Which ID do you all want "BLASTED"?

Discussion in 'FileChecker & ID-Blaster Forum' started by spy1, Jan 29, 2003.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    What are you using that "ID's" you?

    WMP is covered already - what are the other ones?

    QuickTime?

    RealOne?

    What else?

    Everything we come up with should be added to the ID-Blaster DB - maybe made selectable by checking boxes.

    One suggestion I think needs to be implemented into the program is to automatically save all your original ID nos. by clicking a button and placing all nos. found into a special file in the ID-Blaster folder.

    Come on, gang - let's finish this one up! Pete
     
  2. sponge

    sponge Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    6
    AdTools, Inc. Spyware uses a GUID. It is located at:

    HKEY_CURRENT_USER\Software\AdTools, Inc.\UserInfo\identifier

    I will try to find others.

    You know what would be the ultimate ID blast? If Id-Blaster could serve as a proxy and nail IDs on the fly. For example, automatically randomizing anything leaving your network that looks like a GUID. Or looking for the Get-Cookie command and automatically reassigning it a unique ID on it's way out. That can still FUBAR tracking even if the ID is encrypted since it's a random change anyway.
    Just a thought.
     
  3. sponge

    sponge Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    6
    Here are three:

    AdTools, Inc. (MessageMates, etc.) spyware
    HKEY_CURRENT_USER\Software\AdTools, Inc.\UserInfo\identifier

    Format: #c#e##e#-###c-##d#-ba#c-###b##eff###


    Opera 6.05 Browser (may work for 7)
    HKEY_LOCAL_MACHINE\Software\Opera Software\Opera\Beanstalk\Standard\user_code

    Format: a#c####################


    VFlash (Nowbox) spyware
    HKEY_CURRENT_USER\Software\ValueFlash\Messenger\CUID

    Format: {#B#DC#C#-#A##-##D#-BA#D-B##A##DA#D##}

    All are believed compatible with all OS'. Tested on Win 98SE. :D
     
  4. sponge

    sponge Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    6
    Folks, I'm now keeping all the new IDs I find in a downloadable configuration file on the Updates page of my site at the link is below. That way people don't have to input this stuff manually. It's saved as Id-Blast.txt due to limitations with Geocities (they only allow files with certain extensions) so you must download it straight into your ID-Blaster folder and save it default.ini. Make sure when you save it, the box called Files of Type is set to All Files or Windoze will try to add a txt extension to it. Alternatively, you can download it wherever and manually change the name and place it with ID-Blaster if you wish.


    I will continue to post notices of what I find. If a show of hands says to keep posting the specifics, I will, so those of you who want to add it to your existing default.ini file can continue to do so. I did find a new Nowbox ID recently and am constantly looking for more.

    Sponge
    Sponge's Anti-Spyware Source
    www.geocities.com/yosponge
    www.geocities.com/yosponge/updates.html
     
  5. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    I'm very impressed - nice job!

    And yes, please do keep posting about new items you find - I'm extremely interested.

    Best regards,

    -Javacool
     
  6. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    The IntelliPoint 3 Product ID:

    Compatible with the following operating systems: Windows 95/98/98SE/Me/NT4 SP3/2000 (not officially supported under WinXP, though I happen to use it on that platform with success.)

    Top Level Registry Key: HKLM

    Subkey: SOFTWARE\Microsoft\IntelliPoint\3.20\Registration

    Value Name: ProductID

    Value Type: String

    Format: #####-###-#######-#####
     
  7. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    In case anyone is still reading...

    Name=BlackICE PC Protection GUID
    MainKey=HKLM
    SubKey=SOFTWARE\Agent
    Value=guid
    ValueType=S
    Author=nameless
    Description=BlackICE Agent GUID
    Format={###D##C#-#EA#-#EB#-#E##-#CCC##E#####}
    Win95=0
    Win98=1
    WinME=1
    WinNT4=1
    Win2000=1
    WinXP=1
    Enabled=1

    One thing I have noticed is that IDs that use the (default) value take screwing around to make work... You have to close ID-Blaster Plus, then manually change the corresponding INI value to say "Value=" in order for it to work. And if you accidentally hit "Save List" after doing this, that entry is moved to the incompatible list.

    In other words, there is no way to completely add (default) entries using the ID-Blaster Plus interface, because you can't leave the value field blank, and nothing else (like "n/a", or "(default)") works. The RealPlayer GUID is one example of this. Here is a snippet from the INI file:

    Name=RealOne Player UID
    MainKey=HKCU
    SubKey=Software\RealNetworks\Preferences\UID
    Value=
    ValueType=S

    This works, if you set "Value=" manually, but if you hit "Save List" in the ID-Blaster Plus interface, it gets screwed up.

    Yet another thing... I've found a couple matching "MachineGUID" values that are native to Windows (2K and XP at least). One is under HKLM\...\Cryptography. I do not provide more details on this because I think that changing either or both of them can cause problems. I haven't played with them yet... Has anyone?
     
  8. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Oh, we're all still quite interested here, nameless.

    I haven't taken the time to do so (for which I apologize) but I'd like to say "thank you" for the time and effort you're putting in on this - it is appreciated! Pete
     
  9. sponge

    sponge Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    6
    More IDs - they are in the file on my Updates page, but here ya go if you want to enter them manually. All of them apply to all versions of Windows, except ShopNAV, which I think isn't compatable with Win95 or NT4.

    Name=ShopNAV
    MainKey=HKLM
    SubKey=Software\Srng
    Value=pcid
    ValueType=S
    Author=Sponge
    Description=Spoofs the UUID (PCID) of the ShopNAV spyware
    Format=####################
    Win95=0
    Win98=1
    WinME=1
    WinNT4=0
    Win2000=1
    WinXP=1
    Enabled=1


    Name=WildTangent
    MainKey=HKLM
    SubKey=Software\WildTangent\GameChannel
    Value=uguid
    ValueType=S
    Author=Sponge
    Description=Munges WildTangent game GUIDs
    Format=######C#-###E-##D#-BA#F-E##C###CF##F
    Win95=1
    Win98=1
    WinME=1
    WinNT4=1
    Win2000=1
    WinXP=1
    Enabled=1


    Name=AWS/WeatherBug Setup ID
    MainKey=HKCU
    SubKey=Software\AWS\Weather\Setup
    Value=UserName
    ValueType=S
    Author=Sponge
    Description=Bobbles WeatherBug Setup user name
    Format=`##qoi'KrrI{#
    Win95=1
    Win98=1
    WinME=1
    WinNT4=1
    Win2000=1
    WinXP=1
    Enabled=1


    Name=eAcceleration spoof
    MainKey=HKCR
    SubKey=MSEaid.Gd\GLSID
    Value=n/a
    ValueType=S
    Author=Sponge
    Description=Spoofs the eAcceleration GUID (unconfirmed). May cause eAcceleration to stop working. (Good!)
    Format=###ba####ec###d#ba#cde###b##ab##
    Win95=1
    Win98=1
    WinME=1
    WinNT4=1
    Win2000=1
    WinXP=1
    Enabled=1

    :)
     
  10. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Ahah - now there's something I simply didn't plan for when I originally wrote the program. (Silly oversight I suppose).

    At least there's a manual workaround at the moment - I'll see what I can do otherwise. :)

    No, I haven't tried playing with those. And I fear you may be correct - changing them may not be a good idea. If I have a chance (I've been very busy lately) I may be able to try sacrificing a test machine to see what changing them will do.

    Best regards,

    -Javacool
     
Thread Status:
Not open for further replies.