d1g3r4t1 d1g3r4t1

Scumware contained in some of the Logons

Scumware contained in some of the Logons

I came across some scumware, when unzipping one of the logons. I sent a message to wincustomize's IT people to advise same. THeir response was that I was stupid and didn't know what I was talking about. The exchange is appended:


Subject: Re: Fwd: scumware
To: "Stardock Support"

LMAO.......you use MS Security, there's a well know oxymoron. The scum installed WHILE I was downloading, and unzipping, the Logons. The scum is contained in one of the zipped files. I see that, instead of checking the problem, your IT people chastise people for reporting such things.

Xupiter does not work on a time delay, it runs at the next bootup/restart. As I have ActiveX controls disabled, it cannot install on my system. Additionally, it installs as an IE toolbar....NOT a standalone active desktop utility.

Seems you need to learn to read what people report........not assume that they are stupid and you are 'Holier Than Thou'.

Thanks for nothing



Stardock Support wrote:


Dear Sir,
None of the skin files contain executables, so it is not possible
that it came from our site. However, if you had recently been
surfing the next, you most likely ran into a web site that did not
protect themselves against Xupiter, which is spyware which will
download and install on your computer from an infected web site
usually on a time delay. We use all current MS internet securities
that safeguard us from such attacks.

Thank you,
Angie

On Wed, 15 Jan 2003 11:42:22 -0500, Stardock General Information
wrote:

>==================BEGIN FORWARDED MESSAGE==================
>>Return-path:
>>Received: from web12402.mail.yahoo.com ([216.136.173.129])
>> by stardock.com ([127.0.0.1])
>> with SMTP (MDaemon.PRO.v6.0.3.R)
>> for ; Wed, 15 Jan 2003 10:57:27 -0500
>>Message-ID:
>>Received: from [24.129.45.113] by web12402.mail.yahoo.com via HTTP; Wed, 15 Jan 2003 08:00:44 PST
>>Date: Wed, 15 Jan 2003 08:00:44 -0800 (PST)
>>From: Doyle
>>Subject: scumware
>>To: [email protected]
>>MIME-Version: 1.0
>>Content-Type: multipart/alternative; boundary="0-1469653529-1042646444=:7431"
>>X-MDRcpt-To: [email protected]
>>X-MDRemoteIP: 216.136.173.129
>>X-Return-Path: [email protected]
>>X-MDaemon-Deliver-To: [email protected]
>
>
>
>
>Last night, while downloading Logons, for Stardock's LogonStudio(TM), at least one of them installed scumware on my system. Specifically, an active
>desktop componant which was a large 'Search toolbar' style piece of scumware. Took me almost 2 hours to track this slime down, and turn it off (Registry,
>Run) I've yet to find the scumware so I can delete it. IF you bother to find and remove the file(s) containing this slime, I would greatly appreciate being
>advised on how to find and remove the scumware that installed on my system.
>
>Thank you, Doyle aka Citizen d1g3r4t1
46,538 views 221 replies
Reply #102 Top
Actually - no. Not a bit of evidence points here.

I went back through the list again - and the one .logonxp file which is on /your/ list, but is not to be found in the Wincustomize library is:

LCARS2.logonxp 117.78Kb A 12/21/2002 10:14:42 PM

Nooooow - judging from the sheer number of logons you downloaded which are dated 1/15/2003 - it's fairly safe to say that those would be the ones were refering to in the original email...

... yet! This one's dated 12/21/2002 - sooooo - it wouold not have been one of the ones you downloaded the other night, correct?

Powered by SkinBrowser!
Reply #103 Top
If the file has not been found ... hmmmm just maybe its not HERE. your starting to sound like a scratched phonograph.

Powered by SkinBrowser!
Reply #104 Top
Nope, grabbed them all here......I would surmise file date was altered by the scumware.....one of many such tactics employed such software.
Reply #106 Top
This should probably be under a different thread.....but as far as E-mail, even private between 2 friends is not private. Can you say Carnivore? Legally, E-mail is considered, in the U.S. at least, as no more private than a postcard....which can be read by anyone who handles it.

This became even less of a privacy issue, in the fallout of 9/11.
Reply #107 Top
d1g3r4t1, you are sounding like an educated newbie, but you've been here almost as long as I have. What set you off? Have a bad day or something?

Powered by SkinBrowser!
Reply #108 Top
hmmmm I have been struggling to remember why this conversation sounded so familiar. Something about trying to prove the absence of a presence, something about the hostility, something about the troops gathering, something about the inevitability of it all, the futility.... the accusations, the mistrust....

Oh yeah, the evening news... that's why this sounds so familiar....
Reply #109 Top
>How's your Internet 'History' looking? Can we see a list of the last couple of dozen sites visited PRIOR to your 'problem' or would that be 'too revealing'?.

After the mess with Micro$loths 'secret files' garbage was discovered with the release of Windows 95, all such info (History/cookies/files/off-line files) is scrubbed daily. Currently using 'Spider' to delete the secret index.dat files, daily......much easier than tracking down and deleting them through DOS as we used to have to do.
Reply #110 Top
This is absolutely the stupidest thread I have ever read on this message board.
Why is anyone wasting their valuable time arguing with this person?


Powered by SkinBrowser!
Reply #111 Top
I am guessing because there is passion on both sides? I don't know about anyone else, but I don't usually carry on an argument with someone if I can see they don't care at all...

I can be that stubborn if I think I am right... you guys just haven't seen me like that. It's there, though. I can understand it.
Reply #113 Top
If your clearing your "(History/cookies/files/off-line files) is scrubbed daily." d1g3r4t1 why is it you manage to have the "history" of your downloads and all the dates pertaining to this ghost hunt...
goodnight.

Powered by SkinBrowser!
Reply #114 Top
Ive been following this coversation for a while now. I cant believe you guys are still at it. Kiss and make up
Reply #115 Top
Actually, dierati, there's no 'CYA' required with me, as there's no 'A' that needs covering, since I'm not associated with Stardock or Wincustomize in any way shape or form outside of happily giving them money and spending far too much time /here/.

... Gads, no - I can't even continue, because I can't keep a straight face about it anymore when I go back up to your replies about all of this. Look back at your own list of files that you've given - only about half of them are dated the 15th - the simple fact of the matter is, the one .logonxp theme may or may not have come from here - but either way you didn't get it last night - and either way, all you still seem to have to say is "an unknown program from an unknown archive did something because I didn't pay attention."

I've done my part, I've done beyond my part in fact, I checked every one of the files, despite knowing fairly certainly that it hadn't come from one of them, and proved there was nothing wrong with them - time t'move on, nothing more to see here.



Powered by SkinBrowser!
Reply #116 Top
Crissy - I get bored when I'm job hunting. ^_~


Powered by SkinBrowser!
Reply #117 Top
Citizen kthxbye - I'll write you job recommendatins...

goes above and beyond duty
is persistent
confrontational as needs be
has no need to 'CYA' nor 'CHA' either (that may get you some juicy job offers)
Reply #118 Top
logitech mouseware has a dll in it that is actually spyware. benn shipping in there software for a long time now.

I'll look up the name of the dll if anyone is interested in it and also the link to the site with the information of the exact spyware it is.

actually it ships with a lot of retail software where people are interested in your browsing habit and such to build sales dbf's and also sell to data-warehaouses.



Powered by SkinBrowser!
Reply #119 Top
probably backweb... its the first thing I killed after installing my Logitech mouse. It supposed to update your software but does more then that.

Powered by SkinBrowser!
Reply #120 Top
"It" is still ranting .... "Troll" is one term that might be appropriate.
Weird thought, one Logon has eluded the people who seem to be wasting their time in an attempt to clear up an apparently fictitious problem, the Troll can't remember and despite his security efforts but has 'retained'(as noted above) the history of his downloads ...... maybe (call me a cynic) someone is just stirring the pot for the sake of it, perhaps one with too much time on his hands and nothing more creative to do.
And all that aside, for one so anal retentive on the issue of security, why D/L 30 logons and "unzip" them in one hit?
Even this dumb Wombat checks out zip files for anything odd before opening one up, let alone a heap of them.
Good intentions? A warning message? BOLLOCKS! >

Powered by SkinBrowser!
Reply #121 Top
Hey - sounds good to me, goodmorphing! Just think of how good that would look on my resume!

(Ack! I've descended into the depths of using the graphical smilies - my soul is lost!)

Powered by SkinBrowser!
Reply #122 Top
Paxx.......again....the file popped up at the end of the unzipp....not when executing the logon file. Winzip, at least, pops up the 'Install Now?' window, if an exe is present, and/or opens the folder that the file was unzipped to.
This was a very interesting thread indeed, and I want to be a part of it! I've noticed that he said that WinZip occasionally brings up an "Install Now?" window if an exe is present during the unzipping of many zip files. Has this actually happened to anybody, because I have WinZip, and that has never happened to me while unzipping multiple zip files at once, or even while unzipping one from the WinZip window. If anything, that looks more like a message I see from a shady ad trying to get me to install Gator or the like.

Powered by SkinBrowser!
Reply #123 Top
Messy Buu...no, Winzip has never auto-prompted me to install an exe on unzipping.....though now I use the integrated zip-handling of Powerdesk Pro...which enables viewing individual files within a zip prior to 'unzipping'.
It's just one of the proggies LiteSTEPpers tend to use..rather than Exploder.exe as a file manager.

I'm slowly coming around to agreeing with Wombat about all this.....just a few too many anomalies in the 'claims' of what happened.
Reply #124 Top
The Telecommunications act which controls the content of distribution of information via Telephone networks and Radio transmissions is quite clear about the rights of confidentiality and/or public broadcast.
It is an offence to even privately record a communication without clear, prior notification to all parties of same.
There is an inherent expectation that mail, whether 'snail' or Internet will NOT be intercepted or distributed/disseminated other than by Legal, legitimate prior-authorised entities [eg, anti-Terrorism Investigators, whatever [big brother]].

It may be a fact that any and/or all mail can be intercepted by unauthorised people, but that does NOT negate any rights to an expectation of privacy.
Reply #125 Top
There are 2 'Lcars.logonxp' themes on this site...and there has never been a Lcars2.logonxp here.
But Like me, downloading both requires one of them to be renamed...guess what?, I renamed one to lcars2, totally unprompted...so maybe 'IF' the file came from here that was how it became named such on your comp.
BTW they are both clean with nothing executable in any form.

To retain comment history, even when a skin is deleted from the site's public access there is a record of it still. Whether on public view, exiled for moderation or deleted by the author there is not now and never was a 'Lcars2' logon here.

#101 by Citizen d1g3r4t1 - 1/16/2003 10:07:48 PM
As this file has not been cleared, or found hmmmmmmmmmmm......all of the evidence still points here.



Time to start looking elsewhere, lad...