richtig
Music Is Emotion
Premium
join:2003-02-19
Australia
clubs:
| ABC Scrabble, Webhancer, etc.
A short story. I hope I have the facts in order...
Downloaded "ABC Scrabble" (before you rush off, no it does not play "Scrabble") and installed it, only to find that BOclean (first, and fast!!), then Spyware Guard, both caught it as a trojan. I let BOclean destroy it, and its installation, and dismissed SG.
My firewall kept asking to let Webhancer get out. "Webhancer?", I thought, "seen that somewhere before...", so went to try to uninstall it, then BOclean sprung the uninstaller itself as a trojan, so I let it get munged into a pile of bits in the bit-bucket, too.
Webhancer, in possibly 2 variants, comes with many "products" (presumably many of whom don't respect their customers).
I don't think we can necessarily blame retailers, or even the software designers, for linking Webhancer into their products, after all at
www.webhancer.com
they say
"WebHancer is a leading provider of next-generation web site customer intelligence solutions for web enterprises. We develop, sell and support the first and only clickstream and performance analysis services to produce data and reports on both intra-site and inter-site customer activities. Our exclusive X-Site Intelligence platform enables webHancer's customers to investigate the success of acquisition, conversion, and retention strategies on competitive sites, partner sites, and a company's own site. Through real-time tracking of visitors' successes, failures, conversions, and departures, an enterprise has invaluable information for effectively managing its resources to improve sales, customer loyalty and enhance profitability"
Blah, Blah, Blah. In other words, "send any data we like from any of your customers machines, to anyone we want to".
But this is not just about Webhancer, don't forget that ABC Scrabble had a problem of its own.
Thought you all should know.
During times of universal deceit, telling the truth becomes a revolutionary act.
-- George Orwell
--
We are the music makers,We are the dreamers of dreams.Arthur William Edgar O'Shaugnessy |
|
B
Premium,MVM
join:2000-10-28
|
The proper lesson -- don't download just any old thing because it sounds good. Give it at LEAST as much attention as you would a piece of food you're about to put in your mouth.
Try just Googling on the product with the word "spyware" or "scam".
In this instance, the VERY FIRST GOOGLE HIT returns:
BEWARE: Filled with spyware
Rating : Worst
Reviewer : Ami Urtiz
Review posted on : 1/4/2005
Version : 1.0 US
Well, isn't this prgram just a little pain in the arse? When installed, it will place several pieces of spyware on your computer.
Then it will contact it's developers website and try to download even more spyware-related files. ABC Scrabble is a laughable excuse for a program. It doesn't take much vigilance to protect one's self, but it does take some.
-- B
--
In a realm outside causality and function |
|
richtig
Music Is Emotion
Premium
join:2003-02-19
Australia
clubs:
| reply to richtig
Thanks, B. You're teaching Grandma to suck eggs, here, and I know I should not have sucked that egg.
I think it illustrates that even those of us who are normally cautious can get caught sometimes. Hence the need for protection.
I posted this to be informative. In one sense, the most important part is Webhancer. It is an insidious, horrible, nasty piece of deceit. And it comes with lots of software, even apparently legitimate stuff. Webhancer tries to tell people that the programs associated with it may not work if it is un-installed. What a joke!
It is entirely possible that without a properly configured firewall and a really good anti-trojan many users would not know it was there, and when they discover it, if at all, they would probably use the uninstall from the standard "Add/Remove Programs" menu, then be possibly worse off.
If you look at Microsoft's article about removing it, it merely tells you to go the Webhancer web-site and use their un-installer. As I pointed out, the un-installer is also a trojan!
To be thorough, I also cleaned up all signs of these nasties in the Registry.
--
We are the music makers,We are the dreamers of dreams.Arthur William Edgar O'Shaugnessy |
|
richtig
Music Is Emotion
Premium
join:2003-02-19
Australia
clubs:
| reply to richtig
An afterthought for those who want to un-install Webhancer.
Perhaps you'd like to know how I did it?
BOclean had stopped its activity and deleted the .exe, but without BOclean's help, you will need to do something like the following.
(1) (May not be needed) Get hold of Unlocker.
»ccollomb.free.fr/unlocker/
and install it.
(2) Navigate to the Webhancer folder (usually C:\Program Files\Webhancer\) and delete everything you can.
(3) One or two files may be locked. Use Unlocker to unlock them, if you can. A .dll is the most likely problem. Don't try to unlock the .dll - I found this hung/crashed Explorer.
(4) Once you have all but the .dll deleted, re-boot, and delete the whole Webhancer folder.
(5) Use your favourite registry editor to clean up all references to Webhancer (not for the inexperienced, but I recommend TuneUp Utilities)
--
We are the music makers,We are the dreamers of dreams.Arthur William Edgar O'Shaugnessy |
|
B
Premium,MVM
join:2000-10-28
| reply to richtig
Of course; I appreciate that you've shared this. (By the way, the only place I've ever heard the "Grandma suck eggs" thing was Ren and Stimpy and I've never understood what it means.)
Question -- I don't imagine Webhancer's remotely trustworthy, but isn't it possible that BOClean flagged the uninstaller merely because it was from Webhancer OR because it was accessing the same trojan-y processes the installer would, in an attempt to shut them down?
I have no idea, of course, but it would make sense. I guess I'd be curious as to exactly what BOClean saw the uninstaller doing.
-- B
--
In a realm outside causality and function |
|
richtig
Music Is Emotion
Premium
join:2003-02-19
Australia
clubs:
| reply to richtig
Can't tell what BOclean thought, but there was some more activity from Webhancer after I thought I had got rid of it, and BOclean pounced on the un-installer! (Remember, BOclean catches things as they execute)
Sunbelt Counterspy found more pieces of Webhancer, and quarantined them. Prior to this it was warning that there were attempts to play with the LSP stack, which I denied, of course. Most likely a CounterSpy scan would have dealt with it all. I am not about to deliberately re-infect myself to find out!
This shows that that there is more to the beast than the obvious files. It damned well restarts itself under other guises.
I do not believe that all of the information below is 100% correct, but it is worth a read.
»sitebilder.com/hosting/privacy/webscum.php
»www.cexx.org/
(go to the 2nd? page, perhaps, and search for "webhancer")
»www.pcreview.co.uk/forums/thread-1689277.php
This looks good, but I haven't tried it:
»www.safer-networking.com/removeWebHancer.php
--
We are the music makers,We are the dreamers of dreams.Arthur William Edgar O'Shaugnessy |
|
mysec
Premium
join:2005-11-29
1 edit | reply to richtig
Yes, that's informative. Thanks. |
|
richtig
Music Is Emotion
Premium
join:2003-02-19
Australia
clubs:
| reply to B
said by B  :Of course; I appreciate that you've shared this. (By the way, the only place I've ever heard the "Grandma suck eggs" thing was Ren and Stimpy and I've never understood what it means.) [...] One of the on-line dictionaries gives this:
=====
"teach your grandmother to suck eggs" (British & Australian)
- to give advice to someone about a subject that they already know more about than you. "You're teaching your grandmother to suck eggs, Ted. I've been playing this game since before you were born!"
=====
I can not find the origin. (You certainly get a lot of porn rubbish when you look it up in Google!)
My guess is that it may have something to do with Easter. Easter-eggs weren't always sugar and chocolate, they were real eggs! They still are in some parts of the world.
To make a real Easter-egg you have to get the gooey stuff out. The easiest way is to make a big enough hole in each end with a needle (not too big), stir the contents with the needle, then hold it high and suck on one end.
--
We are the music makers,We are the dreamers of dreams.Arthur William Edgar O'Shaugnessy |
|
B
Premium,MVM
join:2000-10-28
| 
Help Me.... Mr. Po-peil! |
Ronco Inside the Shell Egg Scrambler
Amazing ... it scrambles the egg right
inside the shell!
The Inside the Shell Electric Egg Scrambler from Ronco is one of the coolest products Ron Popeil ever invented. All you do is place an egg on the slanted needle, push through the shell, and then press down. The needle whips the egg into a perfectly smooth blend!
-- B
--
In a realm outside causality and function |
|
richtig
Music Is Emotion
Premium
join:2003-02-19
Australia
clubs: | Ah, but how do you suck the egg? |
|
B
Premium,MVM
join:2000-10-28 |
Simple -- buy TWO from Uncle Ron, and turn one upside down to make the second hole.
Raking in the product placement kickbacks,
-- B
(Yes it's still sold!)
--
In a realm outside causality and function |
|
EGeezer
Summertime -
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
·AT&T CallVantage
2 edits | reply to richtig
On Egg suckin' and security
Well, B , here's one explanation;
»www.phrases.org.uk/bulletin_boar···539.html
To suck eggs, tap a hole in each end, suck. Some farmers of German ancestry in SE Ohio used to keep eggs with them as compact, high energy nourishment while working. Nowadays, with mechanized egg farms, the cleanliness of eggs is suspect and eating raw eggs may be a bit risky(salmonella). The farm wives kept clean coops, let the chickens in the yard and the eggs were rarely dirty with chicken sh*t as they are where the hens are kept in confinement.
quote:
Teach not thy parent’s mother to extract
The embryo juices of birds by suction.
The good old lady can that feat enact,
Quite irrespective of prior instruction.
I always wanted to find a restaurant named Sam & Ella's
--
In Memoriam -
NRK 1 FEB 1918 - 6 NOV 2005
B-17 pilot -
50 missions over Europe and North Africa -
347th Squadron, 99th Bomb Group -
Husband, Father, Grandfather, Great Grandfather, friend ---
A knight and gentleman gone to peace
|
|
B
Premium,MVM
join:2000-10-28 | Here ya go. I live but to Google.
»www.samandellas.com/Menu.html
-- B
--
In a realm outside causality and function |
|
EGeezer
Summertime -
Premium
join:2002-08-04
Country!
·Callcentric
·RoadRunner Cable
·AT&T CallVantage
| reply to richtig
Re: ABC Scrabble, Webhancer, etc.
said by richtig :To make a real Easter-egg you have to get the gooey stuff out. We hard boil 'em. Used Paas coloring and vinegar, crayons, the little wire egg basket to dip 'em in a big coffee cup.
--
In Memoriam -NRK 1 FEB 1918 - 6 NOV 2005B-17 pilot -50 missions over Europe and North Africa - 347th Squadron, 99th Bomb Group - Husband, Father, Grandfather, Great Grandfather, friend --- A knight and gentleman gone to peace |
|
richtig
Music Is Emotion
Premium
join:2003-02-19
Australia
clubs:
| But they go really smelly if you want to keep them for a few years!
...not eggs, but...
=====
I do not like broccoli. And I haven't liked it since I was a little kid and my mother made me eat it. And I'm President of the United States and I'm not going to eat any more broccoli - George Bush (snr.)
=====
Hey, there's a bug in this editor. The first row of equals signs is inside the "small" brackets.
--
We are the music makers,We are the dreamers of dreams.Arthur William Edgar O'Shaugnessy |
|
