April 7, 2002

Last week I told you that I had Linux claiming squatter's rights on 5 gigs of my hard drive. Although some of you sent me recommendations for other partition managers, I'd already gotten Partition Magic 7 Pro. I appreciated the information though. Linux is now history and I have all 30 gigs of my hard drive back. Linux was..... interesting.... but just a little too weird for me.

I asked you if you wanted to receive immediate notices about Adaware signature file updates as soon as they come out, or if you'd rather I just waited until the next regular edition when there's a new reflist. Most of you wanted the immediate notification, while only a few said they'd rather wait. After thinking about it, I've decided to just wait until the next regular edition. It's not a big deal to send out an alert, but as the number of new subscribers continues to rise, it just may turn into a big deal. Perhaps when I get ready to start offering a premium version of this newsletter .......

Speaking of Adaware, there's been two new versions out since last week. Version 5.71 was released Friday. That included support for Topmoxie and the Brilliant Digital scumware that's making news all over.

There were some false positives with this first release. It is recommended that you not use version 5.71, build 2892. The new version is 5.71 Build 2898.

Quoting Ann-Christine Akerlund of Lavasoft, "This new build (2898) addresses compatibility issues that some users have reported to us, and targets additional browser hijackers. Included in this distribution is also a new referencefile (103-07-04-02) which adds the detection of CommonNameIEBar and DAP to Ad-aware.
The new reference file is already included, so there is no need for a separate download.

The "DAP" in question is Speedbit's Download Accelerator Plus, which gets a little too nosey with you personal information when you use it. I can understand ad-based freeware, but DAP collects too much information and tries to hide this fact behind too much legalese.

Are there any graphic designers out there that want to help me out? I'm looking for a new favicon for the site. A favicon is the icon you see in your address bar on some sites (like mine for instance) in the place of the default Internet Explorer icon. The one I have is fine in the address bar, but drag it out onto the desktop and it looks horrible.

If someone could design one for the site that looks good at 16x16 and 32x32, please to me. It doesn't have to look anything at all like the current icon, but it does have to a *.ico file. I'll put a permanent link to your web site at the bottom of my site's main page if I choose your icon. Please don't submit icons belonging to another site or to a software product. I don't want to get sued.

  • Mike........
    I am attaching a copy of my internet temp file where the sites I was hijacked to are located.......this was not the site that did the hijacking, as we had never opened any porn sites--we dont know how we got hijacked..............we called a computer pro this morning, who walked my husband through 30 minutes of steps, found an "hta" file, and a "kernel" in the start up mode, deleted both, and everything seems to be working now..........I still have the "hta" file in my recycle box, and can send that to you to if you'd like (I just dont want to infect your system!!!) This is really a disgusting thing to have happen.........my TEN YEAR OLD daughter is the one who first opened the Internet when our home page came up with the porn, and it was terrible!!! The bigger problem was that every few minutes, more porn pages would open by themselves!!!!! I was able to re-set the home page, and delete the favorites that were added, but I could not stop the pages from opening by themselves until this gentleman walked my husband through it to get rid of the "hta" file.

That was an email I got a while back from someone whose computer had gotten hijacked. Do you have a horror story of your own? If spyware or a browser hijacker has caused you this sort of problem, or if you have something you'd like repeated here, .


Are you running Windows NT, Windows 2000, or Windows XP Pro? Then you'd better take a look at the newest Microsoft security bulletin.

  • The Multiple UNC Provider (MUP) is a Windows service that assists in locating network resources that are identified via UNC (uniform naming convention). The MUP receives commands containing UNC names from applications and sends the name to each registered UNC provider, LAN Manager workstation, and any others that are installed. When a provider identifies a UNC name as its own, the MUP automatically redirects future instances of that name to that provider.

    When MUP requests a file using the uniform naming convention (UNC), it will allocate a buffer to store this request. There is proper input checking in this first buffer. However, MUP stores another copy of the file request in a buffer when it sends this request to a redirector. This second copy of the buffer does not check inputs correctly, thereby creating the possibility that a resource request to it from an unprivileged process could cause a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with Local System privileges. More......

Would you like to help support SpywareInfo? You can by making a small donation, either with PayPal or with Amazon's Honor System. http://www.spywareinfoforum.info/support.html


There have been some major updates on the site in the last week, most notably with the message boards. I installed a YaBB perl based message board at the first of March. I had wanted Ikonboard, but a problem with the web host's MySQL server prevented me from successfully installing it (the problem was later fixed).

YaBB Gold (which doesn't need a database server) was installed successfully and has been running fine ever since. We're now using YaBB SE, which uses MySQL instead of perl scripts and the increase in performance is awesome. Specifically, the pages load so fast it's almost outrageous. Check it out for yourself.

I want your input on the new boards. The default colors that come with YaBB SE are pretty nice. I liked the colors at old message board however and was considering bringing the template over. Some friends are saying I should leave it be. What do you think?

Originally, I had it set up where registration was required to make posts to any topics. I've decided to let unregistered guests post for now to see how it goes. If it doesn't get abused, I'll leave it like that. You will have to register to vote in that poll however. There isn't a setting to change that.

Message boards not your thing? Got a problem and you need help with it right now? We also have a support chat room. It goes from slow to busy without warning and completely at random, so you may enter in the middle of a lively conversation, or sit there for several minutes with nothing happening (although usually someone will say "Hi"). You can find me there every single night, though I'll likely be in and out since my phone company seems to get it's fun by knocking me off offline repeatedly. Check it out.

I recently started the process of creating printable versions of some of the pages on the main site. I've gotten a few complaints from people who go to print out a page and empty half their ink cartridge while it prints out this blue background. Some of them were quite rude actually (and guess where those emails ended up). That rudeness was surprising since it's such a simple thing to fix.

Why anyone would have "print background colors and images" (internet properties > advanced tab) enabled is beyond me, but unchecking that box fixes the problem. Regardless, I decided to go ahead and make a plain, boring, black-text-on-white-background version of some of the pages. Eventually, I'll do this with all the pages on information part of the site, and possibly for the online version of this newsletter.

Go to the hijacked article and click on the printer icon on the right side to see it.

I've decided to keep the firewall/antivirus-antitrojan survey going a bit longer. I'm going to keep it running until the last of April. This survey is a short series of questions about..... well..... firewalls and antivirus products. If you haven't taken it yet, please do when you have a chance.

Just make sure you turn OFF cookies and warm up your popup killer before going there. It's hosted on Tripod (long story) and that means popunders galore. I apologize for this and promise that the next survey will be hosted on my own site.

Take the survey

Control your computer!
RegRun Security Suite 3.1 is the new version of the award-winning startup manager that replaces Windows msconfig. Pick up your copy now!

Featured Site


Have you ever wished to tweak Windows and customize it to meet your own specifications? Well, this is the place to unlock Windows hidden features to help you tame your wild machine.

Ok ok. This is a web page, not a web site, but it's worth a mention. All of the Windows tips described on TechTV's TV shows have been collected into an archive which you can browse through here. Many, many annoyances that you'd like to get rid of in Windows can be fixed by the tips on this page, including...
Delete Run History
Cleaning the Temporary Folder
Easy Deleting
and many, many more.



Keep a close eye on your TCP and UDP activity with this monitoring utility TDImon is an application that lets you monitor TCP and UDP activity on your local system. It is the most powerful tool available for tracking down network-related configuration problems and analysing application network usage.

TDImon gets its name from the fact that it monitors activity at the Transport Driver Interface (TDI) level of networking operations in the operating system kernel. This is the interface to protocol stacks such as TCP and UDP. Thus, the I/O activity shown by TDImon corresponds to TDI-formatted commands. Most TDI commands have direct correspondence with WinSock (the Windows socket API) functions, and thus are easy to interpret.

The Weekly Hack

There are many companies that try to cross-reference web sites that you surf to, to help build customer profiles so they can target advertising at you, provide clients with buying patterns, and a whole lot more. They do this by setting cookies on your hard drive when your browser loads their advertisements.

It is a simple matter to disallow cookies from servers not located on the site that you are currently loading.

In Mozilla 0.9.6 and higher and Netscape 6.x, go to Edit > Preferences. In the dialog go to Privacy & Security > Cookies and select "Enable cookies for the originating web site only".

In Internet Explorer 6.x, go to Tools > Internet Options. Click the privacy tab and press the "Advanced" button. Check "Override automatic cookie handling" and "Block" under Third-party cookies. Your setting for First-party cookies is up to you, but I suggest selecting "Prompt" as well as "Always allow session cookies".

SpywareInfo discourages the use of the Opera browser due to their business relationship with the Cydoor spyware company and instead encourages you to use one of those listed above. In any case, I'm not sure how to block cookies with this browser.

You can also use CookieWall from AnalogX. CookieWall is one of the best third party cookie managers available.

Download CookieWall.

Are you reading this? Well so are hundreds of other people. today about advertising your product here!

In The News


It has long since been a cliché to say that September 11 changed everything, but one thing that has certainly changed since that fateful day is America's receptivity to the idea of a national identity card. Eight months ago, such cards would have been unthinkable, the first step toward an Orwellian surveillance society. But priorities have shifted. Many of those who once steadfastly opposed the ID card now see it as an unfortunate but necessary measure to protect "homeland security."


This week a District Court judge in Bellevue found in favor of a Bellevue man, awarding him a total of $3,000 in three actions he filed against spammers based in Maine, Florida and California.

Last week, a District Court judge in Shoreline refused even to consider a Seattle man's identical actions against junk e-mailers based in Minnesota and Tennessee. That judge determined that the court's jurisdiction did not extend to out-of-state defendants.

How can spam fighters seeking redress under the same state law get such wildly opposite results from judges of the same "people's court"?


The open-source software movement, long the domain of highly talented and motivated programmers working toward a socio-technical ideal and for love of the craft, now is confronting the different expectations of a PGP consumer base unwilling to surrender ease of use.


Yahoo users will now automatically have their marketing preferences set to accept updates from a smattering of Yahoo's businesses. Previously, users were offered one option to either accept or reject product notices when first registering on the site.

Users will have to click "no" to opt out of receiving e-mails from a selection of 13 Yahoo products, ranging from job listings to new media products to inclusion in Yahoo's user surveys, among other things. The page also has an option for users to opt in to the Yahoo Delivers service, which sends product pitches from third parties.


But some Yahoo! users don't see the change as an enhancement, but rather a tactic to trick users into accepting more spam — and a betrayal of their initial registration agreements.

"I checked and they had changed all my settings!" writes one irate poster to an Internet mailing group devoted to privacy. "This means that you may well be inundated with even more junk mail than you are already receiving. In order to change your settings back to whatever you had them at before, you will need to log in to your account and physically change them," the poster adds.

Here's how to fix the problem. Log into your yahoo account (my.yahoo.com), click on "Account Info" on top. Fill in your password and press "Continue". Then scroll down and find "Edit your marketing preferences." Click on all No's. Save the changes. But wait! Go back to the preferences, and click on "Edit Email Subscriptions" at the top. Click all No's again. Save, and finish.

Editor: you can opt-out of this at http://edit.my.yahoo.com/config/eval_profile


In the latest chapter of Spyware vs. Anti-spyware, the maker of snooping program WinWhatWhere backed away from evasive programming tactics Wednesday. Richard Eaton, president of WinWhatWhere Corp., said his software would no longer insert stray code into Anti-spyware program Who's Watching Me to break the program. The announcement comes after MSNBC.com revealed WinWhatWhere and competitor SpectorSoft Corp. both intentionally break the anti-Spyware program.


"CC FoUnD AnD HaCkEd By LightAnge," the Web site reads. Included are dozens of names, addresses, credit card numbers, and even a special credit card security code. West's information wasn't there, but one victim had a similar credit card number, so the search term returned this "hit."

Searches for the victims' credit card numbers through Google also produced links to that Web site — meaning the victims could have found the data if they hunted for it.


According to Article 19, Chapter II, Section 3 of the ministry's Resolution No. 383/2001: "The sale of computers, offset printer equipment, mimeographs, photocopiers, and any other mass printing medium, as well as their parts, pieces and accessories, is prohibited to associations, foundations, civic and nonprofit societies, and natural born citizens. In cases where the acquisition of this equipment or parts, pieces and accessories is indispensable, the authorization of the Ministry of Internal Commerce must be solicited."


The preliminary settlement, set to be finalized May 21, would clear up class-action lawsuits from California, Texas and New York that were consolidated last year. The suits charged that DoubleClick violated state and federal laws by surreptitiously tracking and collecting consumers' personally identifiable data and combining it with information on their Web surfing habits.


"You hereby grant (Brilliant) the right to access and use the unused computing power and storage space on your computer/s and/or Internet access or bandwidth for the aggregation of content and use in distributed computing," the terms of service read. "The user acknowledges and authorizes this use without the right of compensation." Anybody who declines this provision is not able to install the Kazaa file-swapping software.

More from ZDNET ....


KaZaa lost a major distributor last night when San Francisco's Cnet Networks Inc. blocked downloads of the popular Internet file-sharing program for violating software policies.

Cnet spokeswoman Genevieve Cowger said KaZaa was "delisted" for violating Download.com's software bundling policy.


The "28 March 2002 Cumulative Patch for Internet Explorer" update eliminates all previously addressed security vulnerabilities affecting Internet Explorer, as well as two new vulnerabilities, and is discussed in Microsoft Security Bulletin MS02-015. Download now to protect your computer from these vulnerabilities, the most serious of which could allow a malicious user to run code on your computer.


So what can Javascript do? The list has expanded with every release (it's just about to reach version 1.4). At first it was simple things like changing the appearance of something on the page when you put your mouse over it (a "mouseover" event). Later versions enabled it to resize browser windows, open new windows and write cookies (the little text files that tell sites if you've visited them). Ingenious Javascript writers could even add their site as a bookmark to your browser, or make it your homepage.


The commandeering of the Web browser would be the latest in a series of intrusive tactics employed by online advertisers in the last year, often to the annoyance of Web surfers. From pop-up ads to pop-under ads, advertisers have gotten bolder in their quests for attention. United Virtualities' new product would be one of the boldest attempts yet to expand advertising beyond the browser content window.

Support SpywareInfo
Support SpywareInfo - it's fast, free and secure!

SpywareInfo's Privacy Policy


  Visit SpywareInfo
  Read the latest
  Spyware Weekly



ZoneAlarm Pro

Pest Patrol



Copyright © 2002 by spywareinfoforum.info.

Content gathered and compiled by Mike Healan.

Proofread by the beautiful and talented GeekGrrl.