WTF is up with WinMX?

[napho]

Well, what?

[butterfly_kisses]

haha...looks like they've partnered with the himself

my friend you now have Brilliant Digital Installed on your pc

and in addition to this you have hard-coded ip addresses

WITHIN the client that it connects to for???? even if you remove

the brilliant stuff you can't stop the other connections which if you

keep the WinMX program YOU WILL HAVE these unidentified connections...will your firewall catch all of them?

i and you can only hope so.

[PBR-Streetgang]

Hmm I have nothing of the sort from WinMX "brilliant digital anyway" I would do this if you run a hosts file add ***www.brilliantdigital.com**** and also create a rule to block any communication with BDE in Kerio PF. I wonder if the BDE was not coded to search for other clients if Krapzaa was removed??

The second alert you have gotten I also get as well..... believe it to be a Superpeer to log you into the network.

[JackSpratts]

remind me not to open winmx unless and until this gets straightened out.

from their site:"WinMX does not and will NEVER contain SPYWARE. We would never betray the trust of our users by selling out to spyware."

taking them at their word perhaps it came in via another app or via a server, peer or...opennap?

- js.

[PBR-Streetgang]

I checked the exe on my puter that I had originally downloaded as of the release of Winmx 2.6 that file is 1.6mb and the current file offered is 716kb??? Installed and monitored the install of the new setup.exe with both adwatch and regmon. Ran Ad-aware and the BDE killer all come up empty as with "search for" I have no BDE on my system.
You Musta picked it up somewhere else

[napho]

I must have gotten it somewhere but it doesn't show up in AdAware or RegCleaner or a general search. It won't let me connect to KaZaLite or AudioGalaxy if I don't give in to BDE. iMesh doesn't seem to care- I rejected the connection but got on anyway.

[PBR-Streetgang]

There is a new ad-aware out 5.8 give that a try?? Or try this if you don't already have it http://www.wilderssecurity.com/B3DKiller.html

But none the less a good up to date hosts file http://www.accs-net.com/hosts/ should stop it as with some other things that Ad-aware also misses from time to time. May have to manually add w*w.brilliantdigital.com

[napho]

I guess the mystery continues. There's no BDE for B3D to delete, I have brilliantdigital.com in the hosts, AdAware up to date etc. I'm not sweating though. Just wanted to warn others in case I'm a guinea pig in this war against scumware.


BDE is my master...I will obey all commands.

[butterfly_kisses]

Sorry, dude I just looked at the domain name www.brilliantdigital.com without looking at the ip address.

Dude the IP address for brilliant.digital.com is 64.70.38.178

Please note the ip address listed by your firewall (Kerio Personal Firewall) says its 127.0.0.1

which means to me you have used the SuperTrick off the KaZaLite site to modify your Hosts file to reflect the address for "brilliantdigital.com" as being the address of your own computer 127.0.0.1 (localhost)

This was done to keep the client (KaZaLite, AudioGalaxy (if clean versio) and or WinMX(clean or not) from connecting to www.brilliantdigital.com by making it think that your own computer is the internet address for www.brilliantdigital.com

to confirm this do a search for a file called hosts on your computer without any extension and open it in notepad and see if you don't have an entry that says something like the one below:

www.brilliantdigital.com 127.0.0.1

If so then that is all it is and since it is NOT CONNECTING to the REAL IP ADDRESS for www.brilliantdigital.com then you are probably okay.

Another note:

Dont reply on Third Party cleaners to remove all trackes of Brilliant Digital from you pc...Brilliant Digital is CONSTANTLY and CONSISTENTLY changing and updating the installation procedure by RENAMING the DLL's installed and their associations through CLSID (class id values) in the registry which look weird. here are some examples:


Deleting c:\WINDOWS\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATMAST.cbd...

Deleting c:\WINDOWS\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATMAST.cbk...

Deleting c:\WINDOWS\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\HASHMAST.cbd...

Deleting c:\WINDOWS\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\HASHMAST.cbk...

Deleting c:\WINDOWS\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}...

odds are your "cleaner" if you used one missed these files...the CLSID prevents these files from being deleted normally.

Hope this helps

I'm sick of talking about BDE but if you want a cleaner for this program...i might put one up on my website for you...if you ask me nicely.

Cheers

-Harby

[napho]

I finally got rid of BDE, after running B3D 4 times without finding anything ; however the 4th time I ran AdAware there it was. I have no idea why it didn't show up the other 7 times.

[Dawn]

I have no clue what Harb just said

[ssj4_android]

Harb just said that since you did the trick to block www.brilliantdigital.com, it now thinks your computer is now www.brilliantdigital.com. Just ignore it.

[butterfly_kisses]

Thanks, ssj4_android
that is exactly what I was trying to say. hehe

now then for anyone who is wondering what is installed by brilliant digital here is a complete list of what it installs including registry keys:

Quote:

:: c:\WINDOWS\BDE

c:\WINDOWS\BDE\bdeclean.exe
c:\WINDOWS\BDE\BDEEngine2.dll
c:\WINDOWS\BDE\bdeimage.dll
c:\WINDOWS\BDE\bdeplayer2.dll
c:\WINDOWS\BDE\bdeviewer.exe
c:\WINDOWS\BDE\npbdplay2.dll


:: c:\WINDOWS\BDE\b3dlogo

c:\WINDOWS\BDE\b3dlogo\b3d.b3d


:: c:\WINDOWS\BDE\Cache

c:\WINDOWS\BDE\Cache\b3d.b3d
c:\WINDOWS\BDE\Cache\b3dstats.cab
c:\WINDOWS\BDE\Cache\bdeclean.exe
c:\WINDOWS\BDE\Cache\bdedetect1.dll
c:\WINDOWS\BDE\Cache\installb3d3105.cab
c:\WINDOWS\BDE\Cache\installb3dcodecs.cab
c:\WINDOWS\BDE\Cache\installb3dplayer3101.cab
c:\WINDOWS\BDE\Cache\installb3drasts.cab
c:\WINDOWS\BDE\Cache\installb3dviewer2.cab
c:\WINDOWS\BDE\Cache\syscheckb3dplayer.cab

:: c:\WINDOWS\BDE\mskin

c:\WINDOWS\BDE\mskin\config3.ini
c:\WINDOWS\BDE\mskin\mskin.bmp


:: c:\WINDOWS\CATROOT\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}

c:\WINDOWS\CATROOT\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATMAST.cbd
c:\WINDOWS\CATROOT\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATMAST.cbk
c:\WINDOWS\CATROOT\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\HASHMAST.cbd
c:\WINDOWS\CATROOT\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\HASHMAST.cbk

:: Installed to your C:\Windows\System folder

c:\WINDOWS\SYSTEM\bde3d_ref2.dll
c:\WINDOWS\SYSTEM\bdedata2.dll
c:\WINDOWS\SYSTEM\bdedownloader.dll
c:\WINDOWS\SYSTEM\bdefdi.dll
c:\WINDOWS\SYSTEM\bdeinsta25.dll
c:\WINDOWS\SYSTEM\bdeload.dll
c:\WINDOWS\SYSTEM\BDERastMMX_30001.dll
c:\WINDOWS\SYSTEM\BDESac10.dll
c:\WINDOWS\SYSTEM\bdesecureinstall.cab
c:\WINDOWS\SYSTEM\bdesecureinstall.exe
c:\WINDOWS\SYSTEM\bdeverify.dll
c:\WINDOWS\SYSTEM\bdeverify.exe
c:\WINDOWS\SYSTEM\cd_htm.dll
c:\WINDOWS\SYSTEM\chktrust.exe


:: c:\WINDOWS\TEMP\Brilliant

c:\WINDOWS\TEMP\Brilliant\bdedata2.dll
c:\WINDOWS\TEMP\Brilliant\bdedownloader.dll
c:\WINDOWS\TEMP\Brilliant\bdefdi.dll
c:\WINDOWS\TEMP\Brilliant\msvcirt.dll
c:\WINDOWS\TEMP\Brilliant\setup.exe

:: LIST of ALL REGISTRY keys created by Brilliant Digital Projector:

[HKEY_LOCAL_MACHINE\Software\Brilliant Digital Entertainment]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Uninstall\bdeplayer]
[-HKEY_CURRENT_USER\Software\Brilliant Digital Entertainment]
[HKEY_CLASSES_ROOT\.b3d]
[HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25]
[HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25.1]
[HKEY_CLASSES_ROOT\CLSID\{3EEC42B5-FB94-40D3-A588-BB54B383A7CB}]
[HKEY_CLASSES_ROOT\CLSID\{51958169-D5E3-11D1-AA42-0000E842E40A}]
[HKEY_CLASSES_ROOT\Interface\{51958167-D5E3-11D1-AA42-0000E842E40A}]
[HKEY_CLASSES_ROOT\Interface\{67925164-C4B6-11D2-B9C6-0000E84F59A6}]
[HKEY_CLASSES_ROOT\TypeLib\{51958166-D5E3-11D1-AA42-0000E842E40A}]
[HKEY_CLASSES_ROOT\TypeLib\{82FC7881-AACC-11D2-B9C6-0000E842E40A}]
[HKEY_CLASSES_ROOT\.b3dini]
[HKEY_CLASSES_ROOT\.b3ds]
[HKEY_CLASSES_ROOT\.s3d]
[HKEY_CLASSES_ROOT\b3d_auto_file]
[HKEY_CLASSES_ROOT\b3dini_auto_file]
[HKEY_CLASSES_ROOT\b3ds_auto_file]
[HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl]
[HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl.1]
[HKEY_CLASSES_ROOT\s3d_auto_file]

please note that on Windows 2000 and XP machines the locations for the System folders will be different. The above are the correct install locations on a Windows 98 machine only