Items found in Pest Patrol

Discussion in 'privacy problems' started by Tiger_Barb, Dec 26, 2002.

Thread Status:
Not open for further replies.
  1. Tiger_Barb

    Tiger_Barb Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    61
    Hi everyone,

    I d/l the eval copy of P Patrol, and it found the following:

    "",Pest,Pest Info,File Info,""
    1,Alexa,Category: Adware Description: Tracks usage.
    Collects personal info. Still live.
    Source: here?tag=st.cu.cu_ad.txt.1200-20-884830
    See here Release Date: 1/19/2001 ,
    In Registry: HKEY_LOCAL_MACHINE\software\microsoft
    \internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ ,""

    2,Cexx CD_CLINT.DLL,"Category: Misc Description:
    Replacement DLL for Cydoor adware. from the doc:
    'These dummy files are drop-in replacements for Cydoor spyware modules
    that may be violating your privacy. These allow you to continue using
    a spyware-dependent program (e.g. Drug Dealer Ware) without worrying
    about unwanted connections being made behind your back. The dummy files
    can also be used without ad-supported software, to prevent such spyware
    files from being installed in the future.'
    Author: Cexx.org Release Date: 4/21/2002 ",
    In File: D:\Program Files\Spybot - Search & Destroy 1.0\spybotsd11.zip|
    Spybot - Search & Destroy 1.1/Dummies/dummy.cd_clint.dll PVT: 1976837440
    MD5: d41d8cd98f00b204e9800998ecf8427e File Analysis:
    Look up with MD5 (recommended) or PVT. ,""

    3,Cexx CD_CLINT.DLL,"Category: Misc Description:
    Replacement DLL for Cydoor adware. from the doc: 'These dummy files are
    drop-in replacements for Cydoor spyware modules that may be violating
    your privacy. These allow you to continue using a spyware-dependent
    program (e.g. Drug Dealer Ware) without worrying about unwanted connections
    being made behind your back. The dummy files can also be used without
    ad-supported software, to prevent such spyware files from being installed
    in the future.' Author: Cexx.org Release Date: 4/21/2002 ","
    In File: D:\Program Files\Spybot - Search & Destroy 1.0\Spybot -
    Search & Destroy 1.1\Dummies\dummy.cd_clint.dll PVT: 1976837440
    MD5: 65fd7ea79f626f7b57f4d6ced6339f32 Size: 48,640 Date: 10/11/02
    Company Name: CEXX Labs - www.cexx.org File Description: DLL (GUI)
    File Version: 1.0.0.0 Internal Name: ProjectOne Legal Copyright:
    CEXX Labs + Mike Dombrowski Original Filename: project1.dll
    Product Name: CEXX.ORG Spyware Condom (CYDOOR-Compatible) Product Version:
    1.0.0.0 File Analysis: Look up with MD5 (recommended) or PVT. ",""

    4,Cexx CD_CLINT.DLL,"Category: Misc Description: Replacement DLL for
    Cydoor adware. from the doc: 'These dummy files are drop-in replacements
    for Cydoor spyware modules that may be violating your privacy. These allow
    you to continue using a spyware-dependent program (e.g. Drug Dealer Ware)
    without worrying about unwanted connections being made behind your back.
    The dummy files can also be used without ad-supported software, to prevent
    such spyware files from being installed in the future.' Author: Cexx.org
    Release Date: 4/21/2002 ",In File: D:\Setup-Zip\spybotsd10.niaswiss.zip|
    Spybot - Search & Destroy 1.0/Dummies/dummy.cd_clint.dll PVT: 1976837440
    MD5: d41d8cd98f00b204e9800998ecf8427e File Analysis: Look up with MD5
    (recommended) or PVT. ,""

    I'm just wondering what program (that's for free, tight on the money right now) I can use to get rid of them......as you can see I use Spybot, Internet Sweeper and Window Washer........

    T Barb
     
  2. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi,

    For Alexa, Spybot Search And Destroy or Ad-Aware for instance.

    Cexx CD_CLINT.DLL don't delete it : it's a fake to cheat
    de spyware Cydoor and use the program(s) which install(s)
    it and keep on running it (them) without phoning home.

    For instance Kazaa, Babylon, etc...

    Rgds,

    JacK
     
  3. Tiger_Barb

    Tiger_Barb Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    61
    Thanks JacK,

    I am using Spybot Search And Destroy and it won't find it....took Ad-aware off my system(waiting for the new one) guess I d/l the old one and run it again.....


    T Barb
     
  4. Tiger_Barb

    Tiger_Barb Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    61
    Hi,

    Just to let you know, d/l Ad-Aware and it found Alexa right off. Don't know why SpyBot didn't :(


    T Barb
     
  5. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
     
  6. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    Spybot didn't find it because it's not spyware. It's a lone registry key that doesn't do anything and I truly wish Lavasoft would stop detecting it. No damage done deleting it however, except for the loss of the "Related Sites" feature.

    The other detection is a deliberate false positive. Pest Patrol decided they didn't like the competition while a very large, so-far-unnamed company was looking to award a contract to one of a small list of spyware removers. So they started targeting this file and calling Spybot and Aluria trojan droppers. After several very stern warnings from Aluria and PepiMK, they changed their tone but still detect this file, although it's obvious there is no reason to.
     
  7. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    I couldn't agree more.

    Funnily enough, even Lavasoft itself doesn't consider it spyware... :D

    The official Lavasoft line:

    "The Alexa key in and of itself is really quite harmless. The original thinking behind its addition to the target list was as a heads up to the user. It was added during the time of the Alexa lawsuit and might (?) become more if the user were to add the alexa tool bar. It will be reinstalled if you repair IE and/or upgrade. If this is a feature that the user wishes to keep, all they have to do is to add the key to their ignore list. If they removed it, restore from backup or use the IE repair tool. Removal of this key does not hamper the functionality of Internet Explorer and is easilly replaced."
     
  8. Ghost

    Ghost Guest

  9. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi Mike,

    Right, in this occurence it's just a cookie which will be installed.

    Alexa is also a spyware which comes with the Alexa bar,
    Alexa is a free, ad-based product which installs itself into your Internet Explorer or Netscape browser. It ads a bar which has a series of links into your browser which gives quite a bit of information about each web page that you visit. For example, the contact information, related links, reviews of the site, traffic and some other information is displayed.

    This spyware is found by Spybot Search and Destroy.

    You may also keep the "Related Sites" feature suppressing this registry entry .

    Just modify x:\WINDOWS\Web\related.htm with a text editor
    the line referring to MSN with this one :

    RelatedServiceURL="http://www.google.com/search?q=related:+";

    Rgds,
     
  10. Tiger_Barb

    Tiger_Barb Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    61
    Hi,

    If I'm understanding all the above posts and other links, it seem to me that I've d/l a program and then replaced Cydoor with a dummy (God knows I didn't do it on purpose, have no idea how o_O). Is there a way to find out which prog it is so I can change it......Also don't use KazaaLite, I use WinMX.......You guys and gals amaze me with how much you know...... :D :D

    T Barb
     
  11. DarkStar

    DarkStar Guest

    TB - Do you use SBS&D?
     
  12. DarkStar

    DarkStar Guest

    Because if you do, the clint.dll you're seeing was placed there by SBS&D, and is nothing to worry about - it's a 'preventative' measure.

    BTW, everyone, I was posting under the "Ghost" nic, but seeing as how someone registered that name (hmmm...), I decided to register under DarkStar.

    So, any entries (posts) under "Ghost" (guest) were mine - any posts from here on out by "Ghost" (registered user) are not from me - I'll be posting as DarkStar from here on out.
     
  13. William

    William Guest

    The dummy Cydoor file is included in Spybot as it uses it to keep an infected program working after the live Cydoor is removed.
     
  14. Tiger_Barb

    Tiger_Barb Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    61
    Hi

    Yes I run SBS&D, just want to make sure I'm doing nothing that could be consider wrong.........

    T Barb
     
Thread Status:
Not open for further replies.