Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Do you trust the uninstaller?
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
(topic move) Hard drive space disappearing, reappearing »
« (topic move) couldnt open disk multi(0)disk(0)rdisk(0). . .  

SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless

Re: Do you trust the uninstaller?

said by RavonTUS See Profile :

So, here is the big question...Do I trust their uninstall program?
Here's an incomplete list of what the "Uninstaller" does.
[ Changes to registry ]
* Creates key "HKLM\Software\AutoLoader\x3uJ1RMQWRMK".
* Sets value "x85fZPOPWCY5fV"="" in key "HKLM\Software\AutoLoader\x3uJ1RMQWRMK".
* Creates key "HKLM\Software\AutoLoader\x3u51RMQWRMK".
* Sets value "x85fZPOPWCY5fV"="" in key "HKLM\Software\AutoLoader\x3u51RMQWRMK".

[ Process/window information ]
* Enumerates running processes.
* Enumerates running processes several parses....

Here's the Jotti scan results

MD5 3e532491eff52adf0c7f2befd94d80a3
Packers detected: -
Scanner results
AntiVir Found Trojan/Dldr.Apropo.R
ArcaVir Found nothing
Avast Found Win32:Apropo-2
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found Adware/Apropos
Kaspersky Anti-Virus Found not-a-virus:AdWare.Apropos.q
NOD32 Found nothing
Norman Virus Control Found W32/Apropos.O
UNA Found nothing
VBA32 Found AdWare.Apropos.q

The "Uninstaller" has URL's as detected by Filealyzer

»download.contextplus.net/repermission/
»envolo.peopleonpage.com:80/servlets/auto
»envolo.peopleonpage.com:80/servlets/auto
»download.contextplus.net/apropos···ller.exe
»download.contextplus.net/apropos···ller.exe
»download.contextplus.net/shared/···ller.exe
»download.contextplus.net/shared/···ller.exe
»download.contextplus.net/
»envolo.peopleonpage.com:80/servlets/auto
»node2.ocslab.com/test/apropos/cl···ller.exe
»node2.ocslab.com/test/apropos/cl···ller.exe
»node2.ocslab.com/test/shared/Aut···ller.exe
»node2.ocslab.com/test/shared/Msv···ller.exe
»download.contextplus.net/
»node2.ocslab.com/apropos/client/···ller.exe
»node2.ocslab.com/apropos/client/···ller.exe
»node2.ocslab.com/shared/AutoUpda···ller.exe
»node2.ocslab.com/shared/Msvcp60Installer.exe

These URL's point to 4 different file downloads

"Msvcp60installer.Exe" * access denied when checking file properties
"a.exe" * access denied when checking file properties
"Aproposclientinstaller.Exe"
"Autoupdateinstaller.Exe"

Either these people have a serious problem with properly naming Exe's or this "Uninstaller" in reality is an "Installer"
permalink · 2005-10-31 07:58:23 · Print ·

IIIBradIII
Comm M-E-L Instr

join:2000-09-28
Greer, SC

Re: Do you trust the uninstaller?

Why is this sort of trickery and lies not illegal?!!
permalink · 2005-11-03 12:21:16 ·
(topic locked)
Forums » Up and Running » Security » Security(topic move) Hard drive space disappearing, reappearing »
« (topic move) couldnt open disk multi(0)disk(0)rdisk(0). . .  

Sunday, 06-Dec 07:21:30 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [163] Comcast Releasing Promised Usage Meter
· [147] Avast Antivirus Has Gone Mad
· [128] Comcast Makes NBC Universal Acquisition Official
· [124] The Bandwidth Hog Does Not Exist
· [105] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [101] Google Invades ISP, OpenDNS Turf With Google Public DNS
· [85] FCC Ponders Moving From PSTN To IP Voice
· [82] Latest Consumer Reports Survey Not Kind To AT&T
· [81] New Bill Aims To Limit ETFs
· [75] Sprint Defuses GPS Privacy Media Bomb
Most people now reading
· False positive in Avast! or is it real? [Security]
· Wife might have to work in.... Iowa for a few months!!! [General Questions]
· [DNS] Google's public DNS... performance increases? [Comcast HSI]
· Windows 7 boot manager editing questions [Microsoft Help]
· Is there any true cure for, or way to prevent, a hangover? [General Questions]
· Problems with rlslog.net? [TekSavvy]
· [Tomato] Keep a VPN connection running with my router [Linksys]
· Dr. Tim Ball On the Significance of the CRU Hacked Documents [Canadian Chat]
· More Hammond organ work [Electronics]
· [Newsgroups] Newzleech down? [Filesharing Software]