Mike Healan
join:2002-03-09
Collins, GA
| reply to guycad$
Re: eAnthology
Quantic,
Let me introduce myself.
I am the owner of »www.spywareinfo.com/. I am, as far as I know, the person that coined the term "browser hijacker" and led Lavasoft (Ad-Aware) in the direction of targeting them. I am also a former administrator for Lavasoft's support forums.
I have a small mailing list that goes out to the developers of several spyware removal products, and when I suggest they take a look at a piece of software, generally that software finds itself targeted by most of those products in their next update. One of the things that will make me take notice of a piece of software is an activex script that installs the software without a click-through agreement which clearly shows something is about to be installed. I see this very situation touched upon a few times in this thread.
I notice with concern the report of someone clicking an ad banner and a few minutes later their firewall warns of a new program trying to connect to the internet. I'd like to ask the question myself so that we're absolutely clear on this point.
Does your company's software require a click through agreement before it is installed via activex and is there an easily-used opt-out method if someone does not want it? If not, I strongly suggest, for your company's sake, that this be added and any previous activex installer package be withdrawn.
--
»www.spywareinfo.com |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| said by Mike Healan  :
I notice with concern the report of someone clicking an ad banner and a few minutes later their firewall warns of a new program trying to connect to the internet. I'd like to ask the question myself so that we're absolutely clear on this point.
Does your company's software require a click through agreement before it is installed via activex and is there an easily-used opt-out method if someone does not want it? If not, I strongly suggest, for your company's sake, that this be added and any previous activex installer package be withdrawn.
Mike, A user is fooled into clicking the "close" x-box on a pop-up ad, which doesn't close it, only takes you to the Eanthology webpage. Then, if you click the "back" button to attempt to get back to where you were in the first place and get out of Eanthology, it displays another pop-up but downloads the software without any click on anything whatsoever. I now have to figure out how to remove this program from this machine. See exactly what happened here:
»Virus/Trojan Help Needed
Also, earlier in this thread where Name Game had the same thing happen
»eAnthology
Except, reading his post to get rid of it....I do not find an uninstall anywhere, but there are two new .exe files in a new folder is all I can find (plus a new registry key to start up). I wonder if I should start a new thread or will that just confuse things?
--
It takes a disaster to make a woman out of a female
[text was edited by author 2002-09-25 06:18:14] |
|
dja
The 'd' is silent ... unlike the member.
Premium
join:2002-03-25
Niagara
| reply to guycad$
CJ:
This IS an eAnthology thread, so I would assume
that you would be able to continue your discussion.
Also, the original premise of the thread,
dealt with the 'removal' of the software .
--
 Click HERE for the newsletter COGECO may, or may not, let you read! |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to guycad$
Except, reading his post to get rid of it....I do not find an uninstall anywhere, but there are two new .exe files in a new folder is all I can find (plus a new registry key to start up). I wonder if I should start a new thread or will that just confuse things?
________________
Janie,
I can help you. First you will find one folder from this company in your C> program files......click on my computer then program files then find that folder.
Inside that folder you will find two more...one called antivirus...I forgot the name of the other...open each folder and look for something called unist.exe or words to that effect. that is the unstallers for everything in that folder.Click on it and go through the porcess it tells you to uninstall.
Then go to the other one and do the same....do all of this while you are off line and no other programs running.
When you get done with that you will find that all you have left is still their folders..but they will all be empty.
You must do one more thing..go to start>settings> control panel>the click on folder called add/remove programs.
In there you will find one more thing of theirs called a "manager" of some kind..hightlight it and remove it..then reboot the system and it all should be gone...
I guess you could just go to add/remove first and see if all three thing are in there and do it all from that point..but I like to do it the other way...to make sure it is all gone and watch that happen...
If you have any problems or questions..let me know...or give me an IM.
[text was edited by author 2002-09-25 09:15:31] |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Ok - Great instructions. I will try this to get it off my neighbor's machine (about an hour from now), so have printed off to take over there.
My machine only has one folder:
C:\\Windows\Tem\EACDownload with two files in it:
chry.exe (this is what is trying to access the Internet)
and defscan_inst
There is nothing new in my Software at all and I double checked in the control panel - nothing new there either,
Shall I just delete those two files in that folder? and then let Adaware get rid of the new registry?
Thanks for your help.
--
It takes a disaster to make a woman out of a female |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to guycad$
adaware will not clean any of this. I have never heard of a TEM file...you must follow the instructions I gave you in the Program file. If you did not do that to begin with you could have files scattered all over.
Yes in the EACDownload you can get rid of files...but are you sure those two things have anything to do with this software???
If not you should start an new thread.
[text was edited by author 2002-09-25 09:50:09] |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Sorry (typo) - TEMP file.
I'm double checking the Software folder now, but see nothing at all new or pertaining to any of these names.
Adaware caught this (above). It says software and Accelerate, but I don't see any....lemme look some more.
--
It takes a disaster to make a woman out of a female |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to guycad$
You should be able to right click on each on of those files..go down to properties...then left click,,and it will tell you about each one of those and who own them and why they are there will then be evident. Trojans can hide in there...Canary is one...but I think you have a scan thing and the chry.exe???? what does the properties of that file tell you about it. |
|
dja
The 'd' is silent ... unlike the member.
Premium
join:2002-03-25
Niagara
| reply to guycad$
CJ:
Your screen-shot does in fact show a
component of what you are trying to remove.
Interesting that LavaSoft already has
identified this company as a problem source.
--
Click HERE for the newsletter COGECO may, or may not, let you read! |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to Name Game
Ok - it is the CNRY.exe that is trying to access the internet. Don't know what the other one is - looks empty to me.
There is nothing in Programs folder pertaining to any of these names. Only in the TEMP folder.
I haven't scanned with the AV yet. Will do that next
--
It takes a disaster to make a woman out of a female |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC |  reply to guycad$
Good show girl.. I just learned something new on Adaware..get rid of that stuff. Thanks. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Ok - thanks for the help Name Game. Scanned the files. All are ok, now in recycle bin. I used both etrust AV and Gladiator. Probably wouldn't hurt to do a Housecall when I get back, eh?
This has been good practice for what I need to go check on over across the street.
I'll be back later and let you know what I find.
P.S. Spybot didn't catch, I think - don't see anything like it on that scan.
Janie
--
It takes a disaster to make a woman out of a female |
|
guycad$
In Search Of Free Speech
Premium
join:2002-05-02
Pompton Lakes, NJ
| reply to guycad$
For what it's worth:
To remove the eAnthology suite from my friends computer just now:
I ran the add/remove process for all three items in the add/remove applet.
I had to reboot.
Still had the 'Manager' in the add/remove applet. (which I was expecting since it said it couldn't be removed until the other componets were no longer there.
Ran the uninst programs in both the directories mentioned by Name Game.
Rebooted.
Stop-Sign icon still in system tray. Right clicked on icon.
Told it to shut down all eAnthology applications.
Went to control panel and add/remove applet. Was finally able to remove eAnthology manager. When I did this, it tried to make a connection over the internet (ZAF blocked this.)
Went back to the Acceleration folder. Anti-virus folder still there - with all contents. Removed said folder.
eAnthology finally all gone.
After going through this uninstall process plus all of the above, I firmly recommend that this software suite be avoided at all costs.
Go in peace
--
My Pictures.People who describe M$ software as 'mediocre' don't know the half of it.WinDoze Free 2003 |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC | reply to guycad$
Thanks guycad.... turning off that stop-sign in the system tray is one thing I did and forgot to mention.. to then get rid of that manager. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to guycad$
Also reporting in....got the files off my neighbor's machine - it was the "short" package, like mine. Apparently trying to click off a banner ad on another website doesn't give you the "full" load (and maybe that's why it was trying to phone home?)The ZA pop-up called it DR Fetch...I assume it wanted to fetch the rest of the load or something - I didn't let it. Never got the Manager thing or the icon in my (or her) system tray.
Anyway,Guycad & Name Game, thanks for posting the instructions for removal of the "full" package - I'm saving that for the next time someone catches the *Eanthology Virus* and unexpectedly gets it on their machine.
--
It takes a disaster to make a woman out of a female |
|
guycad$
In Search Of Free Speech
Premium
join:2002-05-02
Pompton Lakes, NJ
| reply to guycad$
NameGame and CalamityJane, you're both very welcome!
I've been following Mike's (of Spywareinfo) comments in our various threads and have posted this thread in the Spywareinfo forums. »www.spywareinfo.com/yabbse/index···did=1289
'Nuff said.
Thanx for all your help. I'll catch you folks another time.
--
My Pictures.People who describe M$ software as 'mediocre' don't know the half of it.WinDoze Free 2003 |
|
Mike Healan
join:2002-03-09
Collins, GA
| reply to guycad$
Quantic,
You state that when you posted the first time, it was as a member who liked the product and hadn't started working for eAnthology yet. Yet if you'll look at that post, you'll notice this forums's software captured your origin as follows:
quote:
Quantic
(anonymous eacceleration.com
I'll refrain from commenting on this.
Are you or another company rep going to answer my question about activex "drive by downloading"? I honestly would like to convince your company to stop using this method if you are rather than having this software end up on targeting lists.
I'm in this game to help people avoid getting software they don't want, whether it be spyware, browser hijackers, adware, or whatever, not to help out software developers justify their removal tools by giving them new targets.
I await some sort of official comment.
--
»www.spywareinfo.com |
|
sig
Premium
join:2001-05-05
| You might try emailing the company, FWIW, Mike. There was a thread in the GRC Spyware newsgroup (initial post dated Aug 18th or so I think) on eAnthology and a fellow named Patrick (IIRC?) represented the product. (There may have been another thread in the GRC security ng as well, I didn't check.) I think he specifically said he didn't want to discuss their "aggressive" marketing techniques.
Just guessing this outfit doesn't seem to go back to public venues when the questions get too specific and the posters aren't all newbies. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to guycad$
You are right about that, Sig. His name was Todd Clark on GRC NG and it did go back to about mid-August. Pretty words disguised with a big scarf and he basically would not discuss their marketing tactics further (big red flag there!). and, it was there I saw it first and, hence was familiar with "Stop-sign by Eanthology".
Suddenly *poof* No more Todd Clark posting there either. Wonder if he is related to "Quantic"?
--
It takes a disaster to make a woman out of a female |
|
Quantic
join:2002-09-23 | reply to guycad$
Hello all again. Sorry for any lack of response recently, but I have been on vacation the last couple of days. Give me a day here to read the rest of the threads and formulate a response to your questions. |
|
