|
Grokster Sending Executables
i've just gottten six executables, programs like "downloadware" and "movienetworks" installed and running in startup (without my permission needless to say). anyone getting these? ad-aware isn't catching a thing and my cd_clint.dll is fine. something's up and it's not good. there must be a pgm that's calling them but what and why right now? i get that "your security's been compromised" pop-up, which naturally i close using ctrl-alt-delete but they're still getting in, and fast. if i can't figure this out it's good-bye fastrack. it's that bad.
- js. |
Re: Grokster Sending Executables
Quote:
Quote:
|
It seems like somebody is eagerly pushing new software through the uncontrolled FastTrack channel (through supernodes and the automatic software upgrade function of the FastTrack engine). In the 'better' scenario that would be Kazaa/BDE, perhaps securing a way to access your computer even in case you decided to uninstall Grokster/Kazaa (I wouldn't be surprised at all to see them doing something like this). In the worse scenario a hacker has already found out how to abuse the mentioned uncontrolled channel to get an easy bridgehead to millions of computers. Considering the late publicity on FastTrack security the latter scenario would not be a big surprise either - who knows if there is an unofficial hacker competition going on who will be the one to 'own' the network. Of course there is also the possibility that some of the third-party spyware delivered with Kazaa/Grokster has been left intact despite your use of Ad-Aware and now the vendor of that spyware is quickly strengthening its own hold on your machine.
I repeat my recommendation: do not use FastTrack-based software anymore, not even the 'neutered' versions if they connect to the FastTrack network. Unless the automatic upgrade mechanism itself is neutered you are no more safe than with the official versions. Clean your system with the latest Ad-Aware. Learn to use alternative p2p programs and wait for the open source giFT client to enjoy the FastTrack functionality in a safe manner. - tg ;) |
Quote:
BTW I do use alternative p2p programs (eDonkey, WinMX, audioGnome) |
:AP: Well thanks, TG, I know this post was not directly intended as a reply to my plea for advice on selection of p2p software, but it certainly bolsters my resolve to remain abstinent from FastTrack's sneaky little games.:m: I guess in the meantime, I'm just going to have to endure the slow downloads and (oftentimes) endless queues of WinMX and Blubster. Something good is sure to come along soon:)
|
i found this file under windows | temp - it' called "WebPoolFileFile". i tried adding .bak but it it was in use, so i did it in safe mode. as soon as i rebooted in normal mode it readded itself. i've no idea what it is but i think it may have something to do with what's going on, tho obviously there's another program calling the shots.
unfortunately it's gotten beyond grokster now. i could stop using it but this stuff would still be here. if i can't pull it out (and i don't even know what to look for) i'm going to have to do a full restore. course i'll lose 30 gigs of data - it's an excercise in futiliity saving the files if you don't which one's corrupt. :eek: but there's absolutely no way i'm living with this junk. well at least i was planning a restore anyway for an upgrade to xp. needless to say, if i have to do this then the present fastrack system will never find it's way back to my pc unless it hacks it's way in. let's hope it doesn't come to that. but the way things are going you never know. this whole system of unbalanced dependence on ad-aware for my entire pc experience leaves me way too vulnerable for my taste. eventually a day arrives when ad-aware won't cut it, like today for me, and then you've dropped off the deep end. the process needs rethinking. it's too unstable to expect people to take seriously. - js. |
Quote:
Quote:
- tg ;) |
TG :W:
That is the same info I have been reading so far... Still searching. It's hard to find any info on the McAfee site... Quote:
Here is some totaly useless results from AltaVista Extend Your Search: Comparison shop for WebPoolFileFile Find WebPoolFileFile at eBay! Register now! Search for WebPoolFileFile in your local yellow pages |
Startup Monitor
--------------------------------------------------------------------------------
One program I find I can't do without (It's one of the first I install if I re-load Windows) is Mike Lin's StartupMonitor. Here is a quote from Mike Lin's Home Page. Totally agree with Buzz, brilliant program, installed on every PC here, keeps popping up on the most unexpected occasions, even on known safe utilities, shows you how often they try to place themselves in STARTUP, even when you think (Msconfig) you have stopped them. Snark...:AP: :MAD: The War is ON, wear Armour at your PC :MAD: |
I know that my recommendation of not using any FastTrack clients may sound almost harsh to many of you who have enjoyed the fast downloads and the plentiful content in the network - not to talk about you who have put a lot of work into building great utilities and add-ons for the FastTrack clients. It sucks big time to see all this happening - the members of the so far biggest p2p community being treated as shit in the power games of venture capitalists, our online privacy and security being no more than a nice topic in the Orwellian speech of those who are responsible for what has happened.
Those of you interested more in detail in the issue of FastTrack security, read this security analysis by Nicholas Weaver who is a researcher in Berkeley university. Hackers have already read it, you can count on that. Quote:
- tg ;) |
I've been running Grok almost 24/7 lately and am not getting any of these self-installing progs.
NOTE: I keep IE's security levels insanely high for the Internet Zone (Tools > Internet Options > Security > Internet Zone > Highest, then Custom and disable everything. EVERYTHING. Active Scripting, File Download, Active X, the full monty) As Kazaa/Grok rely on IE and its settings, they can't pull any shit on you if you do this. I never even knew Grok caused pop-ups until one time I'd enabled Active Scripting and forgot to turn it back off. For ordinary surfing, I use Opera now, which isn't disabled by these settings and seems to be immune to all these self-installing progs, Browser Helper Objects etc. (When still using IE, I'd add particular sites to my Trusted Zone so they wouldn't be too hampered. But even then I keep a lot of options disabled in Trusted Zone too). |
Quote:
Anyway, your security advice and approach is sound, twinspan. I myself have also started to use Opera more and more, especially on sites that are plagued by pop-ups. - tg ;) |
OMG, sorry to hear what happened Jack... I'm not sure this would help, just a couple of ideas probably you already tried.
First, I'm sure you know regcleaner - I mean this one:  The important part now is not the regclean, but the software part - it has a list of the softwares on your puter, you might check it out, maybe you can see something that should not be there... (if ad-aware could not find it, I think its regclean part would not find those buggers either...) I'm often puzzled by some stuff I have on my puter, which I would not know of were it not for that list... The other thing that occured to me is to run Evidence Eliminator with safe restart mode... Its easier than to back up those 30 gigs... Something tells me that EE should help... Then there is this amazing page MikeHunt posted in bytebits: http://www.cexx.org/ (Counterexploitation) - I was reading some stuff they wrote there, you might want to take a look, they have good advices for situations like yours, with step by step description of what to do... scroll down and "How to remove StartUp Spam" would be your section I guess... But there are many related topics... I hope some of this would help... :W: ps - and don't upgrade to XP ... yet. edited to relocate image ... |
If you are going to run on the fast track network, why not run the latest adaware v5.71 and run Kazaa lite build 3 1.60 with the dummy clint file already installed.
Like JS said though, its going to get to a point where adaware won't cut it. It sucks that with today's p2p apps, you gotta constantly update and run adaware to try and keep up the scumware thats constantlly being put out there. |
Thanks for all your sound advice guys; I’ll be running the monitor. Nice work on the file source TG & Buzz. :tu: Makes sense, I did a full McAfee virus scan last night and now I can eliminate it as the problem. IE security settings are back to "insanely high" again. I had lowered them to do some actual internet "work" on this pc, something I need to do occasionally (pity the poor folks who must do so everyday). It’s more than possible these pgms came thru IE, but if so they came in last night as pop-ups during a grokster session, and my “closing a page” probably loaded the first program, the unknown one which then brought in all the rest. Of course it’s the not knowing that prevents me from removing it. But this is no mark in groksters' favor, the fact that it might not have been delivered via altnet or something similar. When a company allows it's partners to reprogram their customers pc's and surreptitiously force completely unwanted and even destructive products into their machines, regardless of the delivery system utilized, this can hardly be seen an endorsement. The best they can say is that the porn industry does it too. Indeed. Take that thought to congress guys.
I just keep coming back to the millions of regular users struggling with these issues everyday. Children who visit their favorite sites, kids looking for knowledge, teens racing around the net in a surfing frenzy just to stay current and older people trying for some relevance in the eyes of those they love. All of them washed by this hidden river of polluted and bankrupt commercial attacks, into a decaying swamp of greed and mendacity. And all of it in secret, being fought against in darkness by the unknown throughout the world at small outposts like this one at NU and others still deeper in shadow, by people, some of whom I’ve known for years who will never reveal their identities while this struggle continues. Seems somehow wrong all this. But to let it slip away, to let them win, to give this all up to the soulless, would be an even worse assault to our ideals. - js. |
This stuff looks familiar
Instructions to remove MediaCharger, Movienetworks, and Downloadware unauthorized programs/spy-adbots
limited disclaimer, use at your own risk, nothing should be able to be affected by these actions, but in case you mess up (or god forbid I missed something) then the mess is all yours. I'm just trying to help but I am human and do make mistakes (which is why I double check everything) I've used these exact actions to remove the programs from my computer ok first, open IE go to tools->internet options->security->and click custom for each zone, and make sure to check prompt for both of the first 2 options(download signed activeX and unsigned activeX) this is the only way to keep this mess out... you are likely to see a lot more warning windows pop up while you are browsing now) click ok. on the first tab, choose delete temp internet files. close IE next, open c:\program files\ and see if there are folders for 'movienetworks' and/or 'downloadware' as well as MedCh, if found delete the movienetworks folder and MedCh, leave the downloadware folder for a moment if found, and go to the control panel->add/remove programs , click on downloadware, and click remove. it may open a webpage, just close it (or feel free to complain in the provided space) then go back and make sure the folder is gone too. next is c:\windows\downloaded program files, there should be a file that looks like this {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} right click the properties, if the general tab has 'codebase: http://download.mediacharger.com/movinetworks.' that is the one you want to remove. next open start->run and type msconfig and hit ok, move to the start up tab and look for WebInstall2, (go ahead and uncheck the box next to it we'll remove it completely in a second.) next to that it will tell you the filename, located in c:\windows\temp\ named something like ins1234.tmp, go to that folder and delete that file, and any others with a similiar name (always ????????.tmp mostly starting with ins, rem or tem followed by numbers) if it won't delete, press ctrl+alt+del 1 time, and if it's running select it and choose end task, then go and delete it. click ok in the msconfig panel, when it asks if you want to restart now click no. next is for semi experienced users. if you have never edited your windows registry, or are unsure of yourself at all dont do it, just restart your computer. making a mistake here could make your computer unbootable. go back to start->run and type in regedit and press ok. press ctrl+f and enter 'downloadware' make sure to search for keys, data, and values. press find next, if it finds it right click the folder(key) it finds and select delete, click yes to delete, then press f3 to keep searching, keep doing that until you get 'finished searching the registry' or 'not found'. then scroll back to the top, click on my computer (in regedit) and search (and destroy) the following words in the same manner (without the quotes) 'mediacharger' 'movienetworks' 'webinstall' '{EB6AFDAB-E16D-430B-A5EE-0408A12289DC}' '{1F84A44F-9E80-4BED-954A-16337FBB5414}' 'conflict.17' afterwards close regedit and restart your computer. done http://pub46.ezboard.com/fcybermalls...opicID=5.topic |
ok napho, thanks a lot!:tu: will try this soon. :ND:
- js. |
Downloadware
I also unwillingly recieved the program downloadware while using grokster last night. And to doay while looking in the add removes programs folder, I found that bd3 projector was in there. I really think that it came in with the downloadware program. I think it's time to ditch fastrack and move on to winmx or another network. I know that they are not great but fastrack is just no longer safe. Anyone who has been using grokster for the past few hours or so should check their add remove programs folder to see if they have bd3 projector installed.
|
My grokster hasnt given me any extra spyware lately.
Mostly I think cause I have it firewalled up so tightly through advanced rules. However last night during start up I did get a prompt to donwload and save to my computer a file named "index.html" Any one else had grokster asking you to install index.html? |
firewalls won't help
FastTrack has in it a technique to auto-download-install files on its own behalf.
These could be .EXE, .COM, .DLL's or just a good old MP3. This ability is/was called the auto-update feature. It was turned off at version 1.3 because of complaint's from the user comunity in Morpheus, Grokster. I can't remember if Kazaa did also. If you run FastTrack in any form you are not safe because the communication is done via the permitted channel on port 1214. A firewall will not save you from this plague. |
UPDATE::)
Through a combination of good advice from NU, hard work and sheer luck (mostly luck - sysrestore did the heavy lifting, I made the window by minutes), I got the junk out and managed to keep my data in the process. Big relief that, and no thanks to fastrack. - js. |
now that I think more about it, I remember getting a prompt to install 'moviedownload' or something like that (I clicked more info; they were offering stuff like Late Night Bikinis and Police Videos).
This was another time when I had MS IE's internet zone security lower than usual... and was NOT running IE when the prompt appeared. Now that I've started browsing with Opera, I realise that download dialog boxes seem to be browser-specific: Opera & IE d/l prompts are different, and this was definitely an IE prompt box. And it never happened neither before nor after playing with IE's Internet Options security levels. So even tho Grok seems to try this stuff on its own (even when IE itself isn't running), those settings do seem to affect its ability to auto-install stuff or do pop-ups etc, and I have never had an .exe self-install via Grok, just the one prompt. (I went frigging paranoid today and checked with MSconfig and RegCleaner and Magellan [Windows Explorer for some reason refuses to show me most of the contents of Temporary Internet Files\ IE 5.5 Content] and all my logs; it's definitely clean from Grok-caused stuff.) |
Filesharing with hacked versions of grokster and kazaa
Is it safe to be on the fastrack network using the ads free programs such as kazaa lite and imorpheus? I'm currently using bearshare and winmx because I don't want to use fastrack after what happened. Is it safe to use kazaa lite or imorpheus? Thanks.
|
tough call. in my opinion it's the best p2p ever created. but it's totally compromised by it's vendors. for those unable or unwilling to recognize or deal with the consequences i say no, stay off the network, it is dangerous. very. you could lose all your data when forced to do a restore. for more advanced computer users who may not be all that familiar with fasttrack i give them the info and it's their call.
the info as i see it simple. the fastrack network, as good as it is, cannot be trusted. it allows "advertising pop-ups" that are really executable trojans that hide their loading buttons under "close" gifs and when installed are immune to ad-aware or thecleaner (i know this from first hand experience). it is filled with spyware. it has a very strange and very hidden 2nd network that does who knows what and is who knows how vulnerable to attack. if you're compromised in any way from using the system you will get no help at all from the managers. but there are other sharing programs almost as good (better even in some respects) and that have none of these particular vulnerabilities, and that have hundreds of thousands of satisfied users sharing gigs and gigs of data, that make using fasttrack almost unnecessary. so fastrack can and is avoided everyday by millions of file sharers who spend none of the time or effort making sure they’re defended every minute of every day ad infinitum. they just get on, up/down load and get off. yes, it’s great. yes it’s evil. no, it’s not required. Your Call. - js. |
Check if you've got this DAT File
I think KazaaLite and the French IMorpheus should be safer than regular Kazaa, because these installations don't appear to include the CloudLoad.DAT, which it has been speculated on other forums that this is the way FastTrack loads all this scumware.
|
That's a theory, however, I don't believe Grokster had CloudLoad and it (Grokster) is the one that started downloading the "downloadware" and "movienetworks" junk...
It may help block BDE, but only time will tell. I have seen some on other forums who think they got BDE downloaded on their computer, and they were using Grokster... |
Oh yes
You're right, Grokster doesn't have CloudLoad either.
|
Web surfers brace for pop-up downloads
By Stefanie Olsen Staff Writer, CNET News.com April 8, 2002, 4:00 AM PT Web surfers who thought online advertisements were becoming increasingly obtrusive may be dismayed by a new tactic: pop-up downloads. In recent weeks, some software makers have enlisted Web site operators to entice their visitors to download software rather than simply to view some advertising. For example, when visiting a site a person may receive a pop-up box that appears as a security warning with the message: "Do you accept this download?" If the consumer clicks "Yes," an application is automatically installed. Computer security expert Richard Smith explained that with such downloads, "You don't even know why you're getting this program, and the people who do (pop-up downloads) are relying on the fact that people tend to say 'Yes.'" "A person should (be able to) request the download" if they want it, or decline it if they don't, he said. "It's the classic opt-in, opt- out debate." http://news.com.com/2100-1023-877568.html c/net tech news http://www.napsterites.net/undergrou...opup+downloads - newspaper shop, monday. - js. |
Quote:
|
Re: Grokster Sending Executables
Quote:
Quote:
So technically it is not FastTrack at fault for this, but it is Groksters fault for placing the ads there... I'm just glad I don't get any pop-ups, pop-unders etc. and so do feel OK with Grokster for now. |
I don't get any popups either :). At least, from grokster, kazaalite, and imesh and stuff. Didn't on morpheus either, I hive NIX wich blocks ads. Strange this is that there wasn't ads on morpheus on my old computer that had no ad removal stuff. Maybe because it's 75 mhz?:J:
|
index.html / Aphex worm
Quote:
|
| All times are GMT -6. The time now is 06:26 AM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)