Fenalaar
February 9th, 2005, 21:09 PM
A few days ago I got my brothers PC back for another turn on the lab bench for some needed spyware removal. As he has a teenager in the house, this is a rather regular affair. All registry guardian software is useless, as long as the teenager in question always clicks on the "allow change" button... :(
Well - I can't complain all that much... This round netted me a Shure stylus force gauge (used for setting up turntables) and some other HiFi accessories for free :cool:
The PC were seriously botched - he couldn't get online, his printer didn't work and so on, but some rounds with my regular anti-spyware toolchest fixed it up again.
Now anyway, I figured out I'll do a bit of research on where all this crap comes from, and ok - if I have to clean up my own PC, so be it. If I am to make a living from stuff like this, I need to do some research anyways...
His PC had gotten Limewire installed since the last time I checked it, and some of it comes from the installation of Limewire itself. However - nothing of this will prevent the PC from working, but rather display popups, searchbars and so on. Most of the filesharing applications on the PC will install some form of adware or another. Funny enough - the Mac version of Limewire itself is clean...
Just to check out what's out there, I fired up my old trusty mac, downloaded Limewire and started searching for some files, mostly at random - primarily video files.
I found a few VMW files of a suitable size, which I downloaded, and sure enough, several of them had DRM-protected vmw3 content, which wouldn't play on the Mac.
I dumped the files over onto the PC (which is loaded with Spybot, Teatimer, Processguard, Adaware, spywareblaster, Norton and so on), and tried them, to see what happened.
Sure enough, some updates to Media Player were needed and installed, and then it tried to "get a license". Now, it popped up a small webpage from instantdrm.com which told me to click here to allow active x and so on... Sounds familiar.... ? Instantdrm is a drive-by downloader of various browser hijackers. It actually had one flaw - just closing the window, without letting it install anything activated the license so the file was playable...
Some googling show that instantdrm and related variant Playadrm and others are agressively marketed to adult webmasters as the solution for getting paid for their content. Ok - the webmasters may get protected files, but their customers end up with a side dish of malware with their prOn....
Filesharing nets are starting to be poisoned by malware, so if you want to keep the PC clean, at least be careful with what you download, and secondly - VMW files are very dangerous for unprotected PCs. Heck - Since Windows mediaplayer will cheerfully accept a VMW file that's mislabeled as mp3, wma, mpg or whatever format it's set up to handle as default program - any PC with a novice behind the keyboard is in danger.
If you're in the tech business and want your customers computers to be safe, tell them to stay away from filesharing, and to not click on "Allow this" boxes without reading them first. If you want to fill your pockets, don't tell 'em... :)
Some good reading can be found here... http://www.doxdesk.com/
Johan-Kr
Well - I can't complain all that much... This round netted me a Shure stylus force gauge (used for setting up turntables) and some other HiFi accessories for free :cool:
The PC were seriously botched - he couldn't get online, his printer didn't work and so on, but some rounds with my regular anti-spyware toolchest fixed it up again.
Now anyway, I figured out I'll do a bit of research on where all this crap comes from, and ok - if I have to clean up my own PC, so be it. If I am to make a living from stuff like this, I need to do some research anyways...
His PC had gotten Limewire installed since the last time I checked it, and some of it comes from the installation of Limewire itself. However - nothing of this will prevent the PC from working, but rather display popups, searchbars and so on. Most of the filesharing applications on the PC will install some form of adware or another. Funny enough - the Mac version of Limewire itself is clean...
Just to check out what's out there, I fired up my old trusty mac, downloaded Limewire and started searching for some files, mostly at random - primarily video files.
I found a few VMW files of a suitable size, which I downloaded, and sure enough, several of them had DRM-protected vmw3 content, which wouldn't play on the Mac.
I dumped the files over onto the PC (which is loaded with Spybot, Teatimer, Processguard, Adaware, spywareblaster, Norton and so on), and tried them, to see what happened.
Sure enough, some updates to Media Player were needed and installed, and then it tried to "get a license". Now, it popped up a small webpage from instantdrm.com which told me to click here to allow active x and so on... Sounds familiar.... ? Instantdrm is a drive-by downloader of various browser hijackers. It actually had one flaw - just closing the window, without letting it install anything activated the license so the file was playable...
Some googling show that instantdrm and related variant Playadrm and others are agressively marketed to adult webmasters as the solution for getting paid for their content. Ok - the webmasters may get protected files, but their customers end up with a side dish of malware with their prOn....
Filesharing nets are starting to be poisoned by malware, so if you want to keep the PC clean, at least be careful with what you download, and secondly - VMW files are very dangerous for unprotected PCs. Heck - Since Windows mediaplayer will cheerfully accept a VMW file that's mislabeled as mp3, wma, mpg or whatever format it's set up to handle as default program - any PC with a novice behind the keyboard is in danger.
If you're in the tech business and want your customers computers to be safe, tell them to stay away from filesharing, and to not click on "Allow this" boxes without reading them first. If you want to fill your pockets, don't tell 'em... :)
Some good reading can be found here... http://www.doxdesk.com/
Johan-Kr