dslreports logo
Direct Revenue's Aurora: Plague of the Internet?
New adware client generating serious heat
Direct Revenue (aka ABetterInternet) is one of the companies given the green light by AOL's Netscape trust rating system. The self-professed "leader in online media" has sent cease and desist warnings to companies who categorize their software as malicious. But malicious it is: as Spyware Warrior explores, Direct Revenue's new Aurora software is making users so angry, they're filing class action lawsuits and calling Congress. Our post on the subject has received over 18,000 unique views, most of those from Google users searching for ways to remove it. A reformed adware industry?
view:
topics flat nest 
page: 1 · 2 · next
taar
join:2000-11-21

taar

Member

AOL's trust system is really a joke

Did these fools pay AOL to be listed as a trustworthy enterprise??

Spazmoto
Kill all Bloodsuckers
join:2003-08-22

Spazmoto

Member

Re: AOL's trust system is really a joke

yes

zoom3148
Superman
Premium Member
join:2001-04-30
Yermo, CA

zoom3148 to taar

Premium Member

to taar
said by taar:

Did these fools pay AOL to be listed as a trustworthy enterprise??
Sure, AOL wants to make Money. Do You really wonder why It's so hard to get away from their evil clutches?
peggypwr1
join:2003-10-06
Fremont, CA

peggypwr1 to taar

Member

to taar
I emailed the Company Drect Revenue and told them to at least give us a warning and let the user choose whether they want it on their system.

I think everybody should do the same.

DiscardedVet
Premium Member
join:2005-04-06
Sturgis, SD

DiscardedVet

Premium Member

Re: AOL's trust system is really a joke

Um, they are sending cease and desist "warnings" to companies that say their (Direct) crapware is crapware (in other words, threats).

Letters from the public to Direct stating ANY requests/demands/whatever is only going to get a chuckle followed by the delete button. Crapware companies' only involvment with the web user is via infecting the web user.

DV

ABISux
@snantx.swbell.ne

ABISux to taar

Anon

to taar
Something I encourage everybody to do:

»www.oag.state.ny.us/onli ··· tion.jsp

Thank You for submitting your complaint to the New York State Office of the Attorney General. The following information has been submitted:

Form submitted on Tue Jun 14 06:01:07 2005

Personal Information:
[omitted]

Where did you hear about us?
online

URL: www.abetterinternet.com

Complaint:
A Better Internet / Direct Revenue / ABI Network is maliciously installing Adware / SpyWare on millions of PCs. Removal is virtually impossible without running their own removal tool, which I could not do when my PC was infected because "mypctuneup.com" was a broken link. Even when mypctuneup.com can be reached, it installs additional software without authorization. All told, this "business" has cost me approx. 12 hours of labor cleaning our computers. They use a miriad of websites to covertly infect PCs. Their software morphs with dynamically renaming executables, Registry hooks, etc.

Submitted: 06/14/2005

You will be receiving an email from us shortly.

Your comments will be reviewed by the Internet Bureau staff and kept on file for future reference. In the event that this type of issue develops into a pattern, your efforts may help us in aiding other affected individuals.

Internet Bureau Main Page

=====================================================
Dear Consumer:

Thank you for your submission to the New York State Attorney General's Internet Bureau. On behalf of Attorney General Eliot Spitzer, I want to thank you for taking the time to alert us to this matter. Your assistance is vital to our efforts to serve the people of the State of New York.

We have added your submission to our files. It is through complaints such as yours that we learn of patterns of fraud and illegality. If you have any questions about this matter, please call us at (212) 416-8433. For other consumer-related matters, please call our consumer hotline at (800) 771-7755.

Thank you for contacting us.
Scarlett1313
join:2002-01-11
New York, NY

Scarlett1313

Member

Money Talks

It's a shame how big companies will do whatever someone wants if enough money is thrown their way. This is yet another reason why nobody uses Netscape anymore. They just simply make bad choice after bad choice...shooting themselves in the foot. Obviously you can thank AOL for a lot of that too...

Tomek
Premium Member
join:2002-01-30
Valley Stream, NY

Tomek

Premium Member

AOL's ad strategy

It all matches right now.
AOL changed its strategy long time ago to get revenue from ads, even on members. They eliminate competition ads and place their own. Very efficient if you ask me.
Recently I was reading about them using universal ad system so it can be used by various "partners."

Looks like now AOL has new Direct Revenue "marketing partner"

I hope they burn in AOHell

Phil
Rojo Sol
Premium Member
join:2001-06-11
Downers Grove, IL

Phil

Premium Member

AOL's self decapitation never ends

It really makes you wonder how intelligent you have to be to run a major corporation. In AOL's case not very...

guitarzan
Premium Member
join:2004-05-04
Skytop, PA

guitarzan

Premium Member

Plague of the Internet?

How about scum of the earth. As a more fitting description.?
"has sent cease and desist warnings to companies who categorize their software as malicious." Only becauseIT IS
MALICIOUS spyware.You fuggin azzholes aks direct revenue aka
abetterinternet.If it's not spyware why is the requirement to place it on people's computers DONE COVERTLY.?
Cease and Desist this. Scumbags.

Middle finger extended from both hands.Aimed at
direct revenue aka abetterinternet and all their breathen.


Doctor Four
My other vehicle is a TARDIS
Premium Member
join:2000-09-05
Dallas, TX

Doctor Four

Premium Member

Re: Plague of the Internet?

They also happen to be New York state based. That means
Direct Revenue could become a likely target of a class-
action lawsuit by Attorney General Elliot Spitzer, who is
already filed suit against at least another adware company.

So be sure to file all your complaints against this company
with his office. The sooner they can get put out of business,
the better. They are second only to Cool Web Search, IMO, in
being the worst scourge of the Internet.

inteller
Sociopaths always win.
join:2003-12-08
Tulsa, OK

inteller

Member

Sue them for false advertisement

REally....one could argue that pushing a product called 'ABetterInternet' could be false advertisement, because how can they prove that what they do is considered better by the average user? How can they prove that what they do makes the Internet better? I could see them getting taken to court to explain that one.

MIABye
Premium Member
join:2001-10-28
united state

MIABye

Premium Member

I Can't Believe It

After having my own experience trying to remove it from my computer (which ended in me formatting my C drive), I can't believe anyone would trust this company. What gives them the right to create a program that evades removal? I was so pissed that night I wanted to shoot the people who created this crap.
chrpai
join:2004-04-11
Cedar Park, TX

chrpai

Member

Re: I Can't Believe It

I was able to eventually remove it. The trick was the internet explorer browser helper object that was installed that was kindly reinfecting my machine everytime you started IE. You know, the one that none of my spyware scanners noticed. Once that was killed I was able to scan through and eliminate the rest, but ouch was it ugly.

Willies
join:2002-12-15
Montpelier, OH

Willies

Member

Re: I Can't Believe It

These guys ARE scum !! I had a run in with it . No matter what I did I couldn't get rid of it . In desperation I did a Google search for anything on how to uninstall it. Beleive it or not all threads lead back to Aurora's web site . With MUCH hesitation I downloaded their uninstall tool located on their web page. So far it worked . But make damn sure you turn off your system restore before you try it. This will clear all old restores and when you restart system restore you'll have a clean slate to go back to.

MIABye
Premium Member
join:2001-10-28
united state

MIABye

Premium Member

Re: I Can't Believe It

said by Willies:

With MUCH hesitation I downloaded their uninstall tool located on their web page. So far it worked .
:o:o:o

Who would have thought they would be the ones with the removal tool that works. Color me surprised.
irt007
join:2004-06-12
Elmhurst, NY

irt007 to MIABye

Member

to MIABye
Let them know how you really feel!

»www.direct-revenue.com/c ··· acts.php

guitarzan
Premium Member
join:2004-05-04
Skytop, PA

guitarzan

Premium Member

Re: I Can't Believe It

said by irt007:

Let them know how you really feel!

»www.direct-revenue.com/c ··· acts.php
This link does not work.I wonder why
parkbear
join:2004-02-02
Kamloops, BC

parkbear

Member

I spent my weekend on this one

I just got this one. I decided I was going to reload Windows a few days ago and wanted to make the perfect back up so next time I reloaded it would be a simple image. I installed all my favourite apps and promised myself I would spend three days using just the OS and apps, no games or non-essentials to get my settings exactly where I want them to be. After all that work, downloaded a file, and without realizing it opened "A better Internet." Three days hard work down the drain. Trend Micro, Norton, MS Antispyware, Spybot and Adaware all removed parts, but not all. I finally just deleted Nail.exe and replaced it with a Read only encrypted text file "Nail.exe" so it cannot overwrite it. Finally seems ok.

I was pissed

bigfitch
Premium Member
join:2005-06-01
Montgomery, IL

bigfitch

Premium Member

Re: I spent my weekend on this one

I hate when I get on my brothers computer he has this pop up. Anyone know how tog et rid of it once and for all. Spyware Removers dont seam to work after u reboot ya know.
ydoucare
join:2003-03-12
Lafayette, IN

ydoucare

Member

Aurora

Just removed that POS from my parents comp about a week ago. Took forever but it's gone, thankfully.

Anonymous_
Anonymous
Premium Member
join:2004-06-21
127.0.0.1

1 edit

Anonymous_

Premium Member

Step 1

To remove this

1 put Your windows CD
2 format C:\
3.reinstall Your OS
4 load your drives
5 load your software
6 use the interenet Using Firefox
7 disable Java Script (make it's hard to get spyware install when using the interent)
8. make a image copy so if u need to restore u can(best if u can put it on a other hard drive )

ptrowski
Got Helix?
Premium Member
join:2005-03-14
Woodstock, CT

ptrowski

Premium Member

Re: Step 1

Here is the part that REALLY made me laugh at this POS virus, which it is really...
»www.direct-revenue.com/c ··· mers.php

LinuxJunkie
join:2005-01-19
Cyberspace

LinuxJunkie

Member

Re: Step 1

quote:
"The free search, content and software offerings that we support are enjoyed by some 20 million Internet users all over the world."
LMAO. Are "ENJOYED" by some 20 million Internet users... is that what they're calling it? I guess from their point of view the Jews were completely happy and satisfied customers of the Nazi regime.

TheSaint
join:2002-01-25
Hanover Park, IL

1 recommendation

TheSaint

Member

Call them!

I've been spamming thier voicemail with nasty comments, perhaps they'll get annoyed as much as we have.

Glaice
Brutal Video Vault
Premium Member
join:2002-10-01
North Babylon, NY

Glaice

Premium Member

Re: Call them!

Wardialing anyone?

LinuxJunkie
join:2005-01-19
Cyberspace

LinuxJunkie

Member

Re: Call them!

I'm gaming. We should all start a BBR campaign to tie up their 1-800 lines and make it too expensive for them to maintain.

TheSaint
join:2002-01-25
Hanover Park, IL

TheSaint

Member

Re: Call them!

Sounds like a good idea!
Methadras
join:2004-05-26
Spring Valley, CA

Methadras

Member

a new name for netscape...

how about nutscrape...?

Anonymous88
Premium Member
join:2004-06-01
IA

Anonymous88

Premium Member

EULA

3. Uninstall and Remove Software - You may uninstall the Software at any time by visiting www.mypctuneup.com. Other attempts to uninstall the Software, such as via anti-spyware software, will not effectively uninstall the Software, and may result in the Software re-installing itself. Visiting www.mypctuneup.com is the primary method to properly remove the Software. MyPCTuneUp will leave behind a unique identifier on your computer for the sole purpose of notifying ABI that you no longer want the Software to operate on your computer.

While you may choose to delete the Software from your computer at anytime by following the instructions herein, some third party applications may attempt to delete, disable or modify the Software with or without notice to you. You agree not to initiate, permit, authorize or assist any third party or application to remove the Software from your computer, or disrupt its proper operation. ABI may store a cookie, computer file or other unique identifier on your computer to identify you and may automatically repair or reinstall the Software if any third party application attempts to delete, disable or modify the Software.

ABI may terminate this Agreement or your right to continue to use the Software at any time.

4. Software updates - You understand and agree that ABI may, without providing additional notice to you: update the Software; install added features, functionality or additional software, including search clients, toolbars and shopping applications; install desktop icons and installation files; and install software from ABI affiliates.

Scary

Oopsie
@61.88.x.x

Oopsie

Anon

Re: EULA

While on the legal side of this...

I'm not normally one to throw gas on an already burning fire but...

Isn't the name "Aurora" a trademark of Bioware?

(It's the trademarked name for the engine used in many of their games)

I wouldn't imagin Bioware would be thrilled to see it's trademarked name associated with press of this nature...

guitarzan
Premium Member
join:2004-05-04
Skytop, PA

guitarzan to Anonymous88

Premium Member

to Anonymous88
said by Anonymous88:

3. Uninstall and Remove Software - You may uninstall the Software at any time by visiting www.mypctuneup.com. Other attempts to uninstall the Software, such as via anti-spyware software, will not effectively uninstall the Software, and may result in the Software re-installing itself.
may automatically repair or reinstall the Software if any third party application attempts to delete, disable or modify the Software.

Scary
Thats a fuggin virus or trojan!! Has anyone sent a sample to the AV companies? So the AV's can put out a virus definition update for this P.O.S.

I like this in the 3rd party software eula?
"
ABI may terminate this Agreement or your right to continue to use the Software at any time." Well then "terminate " it then.Your company and then yourselves.Trash like you'se should be banned for life from the internet.

Anonymous88
Premium Member
join:2004-06-01
IA

Anonymous88

Premium Member

Re: EULA

One would think they would terminate your right to use the software (by removing it) but even though you broke the rules set in EULA they will try to reinstall/repair software. Does not make any sense does it?

Also if this here is true:

"...MyPCTuneUp will leave behind a unique identifier on your computer for the sole purpose of notifying ABI that you no longer want the Software to operate on your computer...."

If that software has been removed completely why would ABI (abetterinternet) ever 'reconnect' to my computer to check and how if the software has been removed?

Also I think they *sell* MyPCTuneUp
bart99gt
join:2001-03-24
Newnan, GA

bart99gt to guitarzan

Member

to guitarzan
Trend has started detecting the trojan re-installer at least as of last Friday. So thus far I haven't encountered the junk since then.

I've run across 3 machines in the past week here at work that have been infected with this junk. The uninstall tool they provide doesn't really work, even after using it on a couple of machines it was still able to re-spawn itself the next time IE was opened. Along with Nail.exe it will also create a couple of randomly named .exe files and dump them in a variety of locations in the c:\windows folder. How they can call this "legitimate" activity is certainly beyond my comprehension. Most sane people clearly would identify this as activity consistent with that of a virus.

Not surprisingly the first PC I encountered the EU probably had installed the "free" programs (a pop up blocker and a supposed "spyware" scanner) on her PC that resulted in the infection. On the 2nd and 3rd systems I couldn't find any trace of any games, screensavers, backgrounds, etc., that are the usual culprits behind most of this crap.

mers2
Premium Member
join:2004-03-20
USA

mers2

Premium Member

It's Lawsuit Time

If we're lucky Symantec will sue them in addition to Hotbar. Or the NY attorney general will go after them. I'm not a fan of lawsuits but it's time to deal with these scumware companies.

LinuxJunkie
join:2005-01-19
Cyberspace

1 edit

LinuxJunkie

Member

Re: It's Lawsuit Time

Government and the courts take too long. Somebody needs to simply go to their headquarters and torch the f**king thing to the ground, with all the scumbags who work there trapped inside.

treetop1000
join:2003-11-07
Lexington, KY

1 edit

treetop1000

Member

Hey wait a minute.....

Is it possible that we can tag this company as a terrorist organization? I've yet to see any distinct reason -not- to call them that. Truth #1: This software was loaded onto a users machine without his knowledge. Truth #2: This software does report back to it's creators with a detailed report of this machines usage (by their own admission)
Truth #3: This software does not come with a removal mechanism, one must be downloaded from the creators website.
Truth #4: This software contains elements common to malicious virus programs, and creates serious user security issues in that the owner of the machine is no longer in complete control of personal information -including financial records such as bank accounts and services.

There is no real defence against these charges. I call for a formal investigation by the United States Department of Homeland Security into the actions of this TERRORIST ORGANIZATION. There are no differences between these guys and any terrorist organization you care to name. They operate with impunity and continue to impede truth by their own actions. I hope the law firm they have hired backs away quickly, as the cesspool these guys live in keeps getting deeper and wider.

If it were up to me, I'd establish a large cash bounty on each of the owners heads. Start at the top and work down to the mid level guys. And don't leave out the board of directors either.
All I'd really need is a backhoe and maybe four or five unmarked spots out there in the desert.
I'd like to think the issue would resolve itself rather quickly once I'd left a little note explaining where all the really important people in the company are....
badshot23
join:2004-10-05
Independence, MO

badshot23

Member

I finally got this crap off my computer...

I tried their uninstaller, and creating a read only file named nail.exe, neither worked.:(

A little further searching on the internet and I found ewido security suite, it did the trick to get this Aurora crap off my pc without having to reinstall windows.

ptrowski
Got Helix?
Premium Member
join:2005-03-14
Woodstock, CT

ptrowski

Premium Member

Re: I finally got this crap off my computer...

Of course not...Interesting that the only way you can remove it is by using their Tuneup tool...hmmm...my computer was perfectly tuned prior to this crap...seems like thier tuneup software doesn't do what it says...sounds like false advertising to me

cabana
Department of Adjustments
Mod
join:2000-07-07
New York, NY

3 edits

cabana

Mod

Under Review

Under Review
Carpenter6
join:2005-07-24
Atlanta, GA

Carpenter6

Member

Nailing Nail.exe

It took a couple of days, but I have definitely nailed this little bugger.

The big problem is the self-replicating aspect - hard to get around. Until you get rid of the registry entry that loads Nail.exe with explorer.exe.

Here's what i did on my Win2000pro machine:

1) Installed F-Secure (had Macafee, which did not help me) F-Secure is not terribly expensive and WELL WORTH the cost. Updated definitions and scanned files,
2) Loaded SpyBot S&D and ran it. NOTE: SpyBot will detect BackWeb Lite after you install F-Secure - F-secure uses BackWeb lite for updates, so do not "Fix" BackWeb Lite when Spybot finds it.

I put these in place because you gotta secure the perimeter before you can kill all the roaches - otherwise more just get in.

Make sure you update software and all definitions in F-Secure.

In F-Secure, set security level to HIGH (you can lower this later) and configure your "Internet Shield" settings (application control) "Allow/Deny" list so that "DFJUSS~1.EXE" AND "Nail.exe" are set to "Deny" - and in the "Details" section for each, select "Application and IP" for Outbound (Deny), and Application and Port" for Inbound (Deny).

SO now they can't talk to the mother ship.

And now, you have to start killing off the little monsters:

1) Go to this link and follow the instructions for deleting files and registry entries: http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076992

The instructions at the link above are lengthy and very detailed - but they will get rid of ALL the non-replicating crap that is on your computer from this infestation. (Some of the files will not be there, some will auto-replicate - delete what you can, then move on).

2) Then, get rid of the bogus registry entry that allows Nail.exe to come back to life, like a little a) Open regedit and navigate to (will be slightly different for different OS): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
b)Right click on "Shell" entry and choose "Modify"
c) Remove "C:\WINNT\Nail.exe" from "Explorer.exe C:\WINNT\Nail.exe" so it reads just "Explorer.exe"

3) Reboot.
4) Navigate to "C:\WINNT\" and delete the "Nail.exe" file. It should not come back. Also look for the "DFJUSS~1.EXE" file and delete that as well.

5) Reboot

6) Run SpyBot S&D - DO NOT "fix" BackWeb Lite" if you have installed F-Secure. Fix anything that SpyBot detects and marks with a check - but it should NOT detect anything other than BackWeb Lite.

And all of that worked for me. If you run SpyBot before you follow instruction in #1, above, you will have less to deal with. Also, if you run F-Secure and allow it to "automatically delete" virus files, you will save yourself some time.

I hope this helps - and remember, I was on a Win2000pro machine - your path names will be slightly different fro other operating systems.

•••••

T
@cable.ubr04.dals.blu

T

Anon

Cool Web Search

Does anybody have phone number and address details for the head office of Cool Web Search, which has infected my machine and which is proving unremovable. I am looking for ways to retaliate legally, and through direct action against the company, its management and any affiliates.
page: 1 · 2 · next