Which ID do you all want "BLASTED"?

What are you using that "ID's" you?

WMP is covered already - what are the other ones?

QuickTime?

RealOne?

What else?

Everything we come up with should be added to the ID-Blaster DB - maybe made selectable by checking boxes.

One suggestion I think needs to be implemented into the program is to automatically save all your original ID nos. by clicking a button and placing all nos. found into a special file in the ID-Blaster folder.

Come on, gang - let's finish this one up! Pete

 

AdTools, Inc. Spyware uses a GUID. It is located at:

HKEY_CURRENT_USER\Software\AdTools, Inc.\UserInfo\identifier

I will try to find others.

You know what would be the ultimate ID blast? If Id-Blaster could serve as a proxy and nail IDs on the fly. For example, automatically randomizing anything leaving your network that looks like a GUID. Or looking for the Get-Cookie command and automatically reassigning it a unique ID on it's way out. That can still FUBAR tracking even if the ID is encrypted since it's a random change anyway.
Just a thought.

 

Here are three:

AdTools, Inc. (MessageMates, etc.) spyware
HKEY_CURRENT_USER\Software\AdTools, Inc.\UserInfo\identifier

Format: #c#e##e#-###c-##d#-ba#c-###b##eff###


Opera 6.05 Browser (may work for 7)
HKEY_LOCAL_MACHINE\Software\Opera Software\Opera\Beanstalk\Standard\user_code

Format: a#c####################


VFlash (Nowbox) spyware
HKEY_CURRENT_USER\Software\ValueFlash\Messenger\CUID

Format: {#B#DC#C#-#A##-##D#-BA#D-B##A##DA#D##}

All are believed compatible with all OS'. Tested on Win 98SE.

 

Folks, I'm now keeping all the new IDs I find in a downloadable configuration file on the Updates page of my site at the link is below. That way people don't have to input this stuff manually. It's saved as Id-Blast.txt due to limitations with Geocities (they only allow files with certain extensions) so you must download it straight into your ID-Blaster folder and save it default.ini. Make sure when you save it, the box called Files of Type is set to All Files or Windoze will try to add a txt extension to it. Alternatively, you can download it wherever and manually change the name and place it with ID-Blaster if you wish.


I will continue to post notices of what I find. If a show of hands says to keep posting the specifics, I will, so those of you who want to add it to your existing default.ini file can continue to do so. I did find a new Nowbox ID recently and am constantly looking for more.

Sponge
Sponge's Anti-Spyware Source
www.geocities.com/yosponge
www.geocities.com/yosponge/updates.html

 

I'm very impressed - nice job!

And yes, please do keep posting about new items you find - I'm extremely interested.

Best regards,

-Javacool

 

The IntelliPoint 3 Product ID:

Compatible with the following operating systems: Windows 95/98/98SE/Me/NT4 SP3/2000 (not officially supported under WinXP, though I happen to use it on that platform with success.)

Top Level Registry Key: HKLM

Subkey: SOFTWARE\Microsoft\IntelliPoint\3.20\Registration

Value Name: ProductID

Value Type: String

Format: #####-###-#######-#####

 

In case anyone is still reading...

Name=BlackICE PC Protection GUID
MainKey=HKLM
SubKey=SOFTWARE\Agent
Value=guid
ValueType=S
Author=nameless
Description=BlackICE Agent GUID
Format={###D##C#-#EA#-#EB#-#E##-#CCC##E#####}
Win95=0
Win98=1
WinME=1
WinNT4=1
Win2000=1
WinXP=1
Enabled=1

One thing I have noticed is that IDs that use the (default) value take screwing around to make work... You have to close ID-Blaster Plus, then manually change the corresponding INI value to say "Value=" in order for it to work. And if you accidentally hit "Save List" after doing this, that entry is moved to the incompatible list.

In other words, there is no way to completely add (default) entries using the ID-Blaster Plus interface, because you can't leave the value field blank, and nothing else (like "n/a", or "(default)") works. The RealPlayer GUID is one example of this. Here is a snippet from the INI file:

Name=RealOne Player UID
MainKey=HKCU
SubKey=Software\RealNetworks\Preferences\UID
Value=
ValueType=S

This works, if you set "Value=" manually, but if you hit "Save List" in the ID-Blaster Plus interface, it gets screwed up.

Yet another thing... I've found a couple matching "MachineGUID" values that are native to Windows (2K and XP at least). One is under HKLM\...\Cryptography. I do not provide more details on this because I think that changing either or both of them can cause problems. I haven't played with them yet... Has anyone?

 

Oh, we're all still quite interested here, nameless.

I haven't taken the time to do so (for which I apologize) but I'd like to say "thank you" for the time and effort you're putting in on this - it is appreciated! Pete

 

More IDs - they are in the file on my Updates page, but here ya go if you want to enter them manually. All of them apply to all versions of Windows, except ShopNAV, which I think isn't compatable with Win95 or NT4.

Name=ShopNAV
MainKey=HKLM
SubKey=Software\Srng
Value=pcid
ValueType=S
Author=Sponge
Description=Spoofs the UUID (PCID) of the ShopNAV spyware
Format=####################
Win95=0
Win98=1
WinME=1
WinNT4=0
Win2000=1
WinXP=1
Enabled=1


Name=WildTangent
MainKey=HKLM
SubKey=Software\WildTangent\GameChannel
Value=uguid
ValueType=S
Author=Sponge
Description=Munges WildTangent game GUIDs
Format=######C#-###E-##D#-BA#F-E##C###CF##F
Win95=1
Win98=1
WinME=1
WinNT4=1
Win2000=1
WinXP=1
Enabled=1


Name=AWS/WeatherBug Setup ID
MainKey=HKCU
SubKey=Software\AWS\Weather\Setup
Value=UserName
ValueType=S
Author=Sponge
Description=Bobbles WeatherBug Setup user name
Format=`##qoi'KrrI{#
Win95=1
Win98=1
WinME=1
WinNT4=1
Win2000=1
WinXP=1
Enabled=1


Name=eAcceleration spoof
MainKey=HKCR
SubKey=MSEaid.Gd\GLSID
Value=n/a
ValueType=S
Author=Sponge
Description=Spoofs the eAcceleration GUID (unconfirmed). May cause eAcceleration to stop working. (Good!)
Format=###ba####ec###d#ba#cde###b##ab##
Win95=1
Win98=1
WinME=1
WinNT4=1
Win2000=1
WinXP=1
Enabled=1

 

Ahah - now there's something I simply didn't plan for when I originally wrote the program. (Silly oversight I suppose).

At least there's a manual workaround at the moment - I'll see what I can do otherwise.

No, I haven't tried playing with those. And I fear you may be correct - changing them may not be a good idea. If I have a chance (I've been very busy lately) I may be able to try sacrificing a test machine to see what changing them will do.

Best regards,

-Javacool