[mwkennedy]

I've recently taken over FootSmart's Affiliate program. In getting the program in working order, I've been doing some investigation into the different contextual advertising and "shopping assistants" out there. Please bare with me, I'm a noob AM.

In this research, I downloaded a number of them from Claria and eBates to BargainBuddy and others. However, I now have one on my computer called PGate Basic. I don't recall downloading it and am having trouble identifying who created this. Thought I'd throw it out to the Affiliate community for some additional information.

I'm trying to eliminate all of the "shady" publishers from our program in order to run a clean and profitable program...and apparently, at least one of them doesn't want to go. Any help or insight would be greatly appreciated.

[Radegast]

Hi Matthew

Welcome to ABW.

PGate Basic was probably a 'drive-by' install.

It came bundled with one of the other applications you downloaded for testing purposes.

I don't have any information about it, but I'm sure someone will help.

[bob95603]

Welcome Matthew.

Like Radegast said, it was probably downloaded to you without you even knowing it. There are hundreds of these shady characters out there who steal code, links, etc without users even knowing their machines are infected.

[ecomcity]

Here's some infor on your BHO drive-by bundling perp.

Registrant:
eUniverse
(DOM-309135)
6060 Center Drive
Third Floor
Los Angeles
CA
90045
US

Domain Name: incredifind.com

Registrar Name: Alldomains.com
Registrar Whois: whois.alldomains.com
Registrar Homepage: http://www.alldomains.com

Administrative Contact:
eUniverse Inc.
(NIC-1465646)
eUniverse
6060 Center Drive
Third Floor
Los Angeles
CA
90045
US
Domains@euniverse.com
+1.3102151001
Fax- +1.3102582758
Technical Contact, Zone Contact:
Center Network Operations
(NIC-398252)
Alldomains.com
1800 Sutter St.
Suite 100
Concord
CA
94520
US
hostmaster@alldomains.com
+1.9256859600
Fax- +1.9256859620

Created on..............: 2003-Jun-09.
Expires on..............: 2004-Jun-09.
Record last updated on..: 2003-Jun-09 16:48:52.

Domain servers in listed order:

NS1.EUNIVERSE.COM 12.129.205.221
NS2.EUNIVERSE.COM 66.201.123.29
NS3.EUNIVERSE.COM 12.129.205.222
NS4.EUNIVERSE.COM 66.201.123.30

_______________________________________________

http://www.incredifind.com your typical sleezeball affiliate running a plain text link directory site who is tired of just buying up expired domains with traffic or SERP listings. Now they want in on hijacking the IE browser with some 3rd world developed BHO and drive-by install script. This infestation might come from some popup hellhole freebee or porn site, P2P network download getting you with the PGate Basic strain. Guy probably has other names for this crap piece of Adware.

IncrediFind

Overview
IncrediFind is an Internet Explorer browser helper object that hijacks your error page.

From the developer: IncrediFind is a free utility for Microsoft Internet Explorer version 5 or later that provides contextually-relevant search results in place of unfound and unavailable web pages, and allows users to search the web by simply typing any keywords or search terms in their Internet Explorer address bar.

Classification
Adware

Files
incfindbho.dll

Vendor
Incredifind.com

Privacy policy
No privacy policy available

Detection
Bazooka Adware and Spyware Scanner detects IncrediFind. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms, etc. Read more »

Uninstall procedure
Uninstall IncrediFind from "Add/Remove Programs" in the Windows® Control Panel.

Manual removal
Please follow the instructions below if you would like to remove IncrediFind manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If IncrediFind remains on your system after stepping through the removal instructions, please double-check by stepping through them again.
Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {5D60FF48-95BE-4956-B4C6-6BB168A70310}', if it exists.
Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {5D60FF48-95BE-4956-B4C6-6BB168A70310}', if it exists.
Exit the registry editor.
Restart your computer.
Start Windows Explorer and delete:
%ProgramsDir%\IncrediFind\BHO\incfindbho.dll
Note: %ProgramsDir% is a variable (?). By default, this is C:\Program Files.
Start Microsoft Internet Explorer.
In Internet Explorer, click Tools -> Internet Options.
Click the Programs tab -> Reset Web Settings.

_______________________________

http://www.google.com/search?hl=en&i...=Google+Search

Being this link is from this Adware installers site ...run at your own risk
http://www.pgate-basic.com/uninstall.shtml

________________________________

Our BHO download buddies at TuCows seem to have some partnership with the perp whereby they hide domain Whois, provide some hosting to give both a download of the crap ...plus a download of various cures for the crap.

[Kellie aka Ms. B]

Hi Matthew,

Mike I think that's a different one. So many of them.....

Matthew go here http://www.delfinproject.com/ and then in the bottom menu click on the End User Agreement link.

They install a Media Player through bundled software which shows ads while people are connecting to the Internet through a dial up connection. You'll see what else they may do reading the end user agreement.

pgate-basic.com whois:

Registrant:
DelFin Project, Inc.
7100 W. Camino Real
Suite 406
Boca Raton, FL 33433
US

Domain name: PGATE-BASIC.COM

Administrative Contact:
Tindall, Tracy
7100 W. Camino Real
Suite 406
Boca Raton, FL 33433
US
+1.5613617887
Technical Contact:
Master, Host
112 E. Pecan
Suite 600
San Antonio, TX 78205
US
+1.2108924000

[ecomcity]

How you doing Ms. B ...long time no see. I saw the various removal techniques for PGate and the leftover re-installs were all files associates with "IncrediFind". Figure they bundled the two on one infestation.


Part one =PGATE
Built on the company's patented PromulGate® technologies, DelFin's solutions combine the best of television-style broadcast advertising with the Internet. DelFin's Internet broadcast network allows advertisers access to millions of targeted online consumers daily. DelFin's PromulGate technology displays your rich media message during consumer wait or "latent" times.

Keeping it simple and easy to use has always been one of the company's goals. DelFin's technology is able to support all proven industry-standard rich media formats which streamlines the creation, production and re-purposing of commercials for delivery over the Internet. DelFin's technology allows advertisers to react quickly and deliver innovative campaigns to consumers to maximize campaign performance. DelFin's network has registered millions of consumers and reaches more than 7% of U.S. Internet households*


Part 2= Incredifind browser settings and search bar hijacker. The trojan horse backdoor is wide open for other BHO stuffings.


Q: How do consumers get the DelFin Media Viewer?
A: Consumers get the Media Viewer as part of several popular ad-supported applications that they download free from the Internet. Prior to installation, consumers are asked to review and accept both DelFin's Privacy Policy and End User License. Consumers can either opt-out or opt-in and accept the end-user license prior to installation. The DelFin Media Viewer is never installed without the consumer's prior acceptance.
top


Q: Is the consumer's privacy protected?
A: Yes. DelFin values privacy. DelFin does not use cookies or other web tracking technologies. DelFin operates as a broadcast network, much like TV. Entertaining commercials are broadcast to consumers based on time, date and geography.
top ...(hidden message is they let their perp partners hijack the privacy info on a split fee basis)

Q: What is the DelFin Media Viewer™?
A: It's the client-side player technology that resides silently and invisibly on consumers' desktops, delivering promotional entertainment and advertising content to consumers without interruption or delay of their log on experience. Once the user has the DelFin Media Viewer, fresh content can be displayed at each and every Internet log-on session.
top

[ecomcity]

Amongst the folks behind DelFin Media is this jewel of a man....

Robert Chmiel
Board of Advisors - Business Development

Mr. Chmiel recently served as CFO/COO of Brilliant Digital Entertainment, Inc. (AMEX:BDE). Previously, he was President/COO and co-founder of Phase2Media, Inc., CFO of BarnesandNoble.com (NASDAQ:BNBN), and VP of Finance & Operations for Disney's online operations. He holds an MBA from Wharton.

WhooHoo the brains behind TopText BDE -Lop -Kazzaa -Sharmen Networks, who took his Ad Whore money grubbing expertise pushing Phase2Media. Bet he rocketed Barnes & Noble and Disney Online into their respected top spots as affiliate merchnats....

[ecomcity]

Well ...did the Footsmart AM ever past step one in their testing how commission thievery was an acceptable fact of life for all shoe merchants? ABWers have had it up to here with high reversals and BHO infested shoe merchants. First one to come completely clean will get a lot of business.

[mwkennedy]

That's what I am trying to accomplish with the FootSmart program. The reversal rate hurdle is tough because shoes typically get returned at a higher rate than other apparel categories, but I am a believer that a clean program is the best way to attract good Publishers and build a solid, revenue-generating program. But that is my goal with FootSmart's program.

[ecomcity]

The networks should have a complete list of all the known BHO partnerships if you seek them as affiliates. The same list is forbidden fruit to AM's seeking to cleanup the pilfering of commissions by the interlopers. Best bet is to contact the ABW merchnat AM's who are parasite free go get the inside scoop.

[weisinator]

My work machine got infected with this yesterday afternoon. If I had the cash, I would hire lawyers. This is ridiculous.

None of the removal procedures from april 20-april 25 work.

It's morphed THAT FAST!

[secookc]

go here:
http://www.pgate-basic.com/uninstall.shtml

[ecomcity]

Maybe this will help http://www.spywareguide.com/txt_onlinescan.html ...try it for free online and you will be amazed!

New one for me featuring a online system,browser and BHO Checks is http://www.pcpitstop.com/

My free link to them reads..."Need a quick cure to your system from the Malwarez perps! Our free automated tests will get your PC running faster, make it more stable, and identify security problems. The diagnostic tests don't change any settings on your system. The results will show you the details of your PC's operating status, and the advice will help both experts and novices to find and fix common system problems like Spyware/Adware infestation. Click here to review the Pc Pitstop site and learn why Adware/Spyware is the #1 threat to safe web surfing. Those loyality shopping clubs and drive-by installs of browser helper oblects (BHOs) are just fronts for commission and traffic hijackers posing as good NETizens."

[weisinator]

The kids at security-forums found several non-BHO parasites, too. (Hijackthis.exe kicks major butt!)

Oddly, the pgate-basic.com/uninstaller/ file does no harm according to "the experts".