Thread: spyware?
View Single Post
  #3 (permalink)  
Old December 22nd, 2001
Zildy Zildy is offline
Novicius
  
Join Date: December 22nd, 2001
Posts: 4
Zildy is flying high
Angry um
I re-ran the LimeWire 2.0.2 installer, there's no option to choose whether or not to install the Bargain Buddy stuff, only Gator and TopText iLookup. Of course, i uncheck both.

Yes, I know all about the cydoor ad retrieval and caching stuff, THIS ISN'T CYDOOR STUFF.

Upon installing LimeWire 2.0.2, the Bargain Buddy files are installed in c:\program files\bargain buddy, without my permission of course.

Then, a "bargains.exe" process is started, which is run from c:\program files\bargain buddy\bin\bargains.exe. There's no reason to have a process that is ALWAYS RUNNING installed if limewire really doesn't track it's users.

Additionally, the file c:\program files\bargain buddy\bin\apuc.dll is hooked DIRECTLY into Windows Explorer and Internet Explorer. If you kill the "bargains.exe" process, then open either an Explorer window, or Internet Explorer, "bargains.exe" is automatically started again. Reminder, this is all being done even if you install limewire but never actually run it!

Not to mention that, in the registry, apuc.dll has an entry:

HKEY_CLASSES_ROOT\CLSID\{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1}

...which is named "UrlCatcher Class". You gotta be kidding me.

Then there are the programs in the registry that are set to run after you install LimeWire, which are located in HKLM\Software\Microsoft\Windows\CurrentVersion\Run :

C:\Program Files\adp\bin\adp.exe
C:\Program Files\Bargain Buddy\bin\bargains.exe
C:\WINDOWS\dlder.exe

I'm not 100% sure what "adp.exe" does. "bargains.exe" is obvious, to make sure the "urlcatcher" is running on startup.

"dlder.exe" creates a HIDDEN folder in the c:\windows directory called "explorer", then puts a file called "explorer.exe" in there. Once that's done, the "explorer.exe" file is run, which creates a permanent process, and a "run" entry in the registry is created for it.

A quick scan of the "c:\windows\explorer\explorer.exe" file shows the text "clicktilluwin". Why must a process be run from a HIDDEN folder? Why must it stay running? Why are all of these things present, when time and again Limewire claims there is no tracking being done of it's users?

Zildy
Reply With Quote