Hi everyone,

I d/l the eval copy of P Patrol, and it found the following:

"",Pest,Pest Info,File Info,""
1,Alexa,Category: Adware Description: Tracks usage.
Collects personal info. Still live.
Source: here?tag=st.cu.cu_ad.txt.1200-20-884830
See here Release Date: 1/19/2001 ,
In Registry: HKEY_LOCAL_MACHINE\software\microsoft
\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ ,""

2,Cexx CD_CLINT.DLL,"Category: Misc Description:
Replacement DLL for Cydoor adware. from the doc:
'These dummy files are drop-in replacements for Cydoor spyware modules
that may be violating your privacy. These allow you to continue using
a spyware-dependent program (e.g. Drug Dealer Ware) without worrying
about unwanted connections being made behind your back. The dummy files
can also be used without ad-supported software, to prevent such spyware
files from being installed in the future.'
Author: Cexx.org Release Date: 4/21/2002 ",
In File: D:\Program Files\Spybot - Search & Destroy 1.0\spybotsd11.zip|
Spybot - Search & Destroy 1.1/Dummies/dummy.cd_clint.dll PVT: 1976837440
MD5: d41d8cd98f00b204e9800998ecf8427e File Analysis:
Look up with MD5 (recommended) or PVT. ,""

3,Cexx CD_CLINT.DLL,"Category: Misc Description:
Replacement DLL for Cydoor adware. from the doc: 'These dummy files are
drop-in replacements for Cydoor spyware modules that may be violating
your privacy. These allow you to continue using a spyware-dependent
program (e.g. Drug Dealer Ware) without worrying about unwanted connections
being made behind your back. The dummy files can also be used without
ad-supported software, to prevent such spyware files from being installed
in the future.' Author: Cexx.org Release Date: 4/21/2002 ","
In File: D:\Program Files\Spybot - Search & Destroy 1.0\Spybot -
Search & Destroy 1.1\Dummies\dummy.cd_clint.dll PVT: 1976837440
MD5: 65fd7ea79f626f7b57f4d6ced6339f32 Size: 48,640 Date: 10/11/02
Company Name: CEXX Labs - www.cexx.org File Description: DLL (GUI)
File Version: 1.0.0.0 Internal Name: ProjectOne Legal Copyright:
CEXX Labs + Mike Dombrowski Original Filename: project1.dll
Product Name: CEXX.ORG Spyware Condom (CYDOOR-Compatible) Product Version:
1.0.0.0 File Analysis: Look up with MD5 (recommended) or PVT. ",""

4,Cexx CD_CLINT.DLL,"Category: Misc Description: Replacement DLL for
Cydoor adware. from the doc: 'These dummy files are drop-in replacements
for Cydoor spyware modules that may be violating your privacy. These allow
you to continue using a spyware-dependent program (e.g. Drug Dealer Ware)
without worrying about unwanted connections being made behind your back.
The dummy files can also be used without ad-supported software, to prevent
such spyware files from being installed in the future.' Author: Cexx.org
Release Date: 4/21/2002 ",In File: D:\Setup-Zip\spybotsd10.niaswiss.zip|
Spybot - Search & Destroy 1.0/Dummies/dummy.cd_clint.dll PVT: 1976837440
MD5: d41d8cd98f00b204e9800998ecf8427e File Analysis: Look up with MD5
(recommended) or PVT. ,""

I'm just wondering what program (that's for free, tight on the money right now) I can use to get rid of them......as you can see I use Spybot, Internet Sweeper and Window Washer........

T Barb

Hi,

For Alexa, Spybot Search And Destroy or Ad-Aware for instance.

Cexx CD_CLINT.DLL don't delete it : it's a fake to cheat
de spyware Cydoor and use the program(s) which install(s)
it and keep on running it (them) without phoning home.

For instance Kazaa, Babylon, etc...

Rgds,

JacK

Thanks JacK,

I am using Spybot Search And Destroy and it won't find it....took Ad-aware off my system(waiting for the new one) guess I d/l the old one and run it again.....


T Barb

Hi,

Just to let you know, d/l Ad-Aware and it found Alexa right off. Don't know why SpyBot didn't :(


T Barb

-{ Quote: " quoting: Tiger Barb link=board=21;threadid=5756;start=0#37904 date=1040951645]
Hi,

Just to let you know, d/l Ad-Aware and it found Alexa right off. Don't know why SpyBot didn't :(


T Barb

Hi,

What did it find ? The spyware or just a ref in the registry about a cookie referring to a MSN site which come back whenever you run a IE update ?




" }-

Spybot didn't find it because it's not spyware. It's a lone registry key that doesn't do anything and I truly wish Lavasoft would stop detecting it. No damage done deleting it however, except for the loss of the "Related Sites" feature.

The other detection is a deliberate false positive. Pest Patrol decided they didn't like the competition while a very large, so-far-unnamed company was looking to award a contract to one of a small list of spyware removers. So they started targeting this file and calling Spybot and Aluria trojan droppers. After several very stern warnings from Aluria and PepiMK, they changed their tone but still detect this file, although it's obvious there is no reason to.

I couldn't agree more.

Funnily enough, even Lavasoft itself doesn't consider it spyware... ;D

The official Lavasoft line:

"The Alexa key in and of itself is really quite harmless. The original thinking behind its addition to the target list was as a heads up to the user. It was added during the time of the Alexa lawsuit and might (?) become more if the user were to add the alexa tool bar. It will be reinstalled if you repair IE and/or upgrade. If this is a feature that the user wishes to keep, all they have to do is to add the key to their ignore list. If they removed it, restore from backup or use the IE repair tool. Removal of this key does not hamper the functionality of Internet Explorer and is easilly replaced."

TB - If you do delete the "CD_CLINT.DLL", and you're using KazaaLite, you'll be opening yourself up to tracking and possibly re-installation of Kazaa itself (with all its' attendant spyware).

Also, SBS&D contains the 'dummy' CLINT.DLL - see this thread http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi?s=3e0c50615234ffff;act=ST;f=28;t=470 for the explanation (and a rather interesting set of views and responses about its' use.

(I like "dummies").

-{ Quote: " quoting: Mike Healan link=board=21;threadid=5756;start=0#37974 date=1040987440]
Spybot didn't find it because it's not spyware. It's a lone registry key that doesn't do anything and I truly wish Lavasoft would stop detecting it. No damage done deleting it however, except for the loss of the "Related Sites" feature.

" }-

Hi Mike,

Right, in this occurence it's just a cookie which will be installed.

Alexa is also a spyware which comes with the Alexa bar,
Alexa is a free, ad-based product which installs itself into your Internet Explorer or Netscape browser. It ads a bar which has a series of links into your browser which gives quite a bit of information about each web page that you visit. For example, the contact information, related links, reviews of the site, traffic and some other information is displayed.

This spyware is found by Spybot Search and Destroy.

You may also keep the "Related Sites" feature suppressing this registry entry .

Just modify x:\WINDOWS\Web\related.htm with a text editor
the line referring to MSN with this one :

RelatedServiceURL="http://www.google.com/search?q=related:+";

Rgds,

Hi,

If I'm understanding all the above posts and other links, it seem to me that I've d/l a program and then replaced Cydoor with a dummy (God knows I didn't do it on purpose, have no idea how ???). Is there a way to find out which prog it is so I can change it......Also don't use KazaaLite, I use WinMX.......You guys and gals amaze me with how much you know...... :D :D

T Barb

TB - Do you use SBS&D?

Because if you do, the clint.dll you're seeing was placed there by SBS&D, and is nothing to worry about - it's a 'preventative' measure.

BTW, everyone, I was posting under the "Ghost" nic, but seeing as how someone registered that name (hmmm...), I decided to register under DarkStar.

So, any entries (posts) under "Ghost" (guest) were mine - any posts from here on out by "Ghost" (registered user) are not from me - I'll be posting as DarkStar from here on out.

-{ Quote: "In File: D:\Program Files\Spybot - Search & Destroy 1.0\spybotsd11.zip|
Spybot - Search & Destroy 1.1/Dummies/dummy.cd_clint.dll " }-
The dummy Cydoor file is included in Spybot as it uses it to keep an infected program working after the live Cydoor is removed.

Hi

Yes I run SBS&D, just want to make sure I'm doing nothing that could be consider wrong.........

T Barb