565 replies to this topic

[James]

Thank you gandalfrockman. Some good ideas is to search all of the eDonkey Servers and NewsGroups. I still have yet too, but you may find something. Just stay away from Kazaa, ususally if you see it, it's a virus.

you can get a virus from any p2p not just kazaa
i rarely get a virus from kazaa . if i find one it can also be found on edonkey and others the main thing you need to do is check file size thats where some people are caught out....

[James]

keep an eye on this site


http://emulacity.red.../php/roms_3.php

[gandalfrockman]

RAG: I assume your talking about emuneo, personally I think the place reeks of scammer IT COULD BE LEGIT, but personally I think hes fulla bs.

To James:
NGTOOLS is alredy in my list of watch sites but thank you anyway.
Viruses I could care less about that is of no concern they are usually obvious and yes most of them are on other p2p networks. What is of concern is the nature of the kazzaa network and to a lesser extent kazzaaa lite. It makes it very easy for the owner of the network to track which files originated where. IT IS NOT A HEADLESS NETWORK!!!! this is contrary to what sharman would have people beleive... but it's true.
I won't even get into the whole spyware mess as first of all, k-lite negates MOST of it, and second of all it's been done to death. Besides that it is the most inefficient system out there right now. At the moment it has more content. This is becuase it is easier to use, easier to find, and has ALOT of financial horsepower. Try shareaza, still easy to use,8 out of 10 times has what your looking for, ALWAYS FASTER, and connects to multiple clients.

NOTE: Shareaza Is not necesarily the best client out there but it is easy to use. I could list my fav clients but this is already WAAAYYY!!! off topic.

[Rag]

I received the BillyJr information from multiple sites actually.

Then again, its true that most information can be false.

[gandalfrockman]

OOOHHH sorry I should have worded that better rag, I can CONFIRM the BillyJr part 100%!!!!

I meant the site you saw that had a spot all set up, didnt have it yet and wanted a pass. I figured you were talking about emuneo. The operator claims over and over that his sight is not a scam.... which is usually a big tipoff that its a scam... then wants you to call a phone (900 I'm assuming) number....with your modem...using his dialer software....then you get a pass to download his roms... Anyone else smell a rat?


If its another site please post a link and I will add it to my evergrowing watch list!


Must balance angrys with smilies!!!

[Rag]

lol yea. I visited many sites, sorry I don't have the link anymore, but if I come across it again, I'll be sure to post the link.

Does searching for SamSho5 have any hope to it? Its very hard to track, we need an expert

[gandalfrockman]

I've been involved in searching for obscure or rare files since... well geez it's been a LOOOONNg time I can't even remember..... lets just say pre-internet. So I'd like to think I'm close to an expert. and while at this point searching seems unlikely to find it before the release, it will help us find the VERY first places it will be on release. This means We will be able to get it FAST when it is releaed.

[Rag]

thats cool. Just gotta wait til someone leaks it I guess.

[James]

RAG: I assume your talking about emuneo, personally I think the place reeks of scammer IT COULD BE LEGIT, but personally I think hes fulla bs.

To James: 
NGTOOLS is alredy in my list of watch sites but thank you anyway. 
Viruses I could care less about that is of no concern they are usually obvious and yes most of them are on other p2p networks.  What is of concern is the nature of the kazzaa network and to a lesser extent kazzaaa lite.  It makes it very easy for the owner of the network to track which files originated where.  IT IS NOT A HEADLESS NETWORK!!!! this is contrary to what sharman would have people beleive... but it's true.
I won't even get into the whole spyware mess as first of all, k-lite negates MOST of it, and second of all it's been done to death.  Besides that it is the most inefficient system out there right now.  At the moment it has more content.  This is becuase it is easier to use, easier to find, and has ALOT of financial horsepower.  Try shareaza, still easy to use,8 out of 10 times has what your looking for,  ALWAYS FASTER, and connects to multiple clients. 

NOTE: Shareaza Is not necesarily the best client out there but it is easy to use.  I could list my fav clients but this is already WAAAYYY!!! off topic.

no doubt you know this but Shareaza has spyware

[gandalfrockman]

Spyware In Shareaza?
Sorry but I'm going to need to see some proof that can be duplicated on that accusation, I have never seen any spyware or third party software in shareaza.
I looked pretty hard. Alot of people have. No-one found anything.
I Have never seen it generate any non-standard traffic No-one else has Either.
And if you have proof to the contrary I, as well as many others, would like to see it.
If you do, thanx in advance!
If you Don't, check your facts better!


EDIT: 2 things I forgot!
1. I'm going out of town for a bit. So I will be unable to post for a couple days.
2. Shareaza's Homepage is: http://shareaza.com

Edited by gandalfrockman, 14 December 2003 - 01:48 PM.

[James]

Spyware In Shareaza?
Sorry but  I'm going to need to see some proof that can be duplicated on that accusation, I have never seen any spyware or third party software in shareaza.
I looked pretty hard. Alot of people have. No-one found anything.
I Have never seen it generate any non-standard traffic  No-one else has Either.
And if you have proof to the contrary I, as well as many others, would like to see it. 
If you do, thanx in advance!
If you Don't, check your facts better!


EDIT: 2 things I forgot!
          1. I'm going out of town for a bit.  So I will be unable to post for a couple days.
          2. Shareaza's Homepage is:  http://shareaza.com

evrytime i start Shareaza this happens i start pestpatrol it finds this
http://pestpatrol.co...o/s/savenow.asp

i then delete it and then i rescan with pestpatrol it does not show up. then i start up shareaza again and after that do then scan and the file shows up again

so its ad-aware spyware in shareaza it also shows up in spysweeper 2.1

Overview
Summary: A single process runs at startup which monitors open IE windows and opens adverts when it sees targeted URLs and terms entered into forms. Some distributions of this software were bundled with a "WhenUDownload" control.

One of the most pervasive pieces of piggyback software is dubbed "SaveNow," created by a company called WhenU.com. Distributed along with BearShare, iMesh and the Global DivX player that allows people to watch many online movies, it tracks where a person goes online and then pops up separate browser windows with targeted advertisements or special offers... continuously downloads updated information about new offers and keeps a record of where a person surfs on that person's own computer. It runs continually--even when the program it came with is not operating. Source


SaveNow is installed on your computer as a module that comes with WhenUShop or other software that you download from the Internet... There are a vast number of offers and services available to Internet users that SaveNow may display... SaveNow's offers and information are provided to users by showing a limited number of relevant coupons and ads in the form of interstitials ("pop-up ads") and other ad formats. These offers and ads are shown when users visit various sites across the Internet, based on URLs visited by the user and/or search terms typed into search engines and/or the HTML content of the page viewed by the user. SaveNow's offers are delivered independently from the site the user happens to be visiting when they see a SaveNow offer. Source


Collects info on user’s gender, age, what area the person resides, and his or her e-mail address which they share with others. Other info collected: referrers (HTTP Referrers, Top-level Domains, Search Engines, Keywords, Quality Index, Frequency Index, Newsgroup Referrers, and E-mail Referrers), visitor statistics (Major ISPs, Hostnames, Browsers, OSes, Countries, Timezones, Plug-Ins, Screens, Colors, Java, and JavaScript), and more.

Alias: Adware-SaveNow [McAfee]
Category: Adware: Software that brings ads to your computer. Such ads may or may not be targeted, but are "injected" and/or popup, and are not merely displayed within the form of an ad-sponsored application.

Variants: SaveNow/B comes without the WhenUDownload component.
SaveNow/Db is the same as the Save variant, but includes an ActiveX 'marker' control to prevent it being installed twice.
SaveNow/Download
SaveNow/Download comes bundled with a "WhenUDownload" ActiveX control.
SaveNow/Save is a new version, rebranded as 'Save!', which works in the same manner.

Similar Pests: Adware
Origins
Group: WhenU., Inc.
By This Group: SaveNow/Download
Date of Origin: Variants from April, 2002 to November, 2003
Distribution
Distribution: BearShare and other P2P applications are bundled with SaveNow, as it RadLight video player, and all software distributed by Galt Technologies.
The Db variant is also installed by drive-by-download in advertisements.
Prevalence: SaveNow: 1.0% of all pest reports (1021 per 100,000 reports) More Info

Clot Factor: SaveNow: On average, 32 objects detected in each machine
The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.

Countries Affected: In the past three months, we have received reports of SaveNow in Argentina, Australia, Austria, Belgium, Brazil, Canada, Chile, Croatia, Czech Republic, Denmark, Egypt, Finland, France, Germany, Israel, Italy, Japan, Lithuania, Mexico, Netherlands, New Zealand, Nicaragua, Norway, Peru, Poland, Portugal, Russian Federation, Saudi Arabia, South Korea, Spain, Sweden, Switzerland, United Kingdom, United States.
Growth: SaveNow: Increased 207.9% over the last 90 days

Operation
Advertising: Yes. SaveNow keeps a list of URLs and terms it is interested in on disk, in the file 'SaveNow\savenow.db' in Program Files. This file is obfuscated but it is trivial to decode.* The (large - often over a megabyte) file maps from these targets to advertisements to serve, which are downloaded through Akamai's proxies.
Storage Required: SaveNow: at least 15569KB

Risks
Privacy Issues: As well as downloading the pop-up ads, SaveNow connects to WhenU's servers to log the ad impression. It passes the name of the affiliate software which installed the software, the ID of the advert being shown, and the site URL or term that caused the pop-up to be triggered.
Privacy Policy: Privacy policy.
Security Issues: No.
Stability Issues: Yes. Can cause frequent crashes.
Detection and Removal
Automatic Removal: PestPatrol detects this.

PestPatrol removes this.



Manual Removal: SaveNow/B and SaveNow/Save can be removed from the Control Panel's 'Add/Remove Programs' option.

SaveNow/Db does not provide an Add/Remove Program entry and must be removed manually. SaveNow/Download may be removed through the Control Panel, but leaves an ActiveX control behind, see below for removal.

Finally, SaveNow often also installs 'WeatherCast', a system tray icon that displays the current weather conditions. Unless you find this useful for some reason, you should probably also remove this from Add/Remove Programs.

Open the registry (Start->Run->regedit) and find the key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Delete the 'SaveNow' or 'WhenUSave' value. Reboot and you should be able to delete the 'SaveNow' or 'Save' folder inside 'Program Files'.

To remove the ActiveX objects installed by the Download and Db variants, open the 'Downloaded Program Files' folder inside the Windows folder, and deleting the SaveNow object - the name of this is 'WhenUDownload' in the Download variant, and 'FC327B3F-377B-4CB7-8B61-27CD69816BC3' in the Db variant.

Edited by james, 14 December 2003 - 04:09 PM.