Re: Removing "PCtuneup" spyware?
From: AndyManchesta (AndyManchesta_at_discussions.microsoft.com)
Date: 08/25/05
- Next message: scofam: "Security pop up messages about virus activity/software"
- Previous message: David H. Lipman: "Re: macro removal tool"
- In reply to: cquirke (MVP Windows shell/user): "Re: Removing "PCtuneup" spyware?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Aug 2005 07:11:10 -0700
I agree no one should use that site or the uninstaller its just a marketing
program designed to infect people then take more data when removing it
through thier site.
They use Thinstaller which collects data but Ive checked every packet sent
and received and it's not malicious. They used to include XML data that could
check for and remove other programs besides DR's own but thats not there now
but it is enough reason to never trust them as I have seen the packet log
data when it also checked for antivirus software including CA and Mcafee. Its
not to be trusted so I fully appreciate your comment. They have changed it
abit so now all the information is sent when the infection is active on the
machine.
Ive worked alot on ABI and thier junk and they collect a huge amount of data
when the adware is active then by downloading the uninstaller "mypctuneup"
you then give them your IP address and ISP and they leave what they describe
as a Marker or web bug on the system but Im sure they have the IP and ISP
anyway with all the data they collect.
I wasnt defending the uninstaller in any way I just meant its unlikely to be
mypctuneup if it had entered itself into Add/Remove screen as the uninstaller
doesnt do that. Ive tested it many times and its not a clean uninstall. Ive
seen it fully remove Aurora and leave no traces then Ive seen it remove
nail,svcproc and the random named file (Epolvy) but leave the registry
entries and the pop up window entry in the windows folder
C:\WINDOWS\ffsnvqmgpiy.exe so it still shows pop ups then the same with Ceres
it removes the BHO registry and the uninstall registry entry but leaves
ceres.dll in place as well as the ceres software folder in the registry also
it changed the name on reboot which indicates its clearly trying to hide the
entries.
This is why I said use Adaware as I know it works well the alternative would
of been Nailfix,Ewido & Ccleaner but then Hijack This is needed to fix the
shell=explorer entry although spybot can now fix this line or it can be done
manually. I've always advised people to stay away from the site mypctuneup
because its Direct Revenue under a different name and the use of thinstall in
the program and the fact it needs a internet connection to work and will not
work in safe mode is enough reason to not recommend the site.
Sorry if my post lead to any misunderstanding I was just stating I cannot
find anything malicious in the testing Ive done and its unlikely to be
mypctuneup on the machine if it had entered itself into add/remove but glad
they got rid of the junk easy enough. Now Adaware can kill this give it 2 or
3 weeks Im sure it will be changed, Ive already seen 3 different Aurora
infections and now its starting to bundle with alot of other junk all with
silent installs and no eula's so they are just playing a game so using the
uninstaller is helping them collect more data to sell to third parties so I
wouldnt advise anyone to use it.
Regards Andy
- Next message: scofam: "Security pop up messages about virus activity/software"
- Previous message: David H. Lipman: "Re: macro removal tool"
- In reply to: cquirke (MVP Windows shell/user): "Re: Removing "PCtuneup" spyware?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
