Disreputable anti-parasite software
in [Spyware]
|
From: Dave U. Random on 20 Jun 2010 18:53 http://www.doxdesk.com/parasite/rogues.html Disreputable anti-parasite software Prevention > how to stay parasite-free Cures > reputable anti-parasite software Worse than disease > not-quite-so-reputable anti-parasite software Database > of known parasites Definition of terms > what�s targetted and why About this site > disclaimers, copyright, contact Links > other parasite sites Parasites < introduction and detector Non-recommended anti-parasite software * The backstabbers... * The unwanted... * The hypocrites... * The dodgy dealers... The issue of parasites, spyware and adware has received a lot of publicity recently. This has resulted in an explosion of anti-parasite tools, many of them incompetent or even outright harmful, often produced by the same kind of bandwagon-jumping ethics-free affiliate marketing firms that brought us the parasite problem in the first place. Such companies do not always have the talent to research malware, produce targeting databases and write removal software. So many of the programs are copies of other applications�either through licensing questionable databases and software sold on the open market from other companies, or in some cases simple code theft. Some companies do not even bother with the targeting database and just report completely bogus results. Either way, the result is typically a bunch of false positives coupled with a plea to spend money to remove them. And some supposed anti-parasite software actually does nothing of the kind. Note: if you work for one of the companies whose software is listed here, and believe any of the information is inaccurate or misleading, please do get in touch and I will be happy to correct any mistakes and/or advise on how the problems might be �fixed�. The backstabbers Anti-parasite programs which themselves install parasites. MyNetProtector All products from mynetprotector.com, including MyNetProtector Anti-Spyware, have been seen to install multiple parasites, typically BargainBuddy, Delfin, FavoriteMan/ATPartners, IEDriver, PurityScan/M2, TopText, webHancer, WildMedia/StatBlaster and the NetShagg parasite, which is controlled by SJB Enterprises�the company behind MyNetProtector. MyNetProtector Anti-Spyware also fails to detect any actual spyware; it actually targets cookies, not parasites. Scumware Remover Scumware Remover (scumware-remover.org) masquerades as an anti-spyware application but is actually just a dropper for its author�s SmartestSearch parasite. SpySpotter SpySpotter (spyspotter.com) is an anti-spyware application from Oemtec Ltd (oemtec.com). It has been bundled with iMesh so is considered a parasite in its own right; when installed stand-alone, it also bundles Oemtec�s Oemji toolbar (oemji.com) parasite and PopupBlockade. The Oemji toolbar code is based on the ZipClix parasite, from MWorld Holdings, who also produce the Httper, PopupBlockade, and InternetWasher parasites and appear to be part of the same organisation as Oemtec. Malwhere Malwhere (malwhere.com) is a process lister by Ran Geva/Softbulldog. Each running process is displayed, with known process-based threats highlighted (Malwhere does not detect other types of program). For unknown executable names it does a web search for information. Malwhere bundles the SaveNow/Save, ClockSync and Search parasites. Meanwhile other products from Softbulldog also install IEDriver/IEHost, FavoriteMan, CommonName/InternetKeywords, BargainBuddy/URLCatcher and Delfin. UControl UControl is a spyware removal application from WhenU (whenu.com), built into some versions of their SaveNow/Search parasite. It also bundles the SaveNow/Save parasite and ClockSync. UControl is based on the scanner from Aluria�s Spyware Eliminator, which is generally considered a reasonable anti-parasite program (though Aluria�s reputation in general has been harmed by the partnership with WhenU). SpyBan SpyBan (spyban.net) is an anti-spyware application from NicTech Networks (nictechnetworks.com), who also operate the system-destabilising and extremely difficult-to-remove Look2Me parasite. SpyBan installs Look2Me when loaded, which can then install other parasites. The SpyBan website has disappeared but the software is still available from some download sites. Terminexor Terminexor is a complete and unauthorised copy of the code of the free anti-parasite application Spybot Search&Destroy, with some of the strings in the executable file hacked to change the name. Terminexor is distributed by Flashpoint Media (flashpoint.bm) and silently bundles the FlashTrack/Xmod and BroadcastPC parasites, both of which are operated by Flashpoint. Terminexor is believed no longer to be promoted. SpyAssault SpyAssault (spyassault.com) claims to be a spyware remover, but provides no such software. Instead, it installs the FavoriteMan/Ss32 parasite. SpyAssault is controlled by Razor Media, the same company that operate this and some other variants of FavoriteMan, as well as the ClickTheButton, DailyWinner, SvcMM and WhileYouSurf parasites. SpyAssault is believed no longer to be operating. The unwanted Anti-parasite software that is unsolicited commercial software in its own right. VirtualBouncer VirtualBouncer (virtualbouncer.com) and its sister program AdDestroyer, by Spyware Labs (spywarelabs.com) have long been installed through drive-by-downloads and undisclosed bundling from other parasites, including some that are loaded by exploitation of Internet Explorer security holes. When loaded, VirtualBouncer opens repeated spyware warning dialogue boxes, demanding payment to remove what it says it has detected (which it refuses to divulge; probably nothing at all). WareOut WareOut (wareout.com) is a spyware removal application from �Coteco LLC� which is installed silently by CoolWebSearch/msbho and other CWS-related IE security holes. Its scanner generates false positives and even installs fake spyware �threats� of its own to ensure it can find something to ask for payment to remove. The server for WareOut�and its sister application PopClose (popclose.com) by �Rove Digital��is hosted in a netblock at at EstHost (esthost.com, in the atrivo.net netblock), which also serves myriad hijacker sites, security hole exploits and blog-spammers connected to CoolWebSearch. It is in fact only one IP address away from the fastsearchweb.com group of hijackers that installs WareOut by security holes. For this reason it is believed that Coteco/Rove (who seem to have no other presence; Rove are not related to rovedigital.com) are simply another name for this CWS affiliate. SpyBlast SpyBlast (spyblast.com) is a supposed anti-spyware application from advertising.com, that opens pop-up ads. Installed by unrequested ActiveX drive-by-downloads and considered a parasite in its own right. SpyBlast is believed no longer to be operating. AdProtector AdProtector was a spyware remover from RedV (redv.net, formerly web3000.com) which useed RedV�s EasyInstall adware as the installer. RedV are now believed to be defunct. The hypocrites Anti-parasite software that is marketed by companies involved in writing, distributing or controlling parasites themselves. SpywareNuker SpywareNuker (spywarenuker.com, nuker.com) and its variant pcOrion (pcorion.com) is a spyware remover application from TrekBlue (trekblue.com). TrekBlue, aka TrekData or Trek8 LLC, is a company formed by employees of Lions Pride Enterprises who didn�t leave to form SJB Enterprises (operators of MyNetProtector and the Netshagg parasite). Lions Pride Enterprises themselves operated the wnad parasite. Trek8 controlled and may still operate the InContext parasite (aka AdGoblin, adsincontext.com). Trek8 also owned BlueHavenMedia, who promote and distribute heavily parasite-infected downloadable applications such as Kazoom and ICQBoom. BHM is now operated by Software Delivery Systems, Inc (softwareds.com), whose current relationship with Trek8 is unclear. The original SpywareNuker application was a licensed clone of BPS Spyware Remover (bulletproofsoft.com), and had all the same problems (including using an unauthorized copy of the free anti-parasite application Spybot Search&Destroy�s targets database. The currently-available version SpywareNuker/pcOrion 2004/2005 is a complete rewrite and fixes these problems at least, however Trek8�s reputation remains deservedly tainted. SpywareNuker has also been widely promoted through spam. SpywareAvenger SpywareAvenger (spywareavenger.com) is a commercial-only spyware removal application from iDownload.com. iDownload control the Pugi/iSearch parasite, which they have installed through aggressive ActiveX drive-by downloader scripts and exploitation of Internet Explorer security holes. iDownload�s isearch.com is also the target of the ILookup/Hot parasite. MyPCTuneUp MyPCTuneUp (mypctuneup.com) is a site operated by DirectRevenue (direct-revenue.com) that offers to remove software by its �partner��ie. the parasites written and controlled by DirectRevenue itself. MyPCTuneUp removes variants of the Transponder parasite from Host and BI onwards, IPInsight and GrandStreet, but not before installing using the Transponder/Thinstaller, which leaks significant amounts of system information to its controlling server. JimmySurf JimmySurf (jimmysurf.com) is a commercial-only internet cleaner program that now also claims to remove spyware. It is sold by Surf Protect LLC, aka ClickSpring LLC, who operate the MediaTickets and PurityScan parasites. Warnet Warnet is a commercial-only spyware remover from C2 Media, who operate the lop parasite. Believed no longer to be operating. Kill All Spyware! Kill All Spyware (killallspyware.com) is a commercial-only spyware remover from Mainstream Dollars (mainstreamdollars.com), part of the iClicks Internet Inc group that signed the initial Ineb variant of ILookup and hosts many of its other variants. Kill All Spyware was promoted in adware links from ILookup. #1 Spyware Killer #1 Spyware Killer (1spywarekiller.com) is a spyware remover application from �Kitten Holding Corp� (evilbucks.com). The whois information is again the same as that for many variants of ILookup, including ILookup/Waeb which has been seen to advertise it. SpywareHelp The SpywareHelp service promoted at spywarehelp.net is operated by Odysseus Marketing Inc (odysseusmarketing.com) who also control the ClientMan parasite. The dodgy dealers Anti-parasite software that is marketed abusively. SpyWiper SpyWiper and its variant SpyDeleter are commercial-only spyware removers operated by MailWiper (mailwiper.com). They are promoted through homepage-hijacking parasite installers loaded through IE security hole exploits by SmartBotPro (smartbot.net) sites. SpyWiper/SpyDeleter is believed no longer to be in operation. Rob Martinson (MailWiper), Sanford Wallace (SmartBotPro) and Walt Rines (Odysseus Marketing) are closely connected, a trifecta of infamous old-school spammers. Ad-Eliminator Ad-Eliminator (ad-eliminator) and its successors Spy-Control (spy-control.com), SpyOut (spyout.net) and Ad-Protect (ad-protect.com; all variants have many, many alternative promotional site URLs) are spyware scanners from Global Entertainment Solutions (gesworld.com), an Israeli marketing firm that normally sends spam promoting dodgy Green Card sites. Ad-Eliminator was promoted by an enormous and lengthy campaign of e-mail and Windows Messenger service spam advertising constantly-changing site addresses with misleading scare-tactics claims that spyware had been �detected� on the receiver�s machine. A similar misleading spam campaign has also now started for Spy-Control. Additionally, the Spy-Control variant installs a search toolbar targeted at www.searchmeup.com, a site normally associated with CoolWebSearch hijackers. XoftSpy by Paretologic (paretologic.com): downloads promoted by the RichFind parasite. SpywareStormer (spywarestormer.com) by Error Guard (errorguard.com), Security IGuard (securityiguard.com) by Rex Services and PAL Spyware Remover from PAL Soloutions (palsol.com): widely promoted by some CoolWebSearch variants. BPS Spyware&Adware Remover (bulletproofsoft.com) uses an unauthorised copy of the database from the free anti-parasite application Spybot Search&Destroy. Adware Remover Gold (adwareremovergold.com) by Cyberheat Inc, as a licensed clone of BPS, is in the same situation. Adware Remover Gold is also advertised by e-mail spam. InterESoft NoSpyX (nospyx.com): commercial-only spyware remover also widely promoted by e-mail spam. Others There are dozens of other anti-parasite applications that either are marketed abusively or simply aren�t much good (usually both). Eric Howes maintains a comprehensive list of rogues at Spyware Warrior. Parasite home... CC http://www.doxdesk.com/parasite/rogues.html Disreputable anti-parasite software Prevention > how to stay parasite-free Cures > reputable anti-parasite software Worse than disease > not-quite-so-reputable anti-parasite software Database > of known parasites Definition of terms > what�s targetted and why About this site > disclaimers, copyright, contact Links > other parasite sites Parasites < introduction and detector Non-recommended anti-parasite software * The backstabbers... * The unwanted... * The hypocrites... * The dodgy dealers... The issue of parasites, spyware and adware has received a lot of publicity recently. This has resulted in an explosion of anti-parasite tools, many of them incompetent or even outright harmful, often produced by the same kind of bandwagon-jumping ethics-free affiliate marketing firms that brought us the parasite problem in the first place. Such companies do not always have the talent to research malware, produce targeting databases and write removal software. So many of the programs are copies of other applications�either through licensing questionable databases and software sold on the open market from other companies, or in some cases simple code theft. Some companies do not even bother with the targeting database and just report completely bogus results. Either way, the result is typically a bunch of false positives coupled with a plea to spend money to remove them. And some supposed anti-parasite software actually does nothing of the kind. Note: if you work for one of the companies whose software is listed here, and believe any of the information is inaccurate or misleading, please do get in touch and I will be happy to correct any mistakes and/or advise on how the problems might be �fixed�. The backstabbers Anti-parasite programs which themselves install parasites. MyNetProtector All products from mynetprotector.com, including MyNetProtector Anti-Spyware, have been seen to install multiple parasites, typically BargainBuddy, Delfin, FavoriteMan/ATPartners, IEDriver, PurityScan/M2, TopText, webHancer, WildMedia/StatBlaster and the NetShagg parasite, which is controlled by SJB Enterprises�the company behind MyNetProtector. MyNetProtector Anti-Spyware also fails to detect any actual spyware; it actually targets cookies, not parasites. Scumware Remover Scumware Remover (scumware-remover.org) masquerades as an anti-spyware application but is actually just a dropper for its author�s SmartestSearch parasite. SpySpotter SpySpotter (spyspotter.com) is an anti-spyware application from Oemtec Ltd (oemtec.com). It has been bundled with iMesh so is considered a parasite in its own right; when installed stand-alone, it also bundles Oemtec�s Oemji toolbar (oemji.com) parasite and PopupBlockade. The Oemji toolbar code is based on the ZipClix parasite, from MWorld Holdings, who also produce the Httper, PopupBlockade, and InternetWasher parasites and appear to be part of the same organisation as Oemtec. Malwhere Malwhere (malwhere.com) is a process lister by Ran Geva/Softbulldog. Each running process is displayed, with known process-based threats highlighted (Malwhere does not detect other types of program). For unknown executable names it does a web search for information. Malwhere bundles the SaveNow/Save, ClockSync and Search parasites. Meanwhile other products from Softbulldog also install IEDriver/IEHost, FavoriteMan, CommonName/InternetKeywords, BargainBuddy/URLCatcher and Delfin. UControl UControl is a spyware removal application from WhenU (whenu.com), built into some versions of their SaveNow/Search parasite. It also bundles the SaveNow/Save parasite and ClockSync. UControl is based on the scanner from Aluria�s Spyware Eliminator, which is generally considered a reasonable anti-parasite program (though Aluria�s reputation in general has been harmed by the partnership with WhenU). SpyBan SpyBan (spyban.net) is an anti-spyware application from NicTech Networks (nictechnetworks.com), who also operate the system-destabilising and extremely difficult-to-remove Look2Me parasite. SpyBan installs Look2Me when loaded, which can then install other parasites. The SpyBan website has disappeared but the software is still available from some download sites. Terminexor Terminexor is a complete and unauthorised copy of the code of the free anti-parasite application Spybot Search&Destroy, with some of the strings in the executable file hacked to change the name. Terminexor is distributed by Flashpoint Media (flashpoint.bm) and silently bundles the FlashTrack/Xmod and BroadcastPC parasites, both of which are operated by Flashpoint. Terminexor is believed no longer to be promoted. SpyAssault SpyAssault (spyassault.com) claims to be a spyware remover, but provides no such software. Instead, it installs the FavoriteMan/Ss32 parasite. SpyAssault is controlled by Razor Media, the same company that operate this and some other variants of FavoriteMan, as well as the ClickTheButton, DailyWinner, SvcMM and WhileYouSurf parasites. SpyAssault is believed no longer to be operating. The unwanted Anti-parasite software that is unsolicited commercial software in its own right. VirtualBouncer VirtualBouncer (virtualbouncer.com) and its sister program AdDestroyer, by Spyware Labs (spywarelabs.com) have long been installed through drive-by-downloads and undisclosed bundling from other parasites, including some that are loaded by exploitation of Internet Explorer security holes. When loaded, VirtualBouncer opens repeated spyware warning dialogue boxes, demanding payment to remove what it says it has detected (which it refuses to divulge; probably nothing at all). WareOut WareOut (wareout.com) is a spyware removal application from �Coteco LLC� which is installed silently by CoolWebSearch/msbho and other CWS-related IE security holes. Its scanner generates false positives and even installs fake spyware �threats� of its own to ensure it can find something to ask for payment to remove. The server for WareOut�and its sister application PopClose (popclose.com) by �Rove Digital��is hosted in a netblock at at EstHost (esthost.com, in the atrivo.net netblock), which also serves myriad hijacker sites, security hole exploits and blog-spammers connected to CoolWebSearch. It is in fact only one IP address away from the fastsearchweb.com group of hijackers that installs WareOut by security holes. For this reason it is believed that Coteco/Rove (who seem to have no other presence; Rove are not related to rovedigital.com) are simply another name for this CWS affiliate. SpyBlast SpyBlast (spyblast.com) is a supposed anti-spyware application from advertising.com, that opens pop-up ads. Installed by unrequested ActiveX drive-by-downloads and considered a parasite in its own right. SpyBlast is believed no longer to be operating. AdProtector AdProtector was a spyware remover from RedV (redv.net, formerly web3000.com) which useed RedV�s EasyInstall adware as the installer. RedV are now believed to be defunct. The hypocrites Anti-parasite software that is marketed by companies involved in writing, distributing or controlling parasites themselves. SpywareNuker SpywareNuker (spywarenuker.com, nuker.com) and its variant pcOrion (pcorion.com) is a spyware remover application from TrekBlue (trekblue.com). TrekBlue, aka TrekData or Trek8 LLC, is a company formed by employees of Lions Pride Enterprises who didn�t leave to form SJB Enterprises (operators of MyNetProtector and the Netshagg parasite). Lions Pride Enterprises themselves operated the wnad parasite. Trek8 controlled and may still operate the InContext parasite (aka AdGoblin, adsincontext.com). Trek8 also owned BlueHavenMedia, who promote and distribute heavily parasite-infected downloadable applications such as Kazoom and ICQBoom. BHM is now operated by Software Delivery Systems, Inc (softwareds.com), whose current relationship with Trek8 is unclear. The original SpywareNuker application was a licensed clone of BPS Spyware Remover (bulletproofsoft.com), and had all the same problems (including using an unauthorized copy of the free anti-parasite application Spybot Search&Destroy�s targets database. The currently-available version SpywareNuker/pcOrion 2004/2005 is a complete rewrite and fixes these problems at least, however Trek8�s reputation remains deservedly tainted. SpywareNuker has also been widely promoted through spam. SpywareAvenger SpywareAvenger (spywareavenger.com) is a commercial-only spyware removal application from iDownload.com. iDownload control the Pugi/iSearch parasite, which they have installed through aggressive ActiveX drive-by downloader scripts and exploitation of Internet Explorer security holes. iDownload�s isearch.com is also the target of the ILookup/Hot parasite. MyPCTuneUp MyPCTuneUp (mypctuneup.com) is a site operated by DirectRevenue (direct-revenue.com) that offers to remove software by its �partner��ie. the parasites written and controlled by DirectRevenue itself. MyPCTuneUp removes variants of the Transponder parasite from Host and BI onwards, IPInsight and GrandStreet, but not before installing using the Transponder/Thinstaller, which leaks significant amounts of system information to its controlling server. JimmySurf JimmySurf (jimmysurf.com) is a commercial-only internet cleaner program that now also claims to remove spyware. It is sold by Surf Protect LLC, aka ClickSpring LLC, who operate the MediaTickets and PurityScan parasites. Warnet Warnet is a commercial-only spyware remover from C2 Media, who operate the lop parasite. Believed no longer to be operating. Kill All Spyware! Kill All Spyware (killallspyware.com) is a commercial-only spyware remover from Mainstream Dollars (mainstreamdollars.com), part of the iClicks Internet Inc group that signed the initial Ineb variant of ILookup and hosts many of its other variants. Kill All Spyware was promoted in adware links from ILookup. #1 Spyware Killer #1 Spyware Killer (1spywarekiller.com) is a spyware remover application from �Kitten Holding Corp� (evilbucks.com). The whois information is again the same as that for many variants of ILookup, including ILookup/Waeb which has been seen to advertise it. SpywareHelp The SpywareHelp service promoted at spywarehelp.net is operated by Odysseus Marketing Inc (odysseusmarketing.com) who also control the ClientMan parasite. The dodgy dealers Anti-parasite software that is marketed abusively. SpyWiper SpyWiper and its variant SpyDeleter are commercial-only spyware removers operated by MailWiper (mailwiper.com). They are promoted through homepage-hijacking parasite installers loaded through IE security hole exploits by SmartBotPro (smartbot.net) sites. SpyWiper/SpyDeleter is believed no longer to be in operation. Rob Martinson (MailWiper), Sanford Wallace (SmartBotPro) and Walt Rines (Odysseus Marketing) are closely connected, a trifecta of infamous old-school spammers. Ad-Eliminator Ad-Eliminator (ad-eliminator) and its successors Spy-Control (spy-control.com), SpyOut (spyout.net) and Ad-Protect (ad-protect.com; all variants have many, many alternative promotional site URLs) are spyware scanners from Global Entertainment Solutions (gesworld.com), an Israeli marketing firm that normally sends spam promoting dodgy Green Card sites. Ad-Eliminator was promoted by an enormous and lengthy campaign of e-mail and Windows Messenger service spam advertising constantly-changing site addresses with misleading scare-tactics claims that spyware had been �detected� on the receiver�s machine. A similar misleading spam campaign has also now started for Spy-Control. Additionally, the Spy-Control variant installs a search toolbar targeted at www.searchmeup.com, a site normally associated with CoolWebSearch hijackers. XoftSpy by Paretologic (paretologic.com): downloads promoted by the RichFind parasite. SpywareStormer (spywarestormer.com) by Error Guard (errorguard.com), Security IGuard (securityiguard.com) by Rex Services and PAL Spyware Remover from PAL Soloutions (palsol.com): widely promoted by some CoolWebSearch variants. BPS Spyware&Adware Remover (bulletproofsoft.com) uses an unauthorised copy of the database from the free anti-parasite application Spybot Search&Destroy. Adware Remover Gold (adwareremovergold.com) by Cyberheat Inc, as a licensed clone of BPS, is in the same situation. Adware Remover Gold is also advertised by e-mail spam. InterESoft NoSpyX (nospyx.com): commercial-only spyware remover also widely promoted by e-mail spam. Others There are dozens of other anti-parasite applications that either are marketed abusively or simply aren�t much good (usually both). Eric Howes maintains a comprehensive list of rogues at Spyware Warrior. Parasite home... CC
From: Dustin Cook on 20 Jun 2010 19:27 Dave U. Random <anonymous(a)anonymitaet-im-inter.net> wrote in news:1f401b7bbbd0a2f57248a6382e1afb31(a)anonymitaet-im-inter.net: > http://www.doxdesk.com/parasite/rogues.html I suppose you're trying to fix the screwup with my address? > marketed abusively or simply aren�t much good (usually both). Eric > Howes maintains a comprehensive list of rogues at Spyware Warrior. Eric hasn't updated that list in years. It's dead, preserved for the interest of it, only. -- The bear went over the mountain to see what he could see. Hey! The other side of the mountain was all that he could see! So he went back over the mountain to see what he could see. Hey! The other side of the mountain was all that he could see! - Green Jelly The Bear Song
From: Anonymous on 20 Jun 2010 20:38 "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message news:Xns9D9DC63D06335HHI2948AJD832(a)69.16.185.250... > Dave U. Random <anonymous(a)anonymitaet-im-inter.net> wrote in > news:1f401b7bbbd0a2f57248a6382e1afb31(a)anonymitaet-im-inter.net: > >> http://www.doxdesk.com/parasite/rogues.html > > I suppose you're trying to fix the screwup with my address? the jewboy is trying to make himself look like a good guy.
|
Pages: 1 Prev: Adult FriendFinder news spam campain Next: Spybot - Search & Destroy Problem |