This just reported on Slashdot.com:

You may remember the announcement about a company, or program, or both called Earthstation 5 who recently 'Declared War' on the MPAA. Well guess what? Turns out that it's got code in it that allows anyone to delete any file on your computer. I suggest that you un-install as soon as possible!

Thanks efc I have it and will uninstall it.Doesn't work very well anyway.

here is the lin kto the vital data,

EartStation 5 P2P application contains malicious code
-----------------------------------------------------

ES5 info
--------
EarthStation 5 (aka ES5, aka ESV) (http://www.earthstation5.com and
http://forums2.es5.com/) is a P2P application first released about 6-12
months ago. The people behind ES5 claim that ES5 is the most secure P2P
software in the world. They also claim that they are security experts, and
that they have more than 15 million simultaneous users on-line 24/7. In
comparison Kazaa, the most popular P2P application, only has about 4
million simultaneous users on-line at any given time of day.

Malicious code
--------------
There exists malicious code in ES5.exe's "Search Service" packet handler.
By sending packet 0Ch, sub-function 07h to the "Search Service"'s IP:Port,
a remote attacker could delete any file the user is sharing. If the remote
attacker uses "filenames" with a relative path in them (eg.
"..\..\..\WINDOWS\NOTEPAD.EXE"), the remote attacker could also delete
files in eg. the windows and windows\system32 folders, or any other folder
on the same partition as any of the shared folders. Since most users using
Windows are in the Administrators group, a remote attacker could also
delete the C:\BOOT.INI file which is a required boot file used by ntldr.

IMPORTANT: This is not a bug! They intentionally added this code to ES5.

Vulnerabilities
---------------
There also exists a lot of other vulnerabilities in ES5 (eg. DoS attacks,
buffer overflow bugs, and so on), but these all seem to be unintentional.
Another advisory may have more info on these vulnerabilities, but I'm not
their beta tester so don't hold your breath.

Conclusion
----------
The people behind ES5 have intentionally added malicious code to ES5. If
you have followed the ES5 discussions on message boards and read what the
ES5 people have said and done (eg. DoS attacking BitTorrent sites), this
comes as no surprise. The question then is "why did they do it?" I'm sure
they won't tell us, but here's a theory: They could be working for the
RIAA, MPAA, or a similar organization. Once they have enough users on their
ES5 network, they would start deleting all copyrighted files they own which
their users are sharing. The users wouldn't know what hit them.

Tested ES5 builds

Read more here from random nut (http://lists.netsys.com/pipermail/full-disclosure/2003-October/011339.html)

Usually you can delete any files left over manually when you uninstall,but these files,except for the media files folder,cannot be deleted from the Earthstation directory.Anyone know what these are?EarthstationFolder (http://zipp51.8bit.co.uk/Earthstation5Pic.JPG) How can I get rid of them?

strange...

i have the same problem

these files must be in use but i cannot locate the processes

Try the following:

Write down full path to the directory in question.

Boot to Command Prompt.

navigate to the Folder/Directory in question by typing cd then the complete path that you wrote in your notes.

Use Attrib command to remove attributes that will keep you from deleting files. syntax attrib -h-r-a-s <enter> (h is hidden, r is read only, a is archive and s is system)

Then delete files using syntax del *.* or del. <enter>

If this works, You should be able to go up one directory level and delete the directory.
steps -
cd.. <enter> to step up one level.
rd file name <enter> to remove directory

Good Luck

or use dr delete


Having trouble deleting:




In-use files?

Spyware Components

Index.dat


and other annoying files that are 'In use'?

So was I! I sat down to work, researching the Win32 API and scheduling files to be deleted... and so Dr. Delete was born! Dr. Delete can delete in-use files by scheduling them to be deleted at the next startup. It calls upon the Win32 API, so it's using safe and tested code. Written with Visual C++ / MFC. Native executable, MFC compiled into program (since most people don't have MFC 7.1 )

Works on NT/2k/XP/2003 by calling the MoveFileEx() API function.

Works on 9x/ME by appending/creating the WinInit.ini file.




http://www.dslreports.com/forum/remark,7374516~root=sware~mode=flat

That is much easier than working with the c: prompt. I added it to my utilities.

I like Dr Delete so far.It deleted 2 of the files without a reboot and the other 2 are pending.I will deal with the main directory after a reboot.It should be illegal to put malware in programs.Talk about intrusive.:D

There's another utility that's been around for a while that'll remove on boot.

http://techzonez.com/forums/showthread.php?postid=20973#post20973