Re: Acer puts Active X hole on laptops in Security

Re: Acer puts Active X hole on laptops in Security http://www.dslreports.com/forum/r17610488 en Fri, 04 Dec 2009 22:58:15 EDT Fri, 04 Dec 2009 22:58:15 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17635401 dancy70 : I have an Acer Aspire 3000 series as a 2nd laptop and, sure enough, LunchApp was there. It tried to get the fix from Acer, but the site was really bogged down, or something, but the recommendation in one of the links listed on this board to deactivate the control by going to Tools - Internet Options - Programs - Manage Add-ons worked nicely. Since I use FF on all of my computers and use IE only for updates, it probably would have gone unnoticed for a few more years (I have had the computer now for over a year) but for this board.

It is interesting that a search for LunchApp, LApp, etc., even using the additional "fuzzy" options presented by Acer returned no documents :)

TKU - Dan]]> http://www.dslreports.com/forum/remark,17635401 Sat, 13 Jan 2007 16:34:01 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17626718 mers2 : Patched here without a problem as well. ]]> http://www.dslreports.com/forum/remark,17626718 Fri, 12 Jan 2007 02:16:31 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17626595 La Luna : Ahh well, all patched.

Now I can sleep tonight. :D]]> http://www.dslreports.com/forum/remark,17626595 Fri, 12 Jan 2007 01:33:19 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17625381 javaMan :

said by jdong

:

Someone posted on Digg a counter-attack that uses the exploit to unregister the exploitable ActiveX OCX :)

How ironic. :)
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20]]> http://www.dslreports.com/forum/remark,17625381 Thu, 11 Jan 2007 21:47:03 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17625362 jdong : Someone posted on Digg a counter-attack that uses the exploit to unregister the exploitable ActiveX OCX :)
--
UbuntuForums Administrator: try Ubuntu Linux]]> http://www.dslreports.com/forum/remark,17625362 Thu, 11 Jan 2007 21:44:19 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17624971 javaMan :

said by jabarnut

:

. . .

Of course, now that it *is* well known, I sure hope everyone is able to patch their machines before the 'bad guys' (who also know about it now), start having some fun.

LOL That was exactly my thought when I first read the article.
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20]]> http://www.dslreports.com/forum/remark,17624971 Thu, 11 Jan 2007 20:39:49 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17624952 jabarnut :

said by javaMan

:

...I think in reading about it there was a note somewhere that mentioned that it wasn't even being used anymore and apparently no one had bothered to follow up and remove it....

Yes, that's my take on this.

I really don't think there was any malicious intent way back when this poorly designed 'feature' was implemented, and it just sort of slipped through the cracks over the years.
In fact, it may have actually been thought useful or even 'innovative' at the time. :hmm:
(I don't recall too many people preaching about the dangers of ActiveX back then).

As shown, this has apparently been around since at least 1998 or earlier...10 or more years ago, yet it is only just now circulating around the web.

With a security hole as big as this one, you can be sure we would have heard of some serious problems (and a fix) long before now, had anyone been aware of it.

Of course, now that it *is* well known, I sure hope everyone is able to patch their machines before the 'bad guys' (who also know about it now), start having some fun.
--
I had a life once.....now I have a Computer and a Modem.]]> http://www.dslreports.com/forum/remark,17624952 Thu, 11 Jan 2007 20:37:18 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17624806 FiL : stupid Acer...]]> http://www.dslreports.com/forum/remark,17624806 Thu, 11 Jan 2007 20:16:12 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17624520 La Luna :

said by sharpy merc

said by La Luna

:

I'm glad they at least patched this pretty quickly, once they were alerted to it.

What do you mean alerted to it. They put it on the bloody thing in the first place!

Kinda like "oops we forgot...Sorry people our bad."

more like " Oh crap we got caught!"

Tinfoil anyone?

Please read the article. :uhh:
--
~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~

]]> http://www.dslreports.com/forum/remark,17624520 Thu, 11 Jan 2007 19:36:11 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17624327 javaMan :

said by sharpy merc

said by La Luna

:

I'm glad they at least patched this pretty quickly, once they were alerted to it.

What do you mean alerted to it. They put it on the bloody thing in the first place!

Kinda like "oops we forgot...Sorry people our bad."

more like " Oh crap we got caught!"

I think in reading about it there was a note somewhere that mentioned that it wasn't even being used anymore and apparently no one had bothered to follow up and remove it. It was just being installed for no reason other than to serve as a possible vector for disastrous abuse. :(
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20]]> http://www.dslreports.com/forum/remark,17624327 Thu, 11 Jan 2007 19:03:47 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17624227 sharpy merc :

said by La Luna

:

I'm glad they at least patched this pretty quickly, once they were alerted to it.

What do you mean alerted to it. They put it on the bloody thing in the first place!

Kinda like "oops we forgot...Sorry people our bad."

more like " Oh crap we got caught!"]]> http://www.dslreports.com/forum/remark,17624227 Thu, 11 Jan 2007 18:45:45 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17624064 La Luna :

said by javaMan

said by La Luna

:

. . .

This appears to be more of an error on their part, rather than a purposeful "malware" install.

Well, I think most of us already knew about ActiveX vulnerabilities (didn't we? :D ).

I'm glad they at least patched this pretty quickly, once they were alerted to it.
--
~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~

]]> http://www.dslreports.com/forum/remark,17624064 Thu, 11 Jan 2007 18:19:07 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17623692 javaMan :

said by jdong

:

. . .

The hidden story I think is, lots of OEM's are bundling support apps that are meant to be used by tech support to take control of your computer to assist you, with permission. How safe are these implementations? ;-)

And it doesn't help when you have Dumb and Dumber doing your implementations. This was an especially ill conceived idea on someones part and it makes one wonder how many other bad ideas are lurking on OEM machines.
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20]]> http://www.dslreports.com/forum/remark,17623692 Thu, 11 Jan 2007 17:12:41 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17623572 jdong : This is indeed a serious hole if exploitable (i.e. if one is using an ActiveX enabled browser with default security settings) -- it can be used to execute any command on behalf of the user. It can easily be modified to delete/format drives or files accessible by the user (in all cases, their Documents folder, in some cases, USB pen drive, hard drive, etc).

It can also be used to launch FTP.exe with a text script that downloads more exploits to run.

The current proof-of-concept is used to just launch calc.exe, but you can replace that call with any other command -- anything that your start->run dialog can do, this can do!

The hidden story I think is, lots of OEM's are bundling support apps that are meant to be used by tech support to take control of your computer to assist you, with permission. How safe are these implementations? ;-)
--
UbuntuForums Administrator: try Ubuntu Linux]]> http://www.dslreports.com/forum/remark,17623572 Thu, 11 Jan 2007 16:54:11 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17623422 Name Game : As a side note I did find info that there were programs installed by ACER that are in the add/remove and this other info on some of their functions..but could not tell you effect on the laptops if you removed them.

**********************************

»www.acer.co.th/product/travelmat···ager.htm

»forum.ccleaner.com/index.php?showtopic=8129

found in add/remove programs
Acer eManager for Notebook
Acer ePowerManagement
Acer GridVista

lmanager.exe is a process associated with Acer Launch Manager from Dritek System Inc..

U Launchboard lnchbrd.exe "LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions"
U LaunchApp Alaunch.exe Acer Launch tool utility on laptops
U LaunchAp LaunchAp.exe Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610

Author: Dritek System Inc.
Part Of: Acer Launch Manager

LManager.exe file information
The process Acer Launch Manager Keyboard Application belongs to the software Acer Launch Manager by Dritek System Inc (www.dritek.com.tw).

Description: File LManager.exe is located in a subfolder of "C:\Program Files". Known file sizes on Windows XP are 495616 bytes (50% of all occurrence), 483328 bytes, 471040 bytes.
There is an icon for this program on the taskbar next to the clock. It is not a Windows system file. Therefore the technical security rating is 24% dangerous.

Important: Some malware camouflage themselves as LManager.exe, particularly if they are located in c:\windows or c:\windows\system32 folder.

COMMENTS: A Windows 2000/XP Service Program for Acer eManager
COMPANY NAME: OSA Technologies Inc.
FILE ATTRIBUTES: Archive
FILE DESCRIPTION: Service Program for Acer eManager
FILE FOLDER: %ROOT%\acer\emanager
FILE NAME: anbmserv.exe
FILE SIZE: 1,287,168 KB
FILE VERSION: 3.0.5.8
LEGAL COPYRIGHT: Acer Inc. (c) 2004
LEGAL TRADEMARKS: Acer Empowering Technology
MD5 SIGNATURE: c10d0fae427ea464edea2ee5dc40f056
PRODUCT NAME: Acer eManager for Notebook
PRODUCT VERSION: 1.0
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17623422 Thu, 11 Jan 2007 16:28:41 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17623411 Eldritch0 : What do you expect from a manufacturer that puts out laptops with FAT32 and not NTFS? We deal with Acer laptops all the time. If I can get my hands on one sometime soon I'll look into this ActiveX hole.
--
"I hate to advocate drugs, alcohol, violence, or insanity to anyone, but they've always worked for me."-H.S. Thompson
Fact: Performing fellatio relieves menstrual cramps.]]> http://www.dslreports.com/forum/remark,17623411 Thu, 11 Jan 2007 16:26:38 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17622932 javaMan :

said by La Luna

:

. . .

This appears to be more of an error on their part, rather than a purposeful "malware" install.

Certainly true but it does demonstrate the vulnerability inherent in ActiveX. Well, maybe not so much ActiveX as the trustworthiness of the those who use it. Which, in the end, is perhaps really the same thing.
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20]]> http://www.dslreports.com/forum/remark,17622932 Thu, 11 Jan 2007 15:10:21 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17622753 La Luna :

said by severach

:

You can make your own disk for any brand. You only need to run that infested OEM install just long enough to grab a few things. My Acer doesn't have that malware.

»www.msfn.org/board/index.php?showtopic=63258

Comparatively speaking, Acer puts a lot less crap on their OEM's than many other brands. They didn't even pre-install Norton AV that came with mine, like so many others do.

This appears to be more of an error on their part, rather than a purposeful "malware" install.
--
~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~

]]> http://www.dslreports.com/forum/remark,17622753 Thu, 11 Jan 2007 14:43:41 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17622667 La Luna :

said by koocho :

Acer have a patch up on their sites
here

Yes, we know. ;)

said by fatness :
Update:
Meanwhile Acer provides an official security patch to remedy this problem.

--
~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~

]]> http://www.dslreports.com/forum/remark,17622667 Thu, 11 Jan 2007 14:32:18 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17622317 severach : You can make your own disk for any brand. You only need to run that infested OEM install just long enough to grab a few things. My Acer doesn't have that malware.

»www.msfn.org/board/index.php?showtopic=63258]]> http://www.dslreports.com/forum/remark,17622317 Thu, 11 Jan 2007 13:44:27 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17622045 anon : Acer have a patch up on their sites
here]]> http://www.dslreports.com/forum/remark,17622045 Thu, 11 Jan 2007 13:00:19 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17621312 jabarnut : Finally had a chance to test my Acer 5102, and the LunchApp.ocx did in fact reside in my Windows\System Folder.

And dated 1998 just like the original link by Tan Chew Keong:
»vuln.sg/acerlunchapp-en.html

I generally use Opera, but I tested it with IE7 and simply got a warning that it wanted to run.
And the simple test to launch Calc.exe (or any other .exe for that matter), is so simple it's downright scary.

Anyway, I played around with mine before I came back to this thread, so I didn't see the 'patch' offered by Acer until now.

Instead, I unregistered the file and then removed it as suggested in yet another article/'test' page that I came across.
»www.futt.org/?p=97#more-97

No adverse effects, and of course, no more 'warnings' on the test pages.

The only thing I haven't done yet is what was suggested in the last sentence of the above article:

quote:
Next, you should make one angry phone call to Acer for screwing you over like that...

;)

--
I had a life once.....now I have a Computer and a Modem.]]> http://www.dslreports.com/forum/remark,17621312 Thu, 11 Jan 2007 10:48:59 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17621209 Derspankster :

said by koma3504

:

One more reason Oem manufacutures need to be forced to provide 3 things.
1. Windows Hologram CD
2. Driver CD
3. Software CD {IE all the trash programs that are forced on ya IE Nortan et..... to be in complience with there contracts.}

LIke it used to be back in the day.

Absolutely! But, how to make it happen? The only OEM machine I own is my laptop. If I could have built my own laptop, I would have. The only software that came with my Acer laptop were the 'restore' disks. Now, why would I want to restore it to the sorry state that it was shipped?
--
I thought I made a mistake once but I was wrong]]> http://www.dslreports.com/forum/remark,17621209 Thu, 11 Jan 2007 10:28:46 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17621052 koma3504 : One more reason Oem manufacutures need to be forced to provide 3 things.
1. Windows Hologram CD
2. Driver CD
3. Software CD {IE all the trash programs that are forced on ya IE Nortan et..... to be in complience with there contracts.}

LIke it used to be back in the day.
--
† Koma †
If YOu Don't Think It's Possable!! It's Acually A Reality!! The best way to predict the future is to invent it. Alan Kay!!
Ya Don't Know The signal Till Ya Ride It!!
Voice Break's There's Trouble!!]]> http://www.dslreports.com/forum/remark,17621052 Thu, 11 Jan 2007 10:01:44 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17620593 captokita : Good grief. I'll have to grab that patch fatness posted.

Can you just uninstall the backweb-type stuff completely? I don't need, or really want, my laptop calling home to Acer (or anyone) for anything. ]]> http://www.dslreports.com/forum/remark,17620593 Thu, 11 Jan 2007 08:24:00 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17620472 Derspankster : Thanks for the post and link. I just downloaded and ran the patch.
--
I thought I made a mistake once but I was wrong]]> http://www.dslreports.com/forum/remark,17620472 Thu, 11 Jan 2007 07:45:41 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17620364 lilhurricane : Thanks for posting that

I executed it on my laptop last evening..with no problems to report at all.]]> http://www.dslreports.com/forum/remark,17620364 Thu, 11 Jan 2007 06:48:04 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17619999 mers2 :
said by La Luna :

Thank you fatness !

*sigh*

Guess I have to get this patch for my laptop. Has anyone looked at it yet? After unzipping, then what? I'm not on the laptop so I haven't downloaded it yet.

Just downloaded it and checked the zip file. It's a single executable. "AcerAppFix.exe" which I haven't run yet. Will wait til after I'm done hosting the updates sticky tomorrow before updating in case it screws something up.
--
Team Discovery
]]> http://www.dslreports.com/forum/remark,17619999 Thu, 11 Jan 2007 02:57:44 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17619854 La Luna : Thank you fatness !

*sigh*

Guess I have to get this patch for my laptop. Has anyone looked at it yet? After unzipping, then what? I'm not on the laptop so I haven't downloaded it yet.]]> http://www.dslreports.com/forum/remark,17619854 Thu, 11 Jan 2007 01:57:44 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17619428 vircotto : Thanks, fatness, for that link. (I couldn't find this on Acer's Pan-American site and now sections of that support site are generating ColdFusion errors when I try to view them.) I didn't think to look at their Euro site!

And thanks to the others, and esp. NG for being critical (in the good way!) and courteous.]]> http://www.dslreports.com/forum/remark,17619428 Wed, 10 Jan 2007 23:53:08 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17618161 fatness : »www.heise-security.co.uk/news/83426

quote:
Update:
Meanwhile Acer provides an official security patch to remedy this problem.

--
Me, I want a hula hoop..]]> http://www.dslreports.com/forum/remark,17618161 Wed, 10 Jan 2007 20:13:02 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17617515 Name Game :
said by Blackbird :

said by Name Game :

Ok I owe you all a free lunch :o do you want that breaded or raw.ocx :D
Thanks, but I'll have to pass on mine... for some time, I've been on an ActiveX-free diet. ;)

That's a relief..would not want anyone to launch their lunch all over the thread..thanks again to all those who helped make DSLR security forum once again a place where you can sort out fact from friction. ;)
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17617515 Wed, 10 Jan 2007 18:27:00 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17617478 Blackbird :
said by Name Game :

Ok I owe you all a free lunch :o do you want that breaded or raw.ocx :D
Thanks, but I'll have to pass on mine... for some time, I've been on an ActiveX-free diet. ;)
--
If God wanted us to work with electrons, He'd make them big enough to see...]]> http://www.dslreports.com/forum/remark,17617478 Wed, 10 Jan 2007 18:20:25 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17617443 Name Game : Ok I owe you all a free lunch :o do you want that breaded or raw.ocx :D
]]> http://www.dslreports.com/forum/remark,17617443 Wed, 10 Jan 2007 18:14:10 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17617393 Blackbird : Those with Acer computers might wish to check out this link to Heise Security:
»www.heise-security.co.uk/news/83426

"Many Acer laptops have a dangerous backdoor, which can be used by websites to gain complete control over the laptop. The problem lies with the LunchApp.APlunch Active X control, which is installed by default and which heise Security found on all the Acer laptops it tested, including a brand new TravelMate, which happened to be in the c't editorial suite for testing. Visiting a test website, which was easily set up, started the Windows calculator on this system without user interaction.

The control, with class ID D9998BD0-7957-11D2-8FED-00606730D3AA, is marked as safe for scripting by the manufacturer, so that any website can call it and control it using JavaScript. Using the Run method, it would be possible to launch any program on the system at will, and even pass parameters to programs it is launching. ..."

Apparently, it's possibly been on Acer laptops dating to 1998.

"Even an Acer rep admitted to heise Security that it looked as if it had simply been forgotten. Removing it does not cause any loss of performance on the system tested."
--
If God wanted us to work with electrons, He'd make them big enough to see...]]> http://www.dslreports.com/forum/remark,17617393 Wed, 10 Jan 2007 18:07:23 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17617377 tomazyk : I found this active-x control on my laptop. It's not on my IE7 list of used addons and active- x controls so I guess I don't need it. Just to be on a safe side I will rename the file, if acer would need that control it would probably ask me to download it. So no harm done.]]> http://www.dslreports.com/forum/remark,17617377 Wed, 10 Jan 2007 18:05:23 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17617129 lilhurricane : Aye..it's on my Acer :huh:]]> http://www.dslreports.com/forum/remark,17617129 Wed, 10 Jan 2007 17:26:11 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17617107 Cudni : from
»www.securityfocus.com/brief/404
"..
Computer maker Acer has shipped its notebook computers with an ActiveX control that lets any Web site install software on the machine, security researchers warned this week.

The ActiveX control--named LunchApp.ocx--appears to be a way for the company to easily update customer laptops, but also allows others to do the same thing, antivirus firm F-Secure stated in a blog post on Tuesday. The security problem, first discovered in November by security researcher Tan Chew Keong, was confirmed by antivirus F-Secure.
.."

Cudni
--
Some are born to failure, others achieve it, all deserve it.
Help yourself so God can help you.
MVP, Microsoft Windows Security 2006]]> http://www.dslreports.com/forum/remark,17617107 Wed, 10 Jan 2007 17:22:47 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17614582 Owlbet :
said by Name Game :

My advice to anyone who buys a new PC or laptop especially some of those Dell's :D would be to wipe it clean, reformat the whole drive and then have a tech reinstall the OS..nowdays all those "manufactures" put so much junk on the machine you are really buying a can of spam and junk third party proggies..unstable machines..and not just the hardware. No user will ever be in full control of the machine until the do.
said by jansson_mark :

Unfortunally some manufactorers/resellers do NOT provide you with clean install XP cdroms, but rather their OWN restore cdroms...or in some cases simply some bizarre "recovery feature" (like hidden image stored in unpartitioned hdd space) that can only be activated with some bizarre programX inside the computer. This sucks. Really.

All what I want from manufactorer is XP:s install cdrom and possibly the drivers disk (or simply mentions about what drivers are needed). Thats all I need.
I learned long ago to order recovery CDs when purchasing computers from Dell. I've also purchased computers "off the shelf" from Wal*Mart.

HP (Hewlett Packard) is the worse for loading it's junk on the same CD as the operating system. I've had the misfortune of owning two HP OEM computers and both recovery CDs included Back Web, AOL Free Trial Offers, etc. This useless garbage is reinstalled when the operating system is reinstalled.

Dell, however, only includes the operating system on their Recovery CD and none of the Dell-branded junk. Drivers are on another CD. In September, I purchased another Dell computer and even before that computer ever connected to the internet, the hard drive was wiped clean and the operating system reloaded. No junk was reinstalled along with the operating system. ]]> http://www.dslreports.com/forum/remark,17614582 Wed, 10 Jan 2007 09:51:15 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17614056 Name Game : Yes..glad you came to the same conclusion. There is a Launch thingie called O4 - HKLM\..\Run: [LaunchApp] Alaunch
Many people have posted hijackthis logs who have ACER PORTABLE with this running..so this is a fact.

What appears to be not correct is the presence of any LunchApp.

So I suggest anyone that finds such an entry of LunchApp.APlunch ActiveX control that this could be an infection..I doubt is is part of Acer installed software..and the first thing I would do is post a highjackthis log from that machine at this link forum
»Security Cleanup
and let some experts take a look at it.

--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17614056 Wed, 10 Jan 2007 07:02:55 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17612319 jabarnut : Getting back to the original topic for a moment, this does *NOT* appear to be a typo.

I have a fairly new Acer laptop myself (unfortunately, I don't have it here at home at the moment...but plan to check as soon as I can).

However, while I'm familiar with the harmless Acer Launch Manager utility, a google search brings up a fair amount of info concerning this "Lunch"App active-x control.

It's funny, even Google wants to correct me when I search specifically for this LunchApp.ocx to be sure I didn't mean "Launchapp.ocx".
»www.google.com/search?q=LunchApp···&oe=utf8

As you can see, there seems to be a lot of fuss about this "LUNCH" :o :D

Or here's a search for LunchApp.APlunch
»www.google.com/search?q=LunchApp···&oe=utf8

Acer Laptop users can probably "search all files and Folders" for the actual LunchApp.ocx and see if it resides somewhere.....something I'll do when I can.

In the mean time, I think I'll read a little bit more about this. :hmm:

(Edit) Well,I see a lot of these links point back to "Tan Chew Keong's" findings, but I still think this thing exists and may be a problem for some.
--
I had a life once.....now I have a Computer and a Modem.]]> http://www.dslreports.com/forum/remark,17612319 Tue, 09 Jan 2007 21:57:15 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17610726 novaflare :
said by jansson_mark :

said by Name Game :

My advice to anyone who buys a new PC or laptop especially some of those Dell's :D would be to wipe it clean, reformat the whole drive and then have a tech reinstall the OS..
Unfortunally some manufactorers/resellers do NOT provide you with clean install XP cdroms, but rather their OWN restore cdroms...or in some cases simply some bizarre "recovery feature" (like hidden image stored in unpartitioned hdd space) that can only be activated with some bizarre programX inside the computer. This sucks. Really.

All what I want from manufactorer is XP:s install cdrom and possibly the drivers disk (or simply mentions about what drivers are needed). Thats all I need. :)

Know what you mean. The restore info isnt so much on unpartioned space its on a hidden (only from windows) partion. Its visable on most through good old fdisk if not fdisk its visable from a linux boot or live cd. Been a while sense i used fdisk but i beleive it has a option in there some where to create a hidden partion. Or maybe you simply leave them as a inactive partion.

The so called restore cds are more often than not the program x you mention and all the restore data or at least most is on the partion.

The single biggest problem with such partions is even though windows do not see them some truely nasty little viris and trojans do and because these are almost never more than fat 32 partions no security rules effect the partion. Non admins have full read right delete access to said partion.

So basically you execute viri x as non admin limited user and nothing happens then one day you decide youve got to much crap on your comp and restore to factory default. Now this viri x gets installed during restore and your screwed.

Lucky for all of us these little nasties are few and far between. Ive seen 3 examples of them in something like 8 years of cleaning up infections.

As for the whole not including a xp/os disk that just pisses me off. Personally i dont care one way or the other. I can get xp pro full retail version for 150. The guy who i buy from will be selling the vista ultimate edition just as relitivly cheap when its released same for all other versions. When i bought my xp pro i paid 199 instead of 299 so i fully expect vista ultimate to be about 200 cheaper from him than any where else.

Want cheap and 100% legal copies of windows oses shop the mom and pop shops. Forget online sales forget big retailers go mom and pop shops. The way such shops see it if they can cut you a great deal on a computer or hardware or software youll bring them all your buissness. Then they can make more of your hard earned money even when something might be a little more expensive.
--
Evil does exist and it has a face to often that face is one that should look on their child with love in their eyes.

Instead only hate exists in those eyes.]]> http://www.dslreports.com/forum/remark,17610726 Tue, 09 Jan 2007 18:00:25 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17610488 Name Game : Yup..I know Markus and that really sucks..

@Vircotto

I am still not convinced on all this myself..you see calc.exe has been exploited many times in the past..here are a few examples ..

W32/Bagle@MM , W32/HLL.cmp.406528 , Win32.Dumaru.A,

HLLC.HappyFlowers, W32.Walcomp

»www.symantec.com/security_respon···-4618-99

so i still wonder if Tan Chew Keong might just have found infected laptops..and there is a lunch thigie associated with it..and it's a new exploit.
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17610488 Tue, 09 Jan 2007 17:22:57 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17610405 jansson_mark :
said by Name Game :

My advice to anyone who buys a new PC or laptop especially some of those Dell's :D would be to wipe it clean, reformat the whole drive and then have a tech reinstall the OS..
Unfortunally some manufactorers/resellers do NOT provide you with clean install XP cdroms, but rather their OWN restore cdroms...or in some cases simply some bizarre "recovery feature" (like hidden image stored in unpartitioned hdd space) that can only be activated with some bizarre programX inside the computer. This sucks. Really.

All what I want from manufactorer is XP:s install cdrom and possibly the drivers disk (or simply mentions about what drivers are needed). Thats all I need. :)
--
My computer security & privacy related homepage »www.markusjansson.net Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy.]]> http://www.dslreports.com/forum/remark,17610405 Tue, 09 Jan 2007 17:10:44 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17610373 Name Game :
said by vircotto :

NG,

Okay, you've confused me. (Really, not that hard to do!) :D

I'm pretty sure that LunchAPP.APlunch is the ActiveX control in question. I've found a site where on 11/19/06 Tan Chew Keong presented information:
»vuln.sg/acerlunchapp-en.html

He only tested on two Acer notebooks as that was all he had access to. He does provide some test code that launches calc.exe.

Also, I found this:
»nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6121

Yup and I see all of the links out there about a lunchapp thingie all points to his info..or others who just linked to or copied his warning...BUT since I myself do not have one of those laptops..and since [LaunchApp] Alaunch is surely part of Acer stuff..I am trying to figure out myself if he just has a 'typo' in his write up..and he really mean Launch...or he did find a lunch and it is not even part of Acer stuff and might be a bad boy..so hope that someone who has an Acer laptop can really confirm it is lunch for the activeX..since to me that would be very strange.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17610373 Tue, 09 Jan 2007 17:06:42 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17609972 MarkAW :
said by vircotto :

There is a link to this article in Morning Broadband Bytes: »www.theinquirer.net/default.aspx···le=36773
I know two or three people who have Acer laptops. Would it be safe for me to recommend that they delete that ActiveX control? And would that be accomplished by finding and deleting a file named "LunchApp.APlunch"?

Thanks!

According to the article it says " Those who have disabled ActiveX when they upgraded to IE7 can rest easy." So my question is have any of the people you know done this to their Acer laptops.
--
"Sometimes one pays most for the things one gets for nothing." - Albert Einstein (1879-1955)
]]> http://www.dslreports.com/forum/remark,17609972 Tue, 09 Jan 2007 16:05:00 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17609857 vircotto : NG,

Okay, you've confused me. (Really, not that hard to do!) :D

I'm pretty sure that LunchAPP.APlunch is the ActiveX control in question. I've found a site where on 11/19/06 Tan Chew Keong presented information:
»vuln.sg/acerlunchapp-en.html

He only tested on two Acer notebooks as that was all he had access to. He does provide some test code that launches calc.exe.

Also, I found this:
»nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6121]]> http://www.dslreports.com/forum/remark,17609857 Tue, 09 Jan 2007 15:50:10 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17609627 Name Game : lmanager.exe is a process associated with Acer Launch Manager from Dritek System Inc..

U Launchboard lnchbrd.exe "LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions"
U LaunchApp Alaunch.exe Acer Launch tool utility on laptops
U LaunchAp LaunchAp.exe Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610

Author: Dritek System Inc.
Part Of: Acer Launch Manager

LManager.exe file information
The process Acer Launch Manager Keyboard Application belongs to the software Acer Launch Manager by Dritek System Inc (www.dritek.com.tw).

Description: File LManager.exe is located in a subfolder of "C:\Program Files". Known file sizes on Windows XP are 495616 bytes (50% of all occurrence), 483328 bytes, 471040 bytes.
There is an icon for this program on the taskbar next to the clock. It is not a Windows system file. Therefore the technical security rating is 24% dangerous.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17609627 Tue, 09 Jan 2007 15:16:48 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17609303 Name Game : But to be honest with you..I am confused about all this write up on the Acer...and they call it LunchApp.APlunch ????

I thought it was LaunchApp

»www.castlecops.com/s1820-LaunchApp.html

Did Tan Chew Keong take it out to Lunch ? :(

*****************************************

Description:
alaunch.exe is a process which is bundled with Acer laptops and provides additional diagnostic functions for your laptop. This program is a non-essential process, but should not be terminated unless suspected to be causing problems.

O4 - HKLM\..\Run: [LaunchApp] Alaunch

C:\PROGRA~1\LAUNCH~1\LManager.exe

--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17609303 Tue, 09 Jan 2007 14:27:48 EDT Re: Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17608905 Name Game : My advice to anyone who buys a new PC or laptop especially some of those Dell's :D would be to wipe it clean, reformat the whole drive and then have a tech reinstall the OS..nowdays all those "manufactures" put so much junk on the machine you are really buying a can of spam and junk third party proggies..unstable machines..and not just the hardware. No user will ever be in full control of the machine until the do.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,17608905 Tue, 09 Jan 2007 13:46:24 EDT Acer puts Active X hole on laptops http://www.dslreports.com/forum/remark,17608509 vircotto : There is a link to this article in Morning Broadband Bytes: »www.theinquirer.net/default.aspx···le=36773

Here's the gist:
LAPTOP OUTFIT Acer seems to have placed an Active X control on its computers that seems to allow webpages to execute any program. ... The exploit was found by Tan Chew Keong.... He smelt a rat when he noticed that his Acer TravelMate 4150 notebook contained a LunchApp.APlunch ActiveX control, which is marked as "safe for scripting" and "safe for initialising from persistent data".

I know two or three people who have Acer laptops. Would it be safe for me to recommend that they delete that ActiveX control? And would that be accomplished by finding and deleting a file named "LunchApp.APlunch"?

Thanks!]]> http://www.dslreports.com/forum/remark,17608509 Tue, 09 Jan 2007 12:57:56 EDT