WebKnacks.Com - Pop-up killers and privacy software
Pop-up killers and privacy software
WebKnacks.Com - Pop-up killers and privacy software
 
»
 Home  
»
 News  
»
 Register  
+
Products
 
«
 
«
 
«
 
«
     
     
+
 
«
 
«
 
«
 
«
     
     
»
 Online pop-up killer tester  
»
 Subscribe to news  
»
 Affiliates  
   
     
 
StealthWare
 


There are two sources of popup ads - usual web-sites with popup advertisements and some programs stealthy running on your computer. Such programs are secretly installed by some free programs without your knowledge and permission. There is excellent Mike Tuck's review "Adware and Under-Wear - The Definitive Guide" about StealthWare.
AntiPopUp has internal StealthWare Detector. It is the first and unique pop-up killer which not only stops pop-up ads, but also prevents your computer from popup-generating software. It is strongly recommended to clear your computer from all suspicious programs if AntiPopUp has detected StealthWare. You can use Pest Patrol to remove such programs.
PestPatrol is a powerful security and personal privacy tool that detects and eliminates destructive pests like trojans, spyware, adware and hacker tools. It complements your anti-virus and firewall software, extending your protection against non-viral malicious software that can evade your existing security and invade your personal privacy. Click here to get more info about PestPatrol...

You will be shocked. It is the list of known StealthWare from CounterExploitation 

  • TSADBOT (tsadbot.exe) AdGateway by TimeSink / Conducent Technologies
  • Aureate/Radiate spyware DLL ADVERT.DLL by Aureate / Radiate AdSoftware Network
  • FluxPC AdPipe
  • DSSAGENT (dssagent.exe) Brodcast by Broderbund (tags along with some Mattel/Broderbund software)
  • CyDoor "Ads On Software (tm)" - Comes with many ad-enabled products including KaZaA.
  • Web3000 (MSBB.EXE) aka. N-Case - Dastardly advertising spyware that overwrites your wsock32.dll system file, and may transmit lists of URLs you visit. See Privacy Power! Reference and Network World Reference.
  • Flyswat: See Privacy Power! Reference.
  • TransCom's BeeLine : see Web3000.
  • NewsUpd.exe - "News Engine Update Application" - Creative Labs advertising software installed with SoundBlaster (tm) and perhaps other products.
  • Codehammer Message Mates
  • BonziBuddy - A talking gorilla/parrot/etc. "software companion" targeting children. Silently Installed with some other software, and difficult to remove. See Privacy Power! Reference.
  • OnFlow - Installed by BearShare among others. The company that makes this beastie describes its purpose fairly well on its own :) It is a browser plug-in designed specifically to display advertising, usually of the large, loud and flashing variety.
  • SaveNow (WhenUShop) - Installed by BearShare among others. Put quickly, an advertising toolbar that monitors what sites you visit and pops up sponsored "deals" when products/shopping/etc. appears on those sites. Microsoft provides removal instructions.
  • Gator "Trickler" (fsg.exe / fsg-ag.exe), OfferCompanion - installed by AudioGalaxy among others.
  • PhoenixNet - Spyware embedded in your system BIOS!
  • WNAD.EXE - secretly installed background task that goes online to transmit personal information and display stealth popup ads. Installed by the "Yo Mamma, Osama" game from TwistedHumor.com, as well as the SwapNut file sharing utility.
  • Blackstone Data Transponder a.k.a. VX2 / RespondMiter / Sputnik / NetPal / Aadcom. This many-named piece of spyware is installed as an IE Helper (BHO) by third-party software OR website visits, and pops up ads continuously while you surf.
  • FlashTrack (FTAPP.DLL) - An advertising spyware module (BHO) installed with the iMesh filesharing client. More information and removal procedure are here. Flagged as a Trojan by McAffee.
  • dlder.exe - An advertising trojan that is installed by Grokster (1.33), Bearshare (2.4.0b7), LimeWire (2.02), Net2Phone (unspecified versions) and KaZaA (unspecified versions).  The spyware itself comes from ClickTillUWin.com. Taking the torch from even the worst advertising spyware to date, this one creates a fake Explorer executable and process to hide its activities. More information here. Some antivirus manufacturers have listed this as a virus or trojan horse: TROJ_DLDER.A.
  • ADP.EXE - Another spyware, distributed with LimeWire(?) and others. Appears to be an installer of Bargain Buddy (below).
  • BARGAINS.EXE (Bargain Buddy) - Advertising spyware installed with Net2Phone and some versions of LimeWire. Appears related to ADP.EXE above. More info at www.doxdesk.com.
  • bdeviewer.exe (B3D / BrilliantDigital Projector)  - A "3D Web Animation" advertising-display plugin, similar to Onflow, as well as distributed computing client that will sell your hard drive space, CPU cycles, and bandwidth. Installed by KaZaA/Morpheus and probably others. Additional story here. Removal procedure here.
  • EverAd - No information currently available.
  • Expedioware - No information currently available.
  • adshow.exe - No information currently available.
  • HelpExpress / Attune (HXIUL.EXE) - Appears to be advertising spyware that displays sponsored ads, e.g. "Buy toner"/etc. messages when you use your printer. No additional information available at this time. Remove by uninstalling "HelpExpress" and "Attune" under Windows' Add/Remove Programs.
  • Gator GAIN (GMT.exe, CMESys.exe, GAIN_TRICKLER_*.EXE) - Pops up advertising, apparently a new Gator product. A security hole in some versions allows Web sites to install arbitrary software on your computer. This URL will detect GAIN. Gator recommends on its Web site to contact support(at)gator.com for removal instructions. Gator software may be quietly installed by drive-by download.
  • Wurld Media / Morpheus Shopping Club (bpboh.dll / mbho.dll / MSCStat.exe) - Installed by Morpheus, the "no spyware" (ya, we believe you) filesharing tool. Sneakily redirects IE through advertisers' referral links when certain sites are visited in your Web browser. More details here and here.
  • NE.EXE (Network Essentials / SmartPops) - Displays stealthy popup ads while surfing the Web or using search engines. Wow! To hear it from them, this is the best service on earth--boy are they helpful. Remove by uninstalling "Network Essentials" in Add/Remove Programs. I have seen reports of this being installed simply by visiting certain Web sites.
  • dw.exe, Movie Network.exe (Downloadware / Mediacharger / Movienetworks) - Displays lots of popup ads as you surf; Mediacharger may also function as a dialer for 1-900 #s for billing of adult movie downloads. Check for removal entries in Add/Remove Programs. Some removal instructions (may or may not work?) are here. I have had reports that the program will try to deter uninstallation by telling you that doing so will mess up your browser. It is, however, bluffing.
  • ofrg.dll (FavoriteMan) - Installed by unknown means, possibly by NetPal spyware. More information here. One of its co-bundled products may be a homepage hijacker.
  • ctbclick.exe (ClickTheButton) - Installed by (NetPal), Favoriteman parasite, and some versions of KaZaA. More information here.
  • JavaRun.exe (Etraffic / TopMoxie) - Marketing software installed by products from "loyalty marketing partners", that pops up ads and coupons when you visit certain Web sites. TopMoxie description and info here. According to this site, partner software must be removed before an entry for TopMoxie will appear in Add/Remove.
  • Download_Plugin.exe - SpywareInfo has the scoop on this, it is an infector for the infamous Lop.com portal-potty. It reportedly modifies your browser preference settings to place Lop.com as your start page, adds crap links to your bookmarks, changes your desktop and adds a spyware plugin ("Swish Browser Helper").
  • openme.exe (xww.de ?) / Fast Download / Full Downloader - Loads at startup and pops up porn ads ("Live Chat mit Cams!") after about 20 minutes, according to this post in the message boards. May also try to install a dialer. To remove, find and delete openme.exe in your Windows directory, and remove it from your Registry's "shell=" line as well.
  • Radlight DivX Movie Player - The nature of the software itself is unknown. However, it will intentionally search out and delete AD-Aware from your hard drive, then dump a number of malware products on your system. This puts it on the level of a VIRUS in my book; such a behaviour is completely unacceptable.
  • NETBUIE.EXE (Unknown) - Source unknown. Places itself in C:\windows\system and adds a startup reference to the Registry. Continually loads porn popups (www.sexysquirter.com et al) while the machine is switched on.
  • INetSpeak - Bundled with the Music Magnet file-sharing tool, installs a permanent ad banner into IE. Installs as a Browser Helper Object. Remove using a BHO remover, by disabling BHO42602.clslnetspeak or similar. See write-up here.
  • plg_ie0.dll - More Lop.com crap, this one is a BHO that sends your browser to their site for most any IE error page (e.g. "The site cannot be found" becomes instead a bunch of useless lop.com links). See SpywareInfo's writeup for details.
  • Netbroadcaster(?) - Related to Movienetworks (same registrar, IP block, etc.). There is reported to be a malware product by this name. No additional information available.
  • Unknown (ftp_back.exe, istabm.exe, bm_insta.exe, attnvg.exe, createsw.exe, driverpg.exe) - Suspected ad/spyware programs. Implicated here. No additional information available.
  • AdBreak (kvnab.dll) - The name implies an advertising program, but has not been observed in action. May be installed by a trojan. Some info here.
  • PAgent, Vegas Palms Casino (MicroGaming), KFH, MediaLoads, WinEME - sub-parasites installed by DownloadWare, include casino gaming apps, ad programs and an unknown email-sending background task. Info and removal help here.
  • HotBar - an advertising toolbar that spies on sites visited and the contents of forms you fill out. Installed by IMesh. More info here.
  • VLoading / Download class - A loader or "trickler" that is used to download and execute arbitrary programs on your PC. Used by some sites to install porn dialers. Created by a company called Electronic Billing Systems, who may be involved with dialers. More info here.
  • Firstlook / new.net - A portal potty and paid-placement search engine operated by New.net. Reportedly, software is slipped in by the New.net client which directs the user to the firstlook.com search engine. This functionality is reported to be currently deactivated.
  • Tgdc.exe / shopforgood.com - An affiliate link stealer similar to Wurld Media. More info here.
  • CnsMin / 3271.com - A Chinese keyword-lookup program, possibly similar to QuickClick? Does not appear that harmful, but is very difficult to remove and re-installs itself even while you are still removing it. More info here.
  • Search-Explorer - Another useless Browser Toolbar. Displays popup ads and places some cookies on your machine. More info here.
  • WINSERVS / PurityScan / sear1.exe (winservs.exe, winservn.exe, etc.) - On first running, scans your IE cache/history/cookies for files with porn-words in them and displays a list of any found. Also drops in a background program (winservs.exe) that constantly loads popup ads when the computer is running.
  • SmartAd (Cybersurf / www.cia.com) (file names unknown) - Canadian advertising program that "enables true one-to-one targeting of advertising messages against audiences defined by demographics, psychographics, lifestyle or location". The company boasts that its software's ads "can never be covered up, moved offscreen, or otherwise disabled." This product appears targeted mainly toward Internet kiosks and "free internet access" companies, not end-users. The company also hypes an "ad player" format similar to Onflow
  • Permissioned Media (friendgreetings.com / cool-downloads.com / WinSrv Reg / OTMS.EXE / winservc.exe) - Another company that hawks those infamous "online greeting cards". The catch? To view the greeting card, the site attempts to install a 1+ megabyte application that will (unless you carefully read the license agreements and click "NO!") spam everybody in your Outlook address book with phony greeting cards and ads for their service, then place advertising spyware on your computer. The spyware will collect your name, email address and surfing habits, popping up ads and delivering HTML spam to your email address. Removal instructions here. Possibly the first spyware program that lists "minimum 64MB memory" in its system requirements, and attempts to restrict you linking to their Web site. (Sue me, I dare ya.)
  • Save / WhenUSave (SAVE.EXE) - Installed by some "free" software including Radlight Media Player. A removal reference is placed in Add/Remove Programs, but warns that removal will also disable the program (e.g. media player) that it was installed with. Appears to be a rebranded version of the SaveNow advertising parasite.

 

  
   
 

 

© Copyright 2001-2003 SK Lab. All rights reserved.

      
 
Web-Design by Boris Kaul