Results 1 to 24 of 24
  1. #1
    Outsourced Program Manager Chris -  AMWSO's Avatar
    Join Date
    January 18th, 2005
    Location
    Bangkok
    Posts
    11,273
    Hi All

    I;m seeing an increasing number of applications from sites that have the offscreen Hotbar install pop up...being an browser install I put it down as a parasite without a seconf thought, confirmation would be appreciated though

    Thanks

    Chris

    Chris Sanderson
    "Lets sell some rocks.....!!"

    Mondera.com Partner Management
    90 Return Days : 100% Parasite Free : Fast Support : Commission on ALL Sales.


    Visit the Mondera Partner Support Zone : Click Here

  2. #2
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Hotbar is listed on most sites dealing with such software as spyware. It's distributed under the guise of skins for Windows programs like IE. It monitors web activites and yields pop up ads based on surfing habits. Typical problems of being able to effectively remove the program from computers by traditional means. It also does some things with search results I believe. More info can be from from google here http://www.google.com/search?q=hotba...&ie=ISO-8859-1

    Keep Your Hands Off My Cookies

  3. #3
    Resident Genius and Staunch Capitalist Leader's Avatar
    Join Date
    January 18th, 2005
    Location
    Florida
    Posts
    12,817
    That Thing is worse than before and now draws my wrath!

    I have it on my old computer--cool skin pictures (beats a solid color by 10 miles), and I had found the file for the pop-ups and killed it (heh heh). "Contextual" buttons in the "toolbar" part weren't much of a threat to affs since they went to lame sites...

    So, when I got the new computer, I had no qualms in trying to improve the looks of the browser the same way. Instantly I saw these CHANGES in Hotbar:

    --TONS more pop-ups than before! Argh!
    --It automatically installed the "email skins" part, which I didn't want.
    --The popup code file was no longer under a nice, obvious, "Gator" file waiting to be deleted. I couldn't find it this time!

    So, I figured I'd just run AdAware and be rid of the entire thing. AdAware *found* it okay, but when it went to delete certain components, it came up ACCESS DENIED! Not being one to just accept a message like that, I investigated further: The Popup file had been set as READ ONLY!!!

    I de-set the "read-only" and tried to delete it. It now *looked* deleted...but when I started surfing--Pop pop pop pop pop! When I re-ran AdAware, there's the Thing back again.

    After about 10 attempts I finally hit on the exact right sequence (or it gave up) and I got rid of it off this computer permanently. I don't know just what I did to make it stay deleted, unfortunately. I was just glad it *did* stay deleted!

    Factoids: The old computer is Win98. This one's XP.

    I didn't just go to their site for the uninstall, because I had doubts as to whether it would really end up uninstalled (with nothing else installed instead) that way. No particular reason for thinking that, just general suspicion...

    quote:
    offscreen Hotbar install pop up~Chris


    What's *that*?? Is that one of those windows where you can't maximize it no matter what? I've seen sites like that, but nothing funny has happened... Also, how can you tell what those hidden windows are for? I've tried to maximize them to no avail.

    -Early in life, I had to choose between honest arrogance and hypocritical humility. I chose honest arrogance and have seen no occasion to change. ~ Frank Lloyd Wright

  4. #4
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Leader. That is bad. Sounds like they've taken the Xupiter approach to uninstalling their software.....

    Keep Your Hands Off My Cookies

  5. #5
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    I warn ABWers to put a rubber on your mouse when trying to view any of these Duper affiliate sites, as drive-by installs are common practice amongst this elite group of software only affiliates.

    TSADBOT (tsadbot.exe) AdGateway by TimeSink / Conducent Technologies
    Aureate/Radiate spyware DLL ADVERT.DLL by Aureate / Radiate AdSoftware Network
    FluxPC AdPipe
    DSSAGENT (dssagent.exe) Brodcast by Broderbund (tags along with some Mattel/Broderbund software)
    CyDoor "Ads On Software (tm)" - Comes with many ad-enabled products including KaZaA.
    Web3000 (MSBB.EXE) aka. N-Case - Dastardly advertising spyware that overwrites your wsock32.dll system file, and may transmit lists of URLs you visit. See Privacy Power! Reference and Network World Reference.
    Flyswat: See Privacy Power! Reference.
    TransCom's BeeLine : see Web3000.
    NewsUpd.exe - "News Engine Update Application" - Creative Labs advertising software installed with SoundBlaster (tm) and perhaps other products.
    Codehammer Message Mates
    BonziBuddy - A talking gorilla/parrot/etc. "software companion" targeting children. Silently Installed with some other software, and difficult to remove. See Privacy Power! Reference.
    OnFlow - Installed by BearShare among others. The company that makes this beastie describes its purpose fairly well on its own It is a browser plug-in designed specifically to display advertising, usually of the large, loud and flashing variety.
    SaveNow (WhenUShop) - Installed by BearShare among others. Put quickly, an advertising toolbar that monitors what sites you visit and pops up sponsored "deals" when products/shopping/etc. appears on those sites. Microsoft provides removal instructions.
    Gator "Trickler" (fsg.exe / fsg-ag.exe), OfferCompanion - installed by AudioGalaxy among others.
    PhoenixNet - Spyware embedded in your system BIOS!
    WNAD.EXE - secretly installed background task that goes online to transmit personal information and display stealth popup ads. Installed by the "Yo Mamma, Osama" game from TwistedHumor.com, as well as the SwapNut file sharing utility.
    Blackstone Data Transponder a.k.a. VX2 / RespondMiter / Sputnik / NetPal / Aadcom. This many-named piece of spyware is installed as an IE Helper (BHO) by third-party software OR website visits, and pops up ads continuously while you surf.
    FlashTrack (FTAPP.DLL) - An advertising spyware module (BHO) installed with the iMesh filesharing client. More information and removal procedure are here. Flagged as a Trojan by McAffee.
    dlder.exe - An advertising trojan that is installed by Grokster (1.33), Bearshare (2.4.0b7), LimeWire (2.02), Net2Phone (unspecified versions) and KaZaA (unspecified versions). The spyware itself comes from ClickTillUWin.com. Taking the torch from even the worst advertising spyware to date, this one creates a fake Explorer executable and process to hide its activities. More information here. Some antivirus manufacturers have listed this as a virus or trojan horse: TROJ_DLDER.A.
    ADP.EXE - Another spyware, distributed with LimeWire(?) and others. Appears to be an installer of Bargain Buddy (below).
    BARGAINS.EXE (Bargain Buddy) - Advertising spyware installed with Net2Phone and some versions of LimeWire. Appears related to ADP.EXE above. More info at and.doxdesk.com.
    bdeviewer.exe (B3D / BrilliantDigital Projector) - A "3D Web Animation" advertising-display plugin, similar to Onflow, as well as distributed computing client that will sell your hard drive space, CPU cycles, and bandwidth. Installed by KaZaA/Morpheus and probably others. Additional story here. Removal procedure here.
    EverAd - No information currently available.
    Expedioware - No information currently available.
    adshow.exe - No information currently available.
    HelpExpress / Attune (HXIUL.EXE) - Appears to be advertising spyware that displays sponsored ads, e.g. "Buy toner"/etc. messages when you use your printer. No additional information available at this time. Remove by uninstalling "HelpExpress" and "Attune" under Windows' Add/Remove Programs.
    Gator GAIN (GMT.exe, CMESys.exe, GAIN_TRICKLER_*.EXE) - Pops up advertising, apparently a new Gator product. A security hole in some versions allows Web sites to install arbitrary software on your computer. This URL will detect GAIN. Gator recommends on its Web site to contact support(at)gator.com for removal instructions. Gator software may be quietly installed by drive-by download.
    Wurld Media / Morpheus Shopping Club (bpboh.dll / mbho.dll / MSCStat.exe) - Installed by Morpheus, the "no spyware" (ya, we believe you) filesharing tool. Sneakily redirects IE through advertisers' referral links when certain sites are visited in your Web browser. More details here and here.
    NE.EXE (Network Essentials / SmartPops) - Displays stealthy popup ads while surfing the Web or using search engines. Wow! To hear it from them, this is the best service on earth--boy are they helpful. Remove by uninstalling "Network Essentials" in Add/Remove Programs. I have seen reports of this being installed simply by visiting certain Web sites.
    dw.exe, Movie Network.exe (Downloadware / Mediacharger / Movienetworks) - Displays lots of popup ads as you surf; Mediacharger may also function as a dialer for 1-900 #s for billing of adult movie downloads. Check for removal entries in Add/Remove Programs. Some removal instructions (may or may not work?) are here. I have had reports that the program will try to deter uninstallation by telling you that doing so will mess up your browser. It is, however, bluffing.
    ofrg.dll (FavoriteMan) - Installed by unknown means, possibly by NetPal spyware. More information here. One of its co-bundled products may be a homepage hijacker.
    ctbclick.exe (ClickTheButton) - Installed by (NetPal), Favoriteman parasite, and some versions of KaZaA. More information here.
    JavaRun.exe (Etraffic / TopMoxie) - Marketing software installed by products from "loyalty marketing partners", that pops up ads and coupons when you visit certain Web sites. TopMoxie description and info here. According to this site, partner software must be removed before an entry for TopMoxie will appear in Add/Remove.
    Download_Plugin.exe - SpywareInfo has the scoop on this, it is an infector for the infamous Lop.com portal-potty. It reportedly modifies your browser preference settings to place Lop.com as your start page, adds crap links to your bookmarks, changes your desktop and adds a spyware plugin ("Swish Browser Helper").
    openme.exe (xww.de ?) / Fast Download / Full Downloader - Loads at startup and pops up porn ads after about 20 minutes, according to this post in the message boards. May also try to install a dialer. To remove, find and delete openme.exe in your Windows directory, and remove it from your Registry's "shell=" line as well.
    Radlight DivX Movie Player - The nature of the software itself is unknown. However, it will intentionally search out and delete AD-Aware from your hard drive, then dump a number of malware products on your system. This puts it on the level of a VIRUS in my book; such a behaviour is completely unacceptable.
    NETBUIE.EXE (Unknown) - Source unknown. Places itself in C:\windows\system and adds a startup reference to the Registry. Continually loads porn popups like sexysquirter.com et al) while the machine is switched on.
    INetSpeak - Bundled with the Music Magnet file-sharing tool, installs a permanent ad banner into IE. Installs as a Browser Helper Object. Remove using a BHO remover, by disabling BHO42602.clslnetspeak or similar. See write-up here.
    plg_ie0.dll - More Lop.com crap, this one is a BHO that sends your browser to their site for most any IE error page (e.g. "The site cannot be found" becomes instead a bunch of useless lop.com links). See SpywareInfo's writeup for details.
    Netbroadcaster(?) - Related to Movienetworks (same registrar, IP block, etc.). There is reported to be a malware product by this name. No additional information available.
    Unknown (ftp_back.exe, istabm.exe, bm_insta.exe, attnvg.exe, createsw.exe, driverpg.exe) - Suspected ad/spyware programs. Implicated here. No additional information available.
    AdBreak (kvnab.dll) - The name implies an advertising program, but has not been observed in action. May be installed by a trojan. Some info here.
    PAgent, Vegas Palms Casino (MicroGaming), KFH, MediaLoads, WinEME - sub-parasites installed by DownloadWare, include casino gaming apps, ad programs and an unknown email-sending background task. Info and removal help here.
    HotBar - an advertising toolbar that spies on sites visited and the contents of forms you fill out. Installed by IMesh. More info here.
    VLoading / Download class - A loader or "trickler" that is used to download and execute arbitrary programs on your PC. Used by some sites to install porn dialers. Created by a company called Electronic Billing Systems, who may be involved with dialers. More info here.
    EchoBahn.com BookmarkExpress (BMupdate.exe) - A program bundled with scanner drivers (!?) that allows you (and marketing partners(!)) to manage your bookmarks from anywhere, and pops up ads at you. The service itself has since been discontinued, and it is recommended to delete this file.
    wbeCheck (pbsysie.dll / Floid.dll / wbeCheck.exe) - Spies, and modifies the contents of HTTP traffic in IE. More info here and here.
    HuntBar - A browser toolbar and homepage hijacker. See its listing below, under Homepage Hijackers.
    Firstlook / new.net - A portal potty and paid-placement search engine operated by New.net. Reportedly, software is slipped in by the New.net client which directs the user to the firstlook.com search engine. This functionality is reported to be currently deactivated.
    Tgdc.exe / shopforgood.com - An affiliate link stealer similar to Wurld Media. More info here.
    CnsMin / 3271.com - A Chinese keyword-lookup program, possibly similar to QuickClick? Does not appear that harmful, but is very difficult to remove and re-installs itself even while you are still removing it. More info here.
    Search-Explorer - Another useless Browser Toolbar. Displays popup ads and places some cookies on your machine. More info here.
    WINSERVS / PurityScan / sear1.exe (winservs.exe, winservn.exe, etc.) - On first running, scans your IE cache/history/cookies for files with porn-words in them and displays a list of any found. Also drops in a background program (winservs.exe) that constantly loads popup ads when the computer is running.
    SmartAd (Cybersurf / www.cia.com) (file names unknown) - Canadian advertising program that "enables true one-to-one targeting of advertising messages against audiences defined by demographics, psychographics, lifestyle or location". The company boasts that its software's ads "can never be covered up, moved offscreen, or otherwise disabled." This product appears targeted mainly toward Internet kiosks and "free internet access" companies, not end-users. The company also hypes an "ad player" format similar to Onflow
    Permissioned Media (friendgreetings.com / cool-downloads.com / WinSrv Reg / OTMS.EXE / winservc.exe) - Another company that hawks those infamous "online greeting cards". The catch? To view the greeting card, the site attempts to install a 1+ megabyte application that will (unless you carefully read the license agreements and click "NO!") spam everybody in your Outlook address book with phony greeting cards and ads for their service, then place advertising spyware on your computer. The spyware will collect your name, email address and surfing habits, popping up ads and delivering HTML spam to your email address. Removal instructions here. Possibly the first spyware program that lists "minimum 64MB memory" in its system requirements, and attempts to restrict you linking to their Web site. (Sue me, I dare ya.)
    Save / WhenUSave (SAVE.EXE) - Installed by some "free" software including Radlight Media Player. A removal reference is placed in Add/Remove Programs, but warns that removal will also disable the program (e.g. media player) that it was installed with. Appears to be a rebranded version of the SaveNow advertising parasite.

    BESS, the notorious censorware program, caught spying on childrens' surfing habits and selling the information. Details at ZDnet.
    "The Red Sheriff" Java Applet from imrworldwide.com
    Download Demon / Real Download / Netscape Smart Download (same/similar programs)
    Comet Cursor
    RealJukebox See this article by Richard Smith.
    Alexa, Zbubbles See this message from Richard Smith. An Alexa representative asserts that the company "no longer receives any personal information as of early 2000".
    Microsoft Windows Registration Wizard
    DigitalConvergence (DigitalDemographics) C.R.Q. software, CueCat barcode scanner
    NBCi QuickClick (tm) - See MSNBC article.
    Gator, Offer Companion, Trickler (FSG.EXE / fsg-ag.exe)@ - Installed by (EVERYTHING!) - Including AudioGalaxy
    Gohip.com "Browser Enhancement" (Hijacker): More information on this is available at Privacy Power!. Undo hijacking
    PassThisOn.com (the newest venture of "Spam King" Sanford Wallace) Hijacker. See this article for details.
    United Parcel Service (UPS) - see this article.
    Rockstar Software's "Gearbox Connection Kit" used by some ISPs, a tool to let the ISP auto-setup or update users' connection settings, will reportedly attach to the browser and change the IE homepage back to the ISPs everytime the browser is started (more info). Rockstar Software clarifies that the software isn't "evil" or a security concern, and provides this simple procedure for changing the homepage on a computer using Gearbox Connection Kit. This software, unlike other listed here, does not appear to be malicious in nature.
    www.ezcybersearch.com - uninstall page to undo the hijacking.
    mycpworld.com (a bogus porn site consisting entirely of blind links to a referral script) hijacks the IE settings using a .jse file as well as a .tmp file loaded in at startup with Registry Editor. (Search for and remove .jse files, remove the start-up trash from the registry)
    Lop.com also hijacks, and even points IE's DNS Error and other error pages to lop.com. If you can't get rid of this as your homepage, download their two (!) uninstallers, to remove hompage hijacking and remove the Lop.com toolbar.
    Unknown portal potties (redirecting to goto.com, topsearcher.com, et al) - add files with names such as: sps.dll, sp.dll, sp.reg, sb.dll or similar to your system. In your StartUp folder you will see one or more lines such as: "regedit -s c:\windows\sp.dll". To fix, delete/rename the files appearing in this manner in the StartUp folder, and (optionally) remove the entries from the StartUp folder. These are actually Registry files that are loaded in at startup via Registry Editor.
    www.allcybersearch.com - save this registry file and double-click on it to un-hijack your settings. This will remove the stuff that auto-changes your settings on startup and restore your IE defaults (e.g. MSN start page). If you prefer other settings, you can right-click the file and Edit..., and change the homepage settings to your liking before clicking on it.
    www.globesearch.com - no verified fix yet. Possible fix (from examining suspect "Uninstall" binaries from the site): Find and delete the files: gshp.vbs, gsc0.txt, gsc1.txt.
    Bonzi Buddy - Unconfirmed, but it is reported that the Bonzi software will change your homepage, and if you change it back, pop up a "Would you like to change your homepage (back to Bonzi's)". Whether you select yes or no, your homepage gets changed.
    www.cool-xxx.net - Delete WINSYS.VBS (or .VBA), win0.txt, win1.txt from your Windows directory. Also find and delete the program that is loading them, which may be under a random name (in one case it was "zzgghh").
    www.huntbar.com - A browser toolbar and hijacker. Believed to be a drive-by download. Reportedly, even redirects "My Computer" and "Control Panel" to their site. Close IE, use Find to search for "MSIETS.DLL", and write down the path to it. It is normally "C:\Program Files\Common Files\MSIETS". Deregister it by typing the following command into Windows' Run box: "regsvr32.exe /u C:\Program Files\Common Files\MSIETS", replacing C:\Program... with the path you noted earlier.
    www.xupiter.com - This site will hijack your start page by way of a "browser enhancement" toolbar BHO. It is difficult to remove manually, but luckily Ad-Aware and SpybotS&D both remove it without any trouble.
    www.provilation.com - Hijacker prefixes the URL prolivation.com/cgi-bin/r.cgi? to Web sites you visit (even when you type the address in manually), allowing the site to monitor visited URLs and/or redirect the requests, add popups, etc. Adult sites may be substituted for the requested site. SpybotS&D will remove this hijacker.
    www.searchresult.net - Hijacking method unknown. A 'Support' page on the site claims to reset the homepage, but only sets a cookie and displays a popup ad.
    Foistware (Everything-installs-it-can't-get-rid-of-it)
    Unwanted application programs that come along, trojan-style, with completely unrelated software. Usually because some jerk is getting paid to foist it on your system whether you want it or not. Since they tag along with so many different pieces of third-party software, it is not uncommon to get re-infected with these foistware products again and again.

    Gator, Offer Companion, Trickler (FSG.EXE / fsg-ag.exe)@ - Installed by (EVERYTHING!) - Including AudioGalaxy
    WhenUShop / SaveNow@
    AOL Instant Messenger@ Installed by Netscape Navigator and other products.
    MSN Messenger - Installed by/with a number of Microsoft applications, including MSIE and MSN Explorer
    New Net, Inc (NewDotNet) Installed by BearShare among others
    EZula TOPtext / ContextPro / HOTText - This is a product some are calling "ThiefWare" - It inserts "yellow highlighter" advertising links in arbitrary web sites you visit! - Installed by KaZaA file-sharing tool among others.
    Spedia Surf+ - another "ThiefWare" product. Installed by Spedia software and very difficult to remove. See this site for removal instructions.
    WebHancer - a secretive "connection reporting tool" that seems to be quietly installed by dozens of unrelated programs!
    Fotino by Meltingpoint Software - A "thiefware" product similar to EZula TopText--see this Telegraph article. No information currently available.
    Mirazo / NetAngel - A "thiefware" product similar to EZula TopText. No information currently available.
    CameoCast and CameoONE - May be installed by Western Digital Lifeline Installer.
    BackWeb / Western Digital DLGLI.EXE - Installed by Western Digital Data Lifeline among others. Purports to monitor your hard drive for problems, but is suspected of being a vehicle for displaying unwanted advertisements as well. More recently, Backweb was caught installing along with Logitech mouse drivers (!) (Do you really need web-update for ****ing mouse drivers?)
    Liveshows - A dialer program that tries to get you to accept a set of Terms it hounds you with on every startup. May be installed via unsolicited mail attachment and some adult Web sites.
    NetSetter / Marketscore - A "market research" program along the lines of WebHancer, intended to track your Internet usage and buying habits. Some users seem to have it and not know where it came from. Removal instructions here. (If you did voluntarily sign up for this service and wish to remove it, you can login to the Marketscore Web site for removal procedures.)
    IntelliTech Backdoor.Autoupder Trojan / BrowserToolbar (Ausvc.exe, Bvt.exe, Mnsvc.exe, Absr.exe) - A bona-fide backdoor trojan, this one is caught by antivirus. Writeup here and technical info here. A sneaky spyware dropper that was installed by an ad on a Web site (flowgo.com).
    CommonName toolbar - "Internet marketing tool" (and resolver of New.Net-esque bogus domain names) which, while it can be downloaded from its maker's Web site, often appears due to KaZaA and similar software. Info here.
    UCMore (ucmie.dll) - An IE toolbar that displays "related links" for the site you're visiting. Distributed by FreeWire file-sharing tool among others, and spies on the URLs you visit. More info here.
    freeaccess.exe - Distributed via adult spam, appears to be a dialer.
    sentry.exe, sentrystub.exe (IPInsight UserTag / TrafficSensor) - Provides Web sites with demographic and geographic information about you (the company brags that it can determine what city you live in to 90% accuracy), along with connection-speed and other data. Thread here. Interestingly, the company claims its product (installed on YOUR computer) as an alternative to spyware.

    Addition new and old entries into the affiliate BHO industry can be found at http://www.cexx.org/adware.htm

    Now I know the networks do not want to throw their cash cow baby out with the dirty bathwater. The reality is going to be thrust upon them that these babies are all affiliate commission stealing con-men midgets posing as babies taking their first steps. They float like crap in a common cesspool called the B-a-HO "incent" persission based marketing plans of our industries Dupers. Good luck honest merchants on identifying them in their thousands of disguises, as no network has stepped forward to identify or publist a list of these double dipping commission thieves.

    Charlie ...

    If they won't adopt and feed a bird ..flip them one! Where's the love and show me the money?

    [This message was edited by EcomCity.com on February 01, 2003 at 04:02 PM.]

  6. #6
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    The wanks at Hotbar are not to be confused with the wanks running the BHO parasite "HuntBar"... Trafficsyndicate http://www.trafficsyndicate.com/Legal/FAQ.asp

    All you sleezy affiliates looking for a drive-by install partner at 5 cents per hidden download can jump on this one along with ebates and Gator payouts. Learn how to rape the PPCSE's fees for those expired domains and blind redirects if you don't have the budget for your own B-a-HO application.

    About Us

    TrafficSyndicate.com is a product of First Cash Reserve, LLC. We'll make it easy to transform Website traffic into maximized revenue. And because we are performance driven, more clicks mean more revenue.

    Our innovative marketing products and cutting edge technology has been developed to drive quality traffic that will yield the best results for our advertising clients. This combination allows us to keep our payout rate at a maximum..

    Our Primary Goals Are:

    1. Maximize the revenue for our affiliates
    2. Ensure the highest quality of traffic for our advertisers
    3. To make the program simple and easy to use!
    Of couse you can trust us to pay out your earnings when you reach 100.00 minimum. No problem since we hijack your visitors system to force them to use our search bar and make it very hard to un-install. Not even Ad-Aware or Spybot S&D can work yet on our hidden installs.

    Description

    HuntBar is a toolbar providing searching features, which is added to every new Internet Explorer and Windows Explorer window.

    It also changes your home page and search bar settings to point to HuntBar's servers, and automatically opens this search bar when it detects you using any other search engine.

    Distribution

    Through ActiveX drive-by-download at affiliate sites, possibly in pop-up advertising.

    TrafficSyndicate, the makers of HuntBar, offer 'co-branded' versions of HuntBar which may be installed by other sites under a different name. WHOOOPIE ...you can fudge up your visitors systems with your private labeled version.

    Removal

    TrafficSyndicate offer two removal programs. (Bottom of page; these have not been tested.)

    Ad-Aware and Spybot S&D cannot yet remove this parasite.

    Manual removal

    HuntBar stores its code in a folder called 'MSIETS' inside the 'Common Files' folder in 'Program Files'. Before you can delete it, you must deregister its DLLs. There will be one called 'msiets.dll', and, if HuntBar has been running long enough to download some updates, probably also 'msielink.dll'. If you don't have msielink.dll you will only have to use the first of the two following commands.

    Open a DOS command prompt window from Start->Programs->Accessories, and enter the commands. For Windows XP, 2000 or NT:

    regsvr32 /u "C:\Program Files\Common Files\MSIETS\msiets.dll"
    regsvr32 /u "C:\Program Files\Common Files\MSIETS\msielink.dll"

    Or for Windows 95, 98 or Me:

    "%WinDir%\SYSTEM\regsvr32.exe" /u "C:\Program Files\Common Files\MSIETS\msiets.dll"
    "%WinDir%\SYSTEM\regsvr32.exe" /u "C:\Program Files\Common Files\MSIETS\msielink.dll"

    You will need to change the path 'C:\Program Files\Common Files' in the above commands if your Program Files are on a different drive, or have a different name (eg. non-English Windows installations).

    Having done this you can restart the machine and delete the MSIETS folder, along with the entry '{8A05273A-2EA5-42DE-AA75-59EA7D9D50D7}' inside 'Downloaded Program Files' in the Windows folder. You can also run 'regedit' and remove these entries from the registry to clean up if you like:

    HKEY_CURRENT_USER\Software\MSIETS
    HKEY_CURRENT_USER\Software\MSIETSLink
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8A05273A-2EA5-42DE-AA75-59EA7D9D50D7}

    After removing the software you may want to delete the shortcuts it adds to the desktop, start menu and favourites menu, and set your search and home pages back to normal (see Tools->Internet Options->Programs->Reset Web Settings).

    Charlie ...

    If they won't adopt and feed a bird ..flip them one! Where's the love and show me the money?

  7. #7
    Resident Genius and Staunch Capitalist Leader's Avatar
    Join Date
    January 18th, 2005
    Location
    Florida
    Posts
    12,817
    Good grief...that thing makes HOTbar look good in comparison!

    -Early in life, I had to choose between honest arrogance and hypocritical humility. I chose honest arrogance and have seen no occasion to change. ~ Frank Lloyd Wright

  8. #8
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,205
    I do IT support at my day job. 1/3 of everything I fix involves uninstalling hotbar.

    "Why does it crash when I print a PDF file?"
    "Conflict with Hotbar, uninstalled it and everything works fine"
    "Can you fix it so I have both"
    "Nope"
    "Why not?"
    "Hotbar is bug-ware in more than one sense of the word."

    Nothing will get it through these people's heads that REINSTALLING IT brings back your problems.

    It would make a good Dilbert strip...

  9. #9
    Outsourced Program Manager Chris -  AMWSO's Avatar
    Join Date
    January 18th, 2005
    Location
    Bangkok
    Posts
    11,273
    Off Screen Pop Up.

    basically they use exact positioning to place the pop up off the dimensions of your screen.

    why?,Well as I see it often people click enter do things, no when an offscreen pop up finally comes into focus, some sucker has clicked enter to try and bring it up, what he/she doesn't realize is that they just okayed an install....

    Cheers

    Chris

    Chris Sanderson
    "Lets sell some rocks.....!!"

    Mondera.com Partner Management
    90 Return Days : 100% Parasite Free : Fast Support : Commission on ALL Sales.


    Visit the Mondera Partner Support Zone : Click Here

  10. #10
    Full Member
    Join Date
    January 18th, 2005
    Posts
    439
    I had a bot from 180.179.100.149 describing itself as:

    "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Hotbar 4.2.8.0)"

    Crawl one of my personal sites last night and grab about 1000 pages at 3 pages per second.

    Is this related to the Hotbar parasiteware, and is it crawling to find keywords to help populate its pop-up database??

    Any ideas?

    Mark......

    Mark Mitford
    Sales Director
    Dotster, Inc
    http://www.dotster.com/
    15% Commission - 90 day cookie - 0% reversals

  11. #11
    Domain Addict / Formerly known as elbowcreek Thomas A. Rice's Avatar
    Join Date
    January 18th, 2005
    Posts
    5,468
    I believe KANOODLE feeds into Hotbar. You might check that out the next time you go to send Kanoodle a check. Express your displeasure if they are still using them, maybe someday it will sink in.

    Time Is A Parasite's Friend

  12. #12
    Full Member
    Join Date
    January 18th, 2005
    Posts
    439
    To the best of my knowledge we don't advertise wih Kanoodle.

    Mark Mitford
    Sales Director
    Dotster, Inc
    http://www.dotster.com/
    15% Commission - 90 day cookie - 0% reversals

  13. #13
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Common to all the evils thrust upon those who go online are the scumbag greed driven buttholes who install their crap on enduser systems. There is absolutely no legit ethical reason for any merchant or network to allow commissions to go to any third party who uses S/W downloads to CAPTURE shopper's systems.

    A complete BANN on all S/W download Dupers and affiliates is the only solution to bring the networks back from the BHO abyss. The greedy bastards who think they can control/monitor/restrict the S/W programmers to play fair are sadly mistaken. It will never happen and the affiliate marketing industry will slip into the PORN industry model of Ad-nausium tactics.

    Incent advertising is just that ...advertising. Last time I checked the affiliate networks give us publishers not one dime for advertising for their pool of merchants. Until 100% of the focus is placed back upon getting shoppers to click through pre-sell HTML links the conversion ratios will continue to plummet as the S/W download crew take over the commissions with their trickery.


    I can no longer count upon sales credits from ANY EcomCity shopper who has Adwarez installed on their systems. I can no longer count on ANY shopper who has P2P music theftware installed on their systems as those open backdoors just poor more parasite BHO's into those systems. I can no longer expect commissions from the millions who are forced to install Popup Killer/cookie cutting applications on their systems to counter the S/W hidden download perps. Soon all ISP accounts at Yahoo -AOL -MSN -Earthlink will have the option to eliminate popup/unders, spamm and at the same time checking that option will probably target the affiliate network tracking servers as one of the culprets ...and block them.

    Anyone here care to lobby the networks to ask pointed questions to AOL staff on their new Ad blocking S/W. Hell ...AOL has said the new S/W option will even block ALL Time Warner company Ads too. E-mail marketers might just as well look for a job at Micky D's. Why not block all CJ -Performics-LS & BF servers as they are the prime money source for ALL BHO theftware browser hijackers.



    Charlie ...

    If they won't adopt and feed a bird ..flip them one! BBQ some Gator and remember to flush WhenU..

    [This message was edited by EcomCity.com on March 13, 2003 at 10:29 AM.]

  14. #14
    Domain Addict / Formerly known as elbowcreek Thomas A. Rice's Avatar
    Join Date
    January 18th, 2005
    Posts
    5,468
    Hey mark, by the way, by 'you' I meant 'everyone in general', I wasn't pcking on ya.

    Time Is A Parasite's Friend

  15. #15
    Full Member
    Join Date
    January 18th, 2005
    Posts
    439
    No worries, I knoew you didn't mean us, I just didn't want anyone else thinking you meant us

    Mark Mitford
    Sales Director
    Dotster, Inc
    http://www.dotster.com/
    15% Commission - 90 day cookie - 0% reversals

  16. #16
    Full Member
    Join Date
    January 18th, 2005
    Posts
    439
    quote:
    Originally posted by Mark Mitford, Dotster.com:
    No worries, I know you didn't mean us, I just didn't want anyone else thinking you meant us

    Mark Mitford
    Sales Director
    Dotster, Inc
    http://www.dotster.com/
    15% Commission - 90 day cookie - 0% reversals


    Mark Mitford
    Sales Director
    Dotster, Inc
    http://www.dotster.com/
    15% Commission - 90 day cookie - 0% reversals

  17. #17
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    quote:
    Mark said:
    I had a bot from 180.179.100.149 describing itself as:

    "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Hotbar 4.2.8.0)"

    Crawl one of my personal sites last night and grab about 1000 pages at 3 pages per second.

    Is this related to the Hotbar parasiteware, and is it crawling to find keywords to help populate its pop-up database??



    Mark, I know that browsers will show like that in your logs if someone has hotbar installed. Or evidently had installed and tried to remove even with more than one parasite removal tool. I came up empty on that IP address. Could be someone running some type of spider script from their own browser.

    Keep Your Hands Off My Cookies

  18. #18
    Full Member
    Join Date
    January 18th, 2005
    Posts
    439
    Good point BLFH.

    Thanks.

  19. #19
    ABW Ambassador DesignerWiz's Avatar
    Join Date
    January 18th, 2005
    Location
    U.S.A
    Posts
    2,777
    After seeing Mark note about "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Hotbar 4.2.8.0)" floating through his service I went to my logs .. sure enough .. they visited us to.

    Let me know what you find out if anything Mark.

    Ray Thomas


  20. ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    It's fairly common in mine, but then I do have some penny click campaigns running with Kanoodle. Darn, I thought they were *clean*.

    ________
    All your commission are belong to us.

  21. #21
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,916
    >"...put a rubber on your mouse..."

    LOL

    ----
    -J
    Up in the air in revenue share

  22. #22
    ABW Ambassador
    Join Date
    January 17th, 2005
    Posts
    530
    When I used to use Kanoodle, 95% of my traffic
    from them came from Hotbar users, which did not
    convert at all for me. I have closed my account
    with them and no longer receive this traffic.

  23. #23
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    I've seen hotbar show with ah-ha also. Again, no conversions. After many phone calls and them swearing they were clean.

    Keep Your Hands Off My Cookies

  24. #24
    Full Member
    Join Date
    January 18th, 2005
    Posts
    480
    Add FINDWHAT to the Hotbar list. ..

  25. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. hotbar
    By Steveinid in forum Suspicious Activity!
    Replies: 17
    Last Post: August 6th, 2003, 03:22 PM
  2. Help with Hotbar Redirect
    By Taurus in forum Suspicious Activity!
    Replies: 1
    Last Post: December 25th, 2001, 01:48 AM
  3. Hotbar?
    By Haiko de Poel, Jr. in forum Suspicious Activity!
    Replies: 16
    Last Post: December 21st, 2001, 06:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •