Results 1 to 7 of 7
  1. #1
    ABW Veteran jc101's Avatar
    Join Date
    January 18th, 2005
    Location
    Santa Cruz, CA
    Posts
    4,597
    Has anyone heard of qcksearch.com which does not exist.. a friend of mine is experiencing a parasite that: some search page that loads when they enter a url. does anyone know where this is from... and how to remove it?

    Jason
    Santa Cruz

  2. #2
    ABW Founder Haiko de Poel, Jr.'s Avatar
    Join Date
    January 18th, 2005
    Location
    New York
    Posts
    21,609
    Jason,

    Your friend has the iGetNet parasite installed, tell them to go to http://www.doxdesk.com/parasite/IGetNet.html and follow the removal instructions there.

    Haiko


    The secret of success is constancy of purpose. ~ Disraeli


  3. #3
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,402
    These parasites really tick me off sometimes...Look at the steps a user has to go through to uninstall it. I know my father-in-law would have no clue with what is going on there....sheeesh

    TH Media-Web Solutions For The Small Business
    Check Out The TH Media Affiliate Program

  4. #4
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    FavoriteMan is an IE Browser Helper Object. Every so often it connects to its controlling servers, which may direct it to download and install other programs and add entries to the IE Favorites menu.

    At the time of writing, unsolicited commercial software installed by this parasite is known to include:

    Transponder/VX2
    NetPal
    ClickTheButton
    ezCyberSearch toolbar
    TopText
    SideStep
    BargainBuddy/Adp
    eXactSearch
    NewDotNet
    IGetNet
    HotBar
    DailyWinner
    n-Case (180solutions), spyware that cannot be detected by the script at this site. Remove the msbb.exe key from HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run with regedit to stop this
    Mail.com Alerts (which also comes bundled with BargainBuddy/Apuc)
    various homepage hijackers
    Variants
    FavoriteMan/Ofrg's program file is called ofrg.dll. It stores its data in a file called favboot.dll. Its controlling server is www.yourspecialoffers.com.
    FavoriteMan/Favorite installs favorite.dll. Data file is FavMan.dll. Controlling server is also www.yourspecialoffers.com.
    FavoriteMan/Lwz installs lwz.dll. Data file is SysLdr.dll. Controlling server is www.f1organizer.com.
    FavoriteMan/F1 installs F1.dll. Data file is SysLdr.dll. Controlling server is www.prize4all.com.
    FavoriteMan/FOne is a replacement for the Lwz variant. Filename is FOne.dll, data file is SysLdr.dll. Controlling server is www.f1organizer.com.
    FavoriteMan/ZZ installs ZZ.dll. Data file is SysLdr.dll. Controlling server is www.f1organizer.com.
    FavoriteMan/MPZ installs mpz300.dll. Data file is SysLdr.dll. Controlling server is www.f1organizer.com.
    FavoriteMan/IMZ is installed with a pseudo-random filename. Data file is SysLdr.dll. Controlling server is www.f1organizer.com.
    Also known as
    In the newest Grokster and iMesh bundles there is a section in the small print referring to the FavoriteMan software as NetPal. Mindset Interactive, the producers, seem to use the name "NetPal" to refer to any of their unsolicited commercial software, including FavoriteMan, NetPal and Transponder.

    Distribution
    FavoriteMan/Favorite and FavoriteMan/F1 have been bundled with iMesh 3. The origin of the Ofrg and Lwz variants is currently unknown.

    The FOne variant is installed by the Lwz variant.

    The ZZ variant is bunded with Grokster as of January 2003.

    The IMZ variant is installed by the lop/IMZ parasite.

    What it does
    Advertising
    Yes. Adds advertisers' web sites to the Favorites menu.

    Privacy violation
    Suspected. FavoriteMan seems to try to find your e-mail address on installation to send to its controlling servers, however I have not witnessed this actually working.

    Security issues
    Yes. The software can and does execute any arbitrary code which the controlling servers points it to. FavoriteMan's aim is to install as much unsolicited commercial software as possible in order to gain its makers the commission fees from other adware companies.

    Stability problems
    Yes. FavoriteMan sometimes causes IE to lock up for a variable period of time, occasionally indefinitely, when a new browser process is started. This may be something to do with its trying to contact its servers on startup. Also crashes may occur when very long URLs are used.

    Removal
    FavoriteMan/F1 and FavoriteMan/ZZ offer a removal feature: go to Add/Remove Programs in the Control Panel, choose 'F1' or 'ZZ' and click 'Remove'. Spybot S&D and Ad-Aware can remove FavoriteMan/Ofrg and FavoriteMan/Favorite.

    THmedia and anyone catching this Duper Affiliate's bundle of crap on their system by drive-by or hidden installs also hate the originators. So the networks monitize the pissing off of 400 million web shoppers with B-a-HO applications and gloss it over as the wave of the future. If it wasn't for ABW no network would have come forward to run the theftware folks outta Dodge. They'd let them openly operate their schemes ruining millions of computers ability to browse our sites. Notice most all theftware affiliates are "incent/rewards" sites. Bann ALL of those from the networks and the merchants would be forced to make pages that convert targeted traffic rahter than play the affiliate advertising game.

    Charlie ...

    If they won't adopt and feed a bird ..flip them one! BBQ some Gator and remember to flush WhenU..

  5. #5
    ABW Veteran jc101's Avatar
    Join Date
    January 18th, 2005
    Location
    Santa Cruz, CA
    Posts
    4,597
    Thanks everyone... for the help I will lead my friend to this thread...


    Jason

    Jason
    Santa Cruz

  6. #6
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Here's some of the perps, who not only get their BHO theftwarez crap by dubious means, but actually go so far as to get labeled as true computer viruses by McAffee.

    Registrant:
    DestinyWeb
    PO Box 3241
    Ocala, FL 34478
    US
    352-595-8988


    Domain Name: YOURSPECIALOFFERS.COM

    Administrative Contact:
    Web, Destiny sales@trafficneeds.com
    PO Box 3241
    Ocala, FL 34478
    US
    352-595-8988


    Technical Contact:
    Web, Destiny sales@trafficneeds.com
    PO Box 3241
    Ocala, FL 34478
    US
    352-595-8988


    Record last updated 01-22-2003 02:58:44 PM
    Record expires on 10-23-2003
    Record created on 10-23-2001

    Domain servers in listed order:
    NS1.RACE.COM 64.240.174.5
    NS2.RACE.COM 209.21.0.72

    ____________________________________________

    Registrant:
    Razor Media
    4542 East Tropicana Ave
    Suite 8000
    Las Vegas, NV 89121
    US
    714-374-3390


    Domain Name: TRAFFICNEEDS.COM

    Administrative Contact:
    Media, Razor info@razormedia.net
    4542 East Tropicana Ave
    Suite 8000
    Las Vegas, NV 89121
    US
    714-374-3390


    Technical Contact:
    Media, Razor info@razormedia.net
    4542 East Tropicana Ave
    Suite 8000
    Las Vegas, NV 89121
    US
    714-374-3390


    Record last updated 02-07-2003 04:42:24 PM
    Record expires on 02-02-2004
    Record created on 02-02-2002

    Domain servers in listed order:
    NS1.LOTTO-MAIL.COM 66.240.152.152
    NS2.LOTTO-MAIL.COM 66.240.152.153

    Charlie ...

    If they won't adopt and feed a bird ..flip them one! BBQ some Gator and remember to flush WhenU..

  7. #7
    ABW Ambassador Rick McGrath's Avatar
    Join Date
    January 18th, 2005
    Location
    Beloit WI
    Posts
    1,340
    This is a very old thread but illustrates the value I get from ABW.

    I see something suspicious.
    Hmmm, I think I'll check this out in ABW.
    Ahhh. Here's the answer.

    IGetNet just applied for our program.
    I'll take a pass. Dodged that bullet. Thanks Haiko.

    Rick

    Rick McGrath
    Partner Development
    JC Whitney & Co.
    affiliatehelp@JCWhitney.com
    800-863-4227 ext. 5681
    AIM: RickJCWhitney

  8. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Another parasite??
    By Gordon in forum Suspicious Activity!
    Replies: 12
    Last Post: June 2nd, 2004, 12:33 PM
  2. Anybody know what parasite this is?
    By Electropulse in forum Suspicious Activity!
    Replies: 9
    Last Post: April 17th, 2004, 04:50 AM
  3. Another new parasite?
    By Linda - 5starAffiliatePrograms in forum Suspicious Activity!
    Replies: 18
    Last Post: September 23rd, 2003, 02:29 AM
  4. New parasite?
    By baguio in forum Suspicious Activity!
    Replies: 7
    Last Post: October 31st, 2002, 05:06 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •