab.

Click OK, close Msconfig, reboot.

Now go to your Windows\System (for windows 9x/me) or windows\system32\ (for windows nt/2k/xp) directory and find REGSVC32.exe (not regsvr32.exe, this is a legitimate system file. leave it alone). If it is there, please email me to let me know that you have it, because I have yet to get my hands on a copy of it.

Next, go to Internet Options > Programs, and hit 'Reset Web Settings'.

EDIT Jan 19, 2003

This is now a target of Spybot. Please use Spybot if you have been infected with this hijacker. http://security.kolla.de/

/EDIT

Ad-aware v6 is on its way
Permlink to this item

I and many others have been riding Lavasoft about the fact that they decided to not update the most current version 5.83 beyond the last update, which was well over two months ago. In my opinion, this was an irresponsible decision that did not take into account the people who use Ad-aware.

Even with that last update, several bugs that were known at the time were not addressed, such as a startup entry belonging to Common Name Toolbar which is left behind by Ad-aware. This one startup entry has caused so much confusion that there is one thread at the forums dealing with it which has had 7,500 page views, and that's just one of nearly a dozen threads about it! There has also been at least two major variants of Xupiter discovered which Ad-aware is not updated to handle currently.

Their reason for not updating the current version was so development could continue on the upcoming version 6. A bad decision perhaps, but the wait is finally ending. Within the next week, Lavasoft is expected to release AAW 6.

When I was an administrator at Lavasoft's forums, I got to play with AAW 6 while it was still in alpha. While I'm sure it's changed quite a bit since the last time I saw it, I can confidently say that version 6 is radically different from the current 5.x series. It has a more intuitive interface and will be much easier to use. It packs quite a few new features, including the ability to scan across a network, a built-in reference file updater, the ability to pick and choose which folders and drives to scan, and the ability to skip files larger than a certain size. The scanning engine is also dramatically faster than the 5.x series engine. It will target not only spyware, but also hijackers and the same sort of system logs, temp files, and "Most Recently Used" lists that Spybot and MRU Blaster target.

Keep your eye on the web site. As soon as we know that it's officially released, we'll be announcing that there.

Help keep SpywareInfo going! The SWI web site gets over 100,000 visitors per month, and that uses up a lot of bandwidth. If you'd like to make a contribution to keep the bills paid, we have a PayPal account set up for just that purpose. http://www.spywareinfoforum.info/support.php

Featured Software
Aluria Spyware Eliminator

Aluria's Spyware Eliminator
Author: Aluria software
Latest Version: 1.04
Platform: Windows 9x, ME, NT 4.0, 2K, XP
License: $29.99

Download

 

Spyware, Keyloggers, and Adware are being secretly installed on your computer when you install some programs from the internet. It usually comes from free software. Nothing is ever truly free. Ruthless companies are greedily cashing in on invading your privacy by installing this "scumware". They are getting paid to include scumware on your computer without your knowledge or permission. Some websites can actually install software on your computer without you even knowing it. These programs record what you type, where you go, what you buy and they can even capture screenshots of your computer. They are then transmitted secretly via the internet to the perpetrators without your knowledge or permission. Frightened? You should be as this can include your usernames, passwords, credit card numbers and more things than you care to know. This has been going on for years now right under your nose, secretly. They are worse than viruses. The scariest part is, it is legal.

Your privacy is being invaded. What you are doing on your computer is being watched right now. There are companies that know you are looking at this page. They know what you typed to your family, friends and coworkers. They know what you are emailing to people. They watch your IMs. Hackers are watching to capture your credit card numbers, passwords, and other personal information. The online world is no longer safe. UNTIL NOW.

Aluria's Spyware Eliminator is your only line of defense. Virus software such as Mcafee protects you against viruses. We have developed Aluria's Spyware Eliminator to protect you from the epidemic that is scumware. We scan your computer to detect and remove all known scumware. In addition we constantly scour the web for the newest scumwares and update your software for free. You have virus software. It is not enough. Don't become a victim. Protect yourself from scumware now and download the free trial today.

Speak Up For Your Rights!
Permlink to this item

Quoted verbatim from the ACLU web site.

In the last several days, media reports have revealed that a little-known Defense Department office is developing a computer system that would provide government officials with the ability to snoop into all aspects of our private lives without a search warrant or proof of criminal wrongdoing.

The Logo of the new Information Awareness Office
The Pentagon's new Office of Information Awareness is building a system called "Total Information Awareness" that would effectively provide government officials with immediate access to our personal information: all of our communications (phone calls, emails and web searches), financial records, purchases, prescriptions, school records, medical records and travel history. Under this program, our entire lives would be catalogued and available to government officials.

Leading this initiative is John Poindexter, the former Reagan era National Security Adviser who famously said that it was his duty to withhold information from Congress. In his new post as Head of the Pentagon Office of Information Awareness, Poindexter has been quietly promoting the idea of creating "a virtual centralized database" that would have the "data-mining" power to pry into the most minute and intimate details of our private lives.

While the promoters of this Orwellian program have argued that such snooping should be accepted as part of the "War on Terrorism," it is clear that this proposal goes too far. While running for the presidency, George W. Bush said that he wanted to defend individual privacy. Yet the Defense Department program makes a mockery of such privacy protections and threatens to bulldoze the judicial and Congressional restraints that have protected the public against domestic spying.

You can stop this program now! TAKE ACTION by sending a free fax to President Bush asking that he renounce and end this new effort to invade our privacy.

Law-abiding people should be protected from government snooping. It has been a hallmark of American democracy that our individual privacy is protected against government intervention and snooping as long as we are not guilty of wrongdoing.

This new system would obliterate these protections -- the government would simply collect data on everyone so as to be able to investigate any one of us if and when they so decide to do so. Doing so would make us all suspects and in effect eliminate our personal privacy.

In searching for terrorists, we must not investigate everyone. It has been suggested that searching for terrorists in our midst is like looking for a needle in a haystack. If this is true, then it certainly makes no sense to make the haystack even bigger by creating the means to investigate hundreds of millions of law-abiding Americans rather than focusing in on real suspects.

We must not sacrifice our freedom and liberty in order to prosecute the "War on Terrorism." As Americans, we have every right to be proud of our constitutional rights and freedoms. And in being proud of these rights, we must make every effort to promote and enlarge our privacy rather then sacrifice it in a time of anxiety and concern.

PC World's Super Guide to Keeping Your Privacy - Keep spammers and online snoops out of your PC and make the most out of Windows convoluted security options. Tips include a step-by-step guide to SPAM filtering and a review of four great utilities to keep you safe while online.

CNET Forcing P2P Network on Users
Permlink to this item

http://exploitsystems.myikonboard.com/viewthread.php?postid=177

Download.com is trojan-horsing Kontiki

An Exploit Systems Exclusive Report

CNET Download.com, one of the most heavily-trafficked sites on the net and a central source for P2P file sharing software has begun sneaking the Kontiki P2P network onto downloaders' hard drives.

In a move reminiscent of the Altnet fiasco, users who download certain applications are required to first install the "CNET Download Manager." We discovered this when downloading the Nero CD burning software.

Turns out the CNET Download Manager is actually the Kontiki P2P client application. Once the CNET/Kontiki application is installed it runs continuously in the background and launches automatically every time you start up. It attaches your computer to the Kontiki network and makes your hard drive and bandwidth available to CNET and Kontiki for the purpose of distributing their software offerings.

On the one hand it makes sense for CNET to turn to a P2P solution for distributing popular applications - it saves CNET bandwidth and money. On the other hand CNET could do a better job of explaining to users exactly what they're agreeing to when taking this "Download Manager" application.

It might also behoove CNET to offer people a choice; forcing users to accept unwanted software (which will later be un-installed) in order to get a desired piece of software seems rather thuggish and intrusive.

In an age when ISPs are capping upstream bandwidth, allowing a company like CNET or Kontiki to use your upload capacity could put you over the byte limit and cost you extra money - or cause the loss of your broadband account.

Spyware, Trojan, Porn Dialer, or ...... Zone Alarm???
Permlink to this item

Is your computer dialing the internet without anyone telling it to? If so, it could mean that you are infected with either spyware, a backdoor trojan, or one of those dialers that dial some far off country and stick you with a monstrous phone bill. Would you believe that it might also be your firewall?

http://www.zonelabs.com/store/content/support/3zapMain.jsp#zap3FAQ8

8. Why is ZoneAlarm Pro causing my computer to dial out?

ZoneAlarm Pro is performing a DNS lookup. Normally, ZoneAlarm Pro waits until a user has established an Internet connection before performing the DNS lookup. However, an issue with the most recent ZoneAlarm Pro/Plus and ZoneAlarm releases is that they don't wait for an Internet connection before performing the DNS lookup. On some computers with auto-dialers set up, this look-up may cause the auto-dialer to be invoked. We will correct this in the next release of the products.

Reportedly you can stop this by setting your dialup settings to "Never dial a connection". This will require you to manually launch your dialup networking connection to go online. It's worth noting that you really should be using this setting anyway.

Independence Day

Earlier this year, on July the fourth, while the United States was celebrating its independence day, I was celebrating my own independence from Windows ME. I installed Windows XP Pro on that day, and it was the best thing that ever happened to this computer. As I write this, the computer has 70 days 13 hours worth of uptime and the computer is humming along as smoothly as if I'd just turned it on an hour ago. That's quite a change from Windows ME which would rarely stay up for longer than 3 days.

I will soon be celebrating another Independence Day. Today I will be calling Direcway and ordering their satellite internet service. Once they get that service installed here, NO MORE DIALUP!! woohoo

I can't tell you how big a pain in the butt it is running a site as busy as SpywareInfo when my only internet access is through an unstable phone line that's tied up more often than it's free. There are always little things I want to do on the site, and I end up having to put them off because I can't get online to do them. It's also very, very slow. Uploading files at 2KB per second is so slow as to be physically painful (because I'm banging my head on the desk in frustration).

Satellite service is expensive, so I've had to get a little more aggressive about promoting the software that I have affiliate relationships with. You'll notice a couple of ads on each page of the main site now, instead of just in the newsletter like I had originally set up. I'm not particularly pleased with this, but I just can't see running the site for much longer while I'm on dialup either. Except for the forums, the web site is basically just me, although I have taken on a partner recently.

In exchange for putting up ads for you to deal with, I will be updating the site far more often and adding some new articles and tools. I already have a few ideas for new stuff to put up there. I'm working on getting some scripts online which people can use to scan for spyware right from the web site. I have one page up already, although I'm not done with it yet. That is just one of three scanning scripts which I intend to put online. I'm also planning to make some pages which show you what sort of information you send out when you surf the web.

I intend to do some research into "real" spyware soon. What I mainly deal with now is advertising spyware and browser hijackers. As soon as I have broadband hooked up and have time to do it, all of this and more will be coming. There is also the matter of a couple of articles I promised quite a while back. I haven't forgotten about them.

We also want to hear from you about what software we promote here. For those who didn't read the last issue, we're not putting up just any ads. We're promoting the software which you want to buy, but at a very sweet discount. Let's face it, a lot of this software is overpriced, so we're going to bring it to you at a better price. Right now, we're guessing what software you want, but we'd rather hear it from you.

We had planned to start this with this issue, but unfortunately the deal we had in mind wasn't ready by the time this went out. Next week for certain we'll have a new product featured for a good discount. If there is a privacy software program that you'd like to get at a good discount, let us know what it is.


For those of you who signed up after coming to the site from The Langalist, TechTV, or the BBC, I am extending for one more week a poll that I started last week. Last week I asked what day it would be most convienant for you to receive this newsletter. I've decided on putting it out on Tuesdays, on the theory that people don't want to deal with email on the weekend, and on Monday they're busy reading the mass of email that piled up at the office. On Tuesday there should be more time to pay attention to it.

Since you're the one's that will be reading it, the decision should really be up to you. What day of the week works best for you? Let me know (you'll need to register to cast a vote)


I also have another poll running that I'd like everyone to take part in. Products such as Bearshare and Divx Pro come bundled with spyware, but they also offer paid versions that omit the spyware. The question I ask is this, would you purchase a spyware-free version of a product from a company that bundles spyware into the free version?

It's a hard one to answer. I can understand the developer wants to make money on his software, even if it's for nothing more than to pay for hosting costs (something I understand very well). The Opera browser has banner ads which are handled by Opera itself (although the banners themselves are hosted on Cydoor servers). In most cases however, the developer makes a deal to bundle one or more spyware programs into the software rather than handling the advertising themselves. Those programs obviously you would not want to use.

Some adware programs offer a paid version which does not have the advertising, as in the case of Opera. That, to me, is a good way to do business, offering the choice of paying for getting rid of the ads. Web sites such as Slashdot do this, as do television networks such as HBO. However, if the advertising in the free version is served by spyware, then that is a different matter. My personal opinion is that paying to get rid of spyware is just giving the developer a reward for selling his users out to spyware companies and that should be discouraged.

What do you think? (You'll need to register to cast a vote)


I'd like to say thanks to the guys at PHP Secure for alerting me that the version of the newsletter software I use to send out this newsletter had a security bug, for which they were hosting an official patch. I installed the update without a problem and have had no troubles with several test messages.


Are you reading this at hotmail.com? If so, then you should know that for some strange reason, hotmail is completely stripping off the style sheet that I use. It looks pretty silly in black and white compared to how it's supposed to look. There is another web mail service which you should check out which handles the newsletter properly.

I've been using MyWay.com as a portal for a couple of weeks now. Imagine Yahoo without the ads and you have MyWay.com. No ads, no pops, no constant demands for more and more personal information, no selling your email address out to spammers and telling you about it later the way Yahoo does. After Yahoo sold us all out to spammers, I abandoned my yahoo email account and stopped with portals altogether. MyWay is very nice however, and you should definitely check it out.


Three random members of The Harvester Project:

TomCoyote
Bona Fide OS Development
Gulf Coast Magic

SUBSCRIBE
TO THE
SPYWARE WEEKLY!

Email Address

Tech Tips from Lockergnome.com
GnomeTomes

Support SpywareInfo with PayPal or Amazon - it's fast, free and secure!
Support SpywareInfo

Privacy news
Privacy News


All material on this web site is copyrighted
© 2001-2002 by Mike Healan. ® All rights reserved.

Proofread by the lovely Noggie

SpywareInfo banner originally designed by mockie