Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Monday, June 28, 2010

Legal Software More Annoying than Most Viruses

Do you remember programs from Gator, MyWaySearch, Net.Net or 180Solutions? Are there still programs running on your computer that you really don’t want? 

You’re not alone! Most annoying programs now come from legitimate companies who know they’re not really adding value but do it to make share holders happy. There’s always been competition by companies to get their programs installed on the greatest number of computers.  When you notice your computer keeps getting slower you can blame it on these programs.  At least when AOL shipped out millions of CD’s you had the choice of installing it or not

I created my WinPatrol program to alert me if new programs are being added to the Windows startup procedure. Originally this popular feature was designed to prevent spyware from infecting your system. Now, the biggest problem doesn’t come from spyware or viruses, it comes from well known companies like Apple, Adobe, Google and even Microsoft. These programs have limited value but provide increased visibility and profit for software companies. Totally unrelated companies are encouraged(paid) to install these programs and receive a cash bounty if they can get you to install them. Sometimes it’s done without your knowledge, sometimes it because you don’t carefully read the purpose of every check box during setup.

In the past it was common for WinPatrol fans to report programs which were malicious, designed to steal data, monitor key strokes or create pop up ads. Sadly, the most common complaints I see now are for programs from legitimate companies.

Google continues to top the list of companies wanting to make sure you have their toolbar and updates of anything else they feel you need, like it or not. A large number of companies are paid to install the Google Toolbar via programs like Adobe Flash,  Cyberlink PowerDVD, IrfanView, PC Tools Spyware Doctor, Threatfire, RealPlayer, ZoneAlarm and more. The fact WinPatrol users are requesting Info on GoogleUpdater implies they have no clue how it was installed on their system.

Google Updater isn’t the only program that our users don’t understand why they have it. Continued below is a current, Where the hell did I get this from, and how can I get rid of it” list.  I’ve made the top ten hot links so you can click and see an example of some of the extra value provided by WinPatrol PLUS.

  Program Request   Company Name
1 GOOGLEUPDATER.EXE   GOOGLE INC.
2 ADOBEARM.EXE   ADOBE SYSTEMS
3 JUSCHED.EXE   SUN MICROSYSTEMS, INC.
4 READER_SL.EXE   ADOBE SYSTEMS
5 MDNSRESPONDER.EXE   APPLE INC.
6 WMPNSCFG.EXE   MICROSOFT CORPORATION
7 ITUNESHELPER.EXE   APPLE INC.
8 REALSCHED.EXE   REALNETWORKS, INC.
9 QTTASK.EXE   APPLE INC.
10 APPLEMOBILEDEVICESERVICE.EXE   APPLE INC.
11 CTFMON.EXE   MICROSOFT CORPORATION
12 IGFXTRAY.EXE   INTEL CORPORATION
13 IGFXPERS.EXE   INTEL CORPORATION
14 NVCPL.DLL   NVIDIA CORPORATION
15 MSFEEDSSYNC.EXE   MICROSOFT CORPORATION
16 SMSS.EXE   MICROSOFT CORPORATION
17 CLISTART.EXE   ADVANCED MICRO DEVICES
18 NWIZ.EXE   NVIDIA CORPORATION
19 ISUSPM.EXE   MACROVISION CORPORATION
20 MSASCUI.EXE   MICROSOFT CORPORATION
21 HKCMD.EXE   INTEL CORPORATION
22 HIDSERV.DLL   MICROSOFT CORPORATION
23 SIDEBAR.EXE   MICROSOFT CORPORATION
24 DUMPREP 0 -K   MICROSOFT CORPORATION
25 MSNMSGR.EXE   MICROSOFT CORPORATION


Not long ago our top requests were programs that served up spyware or adware like those below. Some free sample links below may not contain updated PLUS Info. Have you been around enough to remember these annoying infiltrations?

Common Name Program Detected by WinPatrol
MyWebSearch.com Hijacker MYBAR/MYWAY.DLL, MWSSRCAS.DLL, MWSOEMON.DLL
New.net NEWDOTNET.DLL
WinTools WTOOLSA.EXE, WTOOLSB.DLL, WTOOLSS.DLL
XUpiterSpyware - OrbitExplorer toolbar.dll
eXact Advertising NVMS.DLL, MSCB.DLL, MSBE.DLL
Internet Optimizer nem21*.dll - nem220.dll
Gator / Claria CMESYS.exe, GMT.exe, GAIN_Tickler*.exe
PowerREGISTER POWERREG SCHEDULER.EXE
Uploader-R TSM2.EXE
WinAd by TwistedHumor Winad.exe, WinAdTools.exe Winclt.exe, WinTaskAd.exe
Intercosmos Media Group SEARCHRELEVANCY.DLL
Addictive Technologies ATPARTNERS.DLL
WhenU.com VVSN.exe / Save.exe
180Solutions MSBB.EXE
LocalNRD - Trandponder - Mindset Interactive LOCALNRD.DLL
Neo Toolbar - Traffic Syndicate TBPS.EXE, btein.dll, stoolsbar.dll
Bridge Search Page Hijacker BRIDGE.DLL
W32 Supernova Worm SYSUPD.EXE
eUniverse / Keen Value WUpdater.exe, INCFINDFBO.DLL, PERFECTNAVBHO.DLL
CommonName Toolbar CNBABE.exe, CNBABE.DLL

 

If you’d like to learn more check out the Calendar of UpdatesInstallers Hall of Shame” at

http://www.calendarofupdates.com/updates/index.php?showtopic=16109. You’ll be amazed at how common this business practice as become.  This topic already has almost 300 comments to there’s a lot to read.

Meanwhile, download WinPatrol and easily clean up your startup programs. Upgrade a specially priced WinPatrol PLUS now for recent information on these annoying programs. WinPatrol works well along side any of the popular AV and security programs on the market.

Share on Facebook


Sunday, June 13, 2010

Would you Spot this Malware?

I recently wrote about how social engineering and human nature is used to trick us into downloading files which infiltrate our computers. When I signed on to Facebook today the first thing I noticed was an obviously malware post. I’d like to think all of you would know immediately not to click the this link. I deleted the post so others wouldn't click on it and phoned our young friend who posted it. Not surprisingly she had no idea how it was posted and as I suggested she signed on to change her Facebook password.

Would you have detected this as an obvious scam?

miley

Even I know that Justin Bieber is too young for Miley Cyrus.

As a researcher I clicked on this link to see where it went. So in case you’re curious, here’s what happens. In this case, the Bit.ly service was smart enough to know this link was suspicious. Bit.ly is a service which allows you to create a shortcut of a long url. This is useful if you need to include a web address in a short message like those required on Twitter. Unfortunately, these short addresses don't let you see where a link takes you.

miley1

If I was still silly enough to continue the real fun begins with an invitation to share this with all my friends.

miley2

If this was really shared by 95,071 friends it’s really scary. I often wonder if someday I won’t need to keep developing my WinPatrol program. I suspect it will be a while until I get to retire.

Share on Facebook


Wednesday, June 02, 2010

New and Improved WinPatrol 18

While WinPatrol 18 sounds like a boring name there’s nothing boring about the new features included in the new, improved WinPatrol.

regmonitor18

Since 1997 WinPatrol has taken a snapshot of critical system locations and alerted members if values are changed. Over the years Microsoft Windows has become more and more complex and the number of critical locations has exploded. WinPatrol has grown to meet those needs while remaining small and robust.

I frequently get recommendations from pros on new registry locations which should be monitored.  In some cases, these locations are application specific or apply to particular versions of Windows. WinPatrol 18 users can add locations they feel are important and WinPatrol will protect them.

reglock_thumbRegistry monitoring is flexible. Instead of having a pop up message asking about a change WinPatrol can just lock down a value and prevent it from changing. In the list above, those registry values with an icon are set to be locked and protected from change.  As online experts find new registry values being changed by malware, WinPatrol can protect you better than ever.

At first glance this feature may look like something for advanced users. The “Suggestions” button will offer tips and suggestions on registry values you may want to protect based on how you use your computer.  We’ll also offer application specific update scripts that can be download and installed with a few clicks.  Ultimately, it’s still my goal to save users from having to ever edit the register using programs like RegEdit.exe.

By far my favorite part of developing WinPatrol is the support I receive from our loyal fans.  When WinPatrol was created I never expected it to become my primary project. I never developed a business plan to keep WinPatrol going so I really depend on word of mouth and support from all of you who have become PLUS members.  As long as my health and this support continues you’ll see a WinPatrol 19, 20 and many more with new features based on your requests and suggestions.

scottyorb64Thank you again for your support and suggestions. Please enjoy the new WinPatrol 18. I hope Scotty takes good care of you and your critical computer information.

Share on Facebook