Thought you were safe because you've innoculated your computer against SpyAxe? Think again. A new program called SpywareStrike has been created with a similar nefarious purpose: to invade your PC and pester you into paying a $49.99 "removal fee".
Want even more bad news? If you were infected with SpyAxe and manually removed it, you now probably have SpywareStrike installed on your computer.
Just like SpyAxe, this program will invade your computer through the zlob trojan (and possibly others), popping up frequent alerts to "upgrade". If you take the bait, you'll pay $49.99 for a program that does nothing to protect you against spyware, and even opens up additional security holes on your PC.
SpywareStrike is located at the URL of the same name. The website was created on December 20th, 2005 and the marketing is identical to that of SpyAxe, down to the logo. SpywareStrike can be installed via trojan horse, direct download from the site, or is left behind after manually disabling SpyAxe. It has a different signature than SpyAxe, so SpyAxe removal tools are ineffective against it.
SpyAxe and SpywareStrike are just two of over 100 reported malware programs based on the latest Microsoft security flaw.
If you have any information about the makers of SpyAxe or SpywareStrike, please contact us. Click here to read what we've discovered so far.
Update: Jan 23, 2006
A new version of SpywareStrike has been identified. This version is more difficult to manually remove and is not currently being detected by any antispyware program. Aluria Antispyware has reported that they intend to push an update to remove this version by January 30th, 2006. We have not yet received word from other antispyware vendors about this threat.
Update: Jan 30th, 2006
The makers of this scourgeware are still at it. It appears that a third variant of Spyware Strike is now on the loose, more sophisticated than the previous versions. This version will create hidden WAN network connections (for tunnelling through firewalls, presumably), install a 900# dialer (beware if you have a modem), install a trojan horse, and includes very sophisticated routines that will completely regenerate the software should an incomplete manual removal be attempted.
Automated SpywareStrike Removal
Aluria Antispyware and Spyware Doctor are the only products that we know of which can automatically disable and remove the first two versions of SpywareStrike. Ewido and Microsoft Antispyware appear to remove parts of it, but many readers are reporting that the alert popups remain with these tools. No tool is yet available that will remove the latest version (Jan 30, 2006)
Manual SpywareStrike Removal Instructions
WARNING: The following fixes were recommended by readers and I have not tested them. This information is provided on an "as-is" basis only, and I make no guarantees. Anytime you manually alter system settings, you run the risk of damaging your operating system and rendering your computer inoperable.
Please note that SpywareStrike is closely related to SpyAxe, and when SpyAxe is manually deleted a new trojan is installed. It is quite possible that SpywareStrike does the same, so following this procedure may expose you to other malware.
Method #1
This was the first removal method we discovered, but it will probably not work with the latest version of Spyware Strike. Even with the first version, some readers report that the flashing red alerts remain running with this technique.
1. Search and delete all references to "SpywareStrike" in registry. Note that youll find a reference to a file called "C:\Documents and Settings\\Local Settings\Temp\~nsf.temp\Au__.exe" or something similar.
2. Delete the file referenced above
3. Go to c:\program files\spyware strike and run the uninstall utility
4. go to task manager and kill the process spywarestrike.exe
5. Delete c:\program files\spyware strike
6. edit c:\windows\system32\drivers\etc\hosts to add the line "127.0.0.1 spywarestrike.com" (this will prevent the piece that I could not get rid of from automatically downloading the software again and again)
Thanks to Jason Burroughs for this fix.
Method #2
A simpler solution, but more likely to leave behind hidden trojans, etc. This method is highly unlikely to work with the latest versions.
1. Boot computer into safe mode.
2. Uninstall SpywareStrike using the SpywareStrike uninstall utility.
3. Delete the file netwrap.dll from the \windows\system32 directory.
Method #3
If SpywareStrike reappears after trying the previous methods...
1. Boot computer into safe mode.
2. Delete the file mssearchnet.exe from the \windows\system32 directory.
Method #4
Another method that has worked for some readers but not others is to use a combination of tools:
1. Download SmitRem at www.downloads.subratam.org/smitRem.exe
2. Reboot into safe mode and run SmitRem. Check "Delete at Reboot".
3. Immediately run a full scan with your favorite spyware remover to remove incidental trojans and dialers that may have been installed.
Method #5: New Versions of Spyware Strike (updated Jan 30, 2006)
Two new versions of Spyware Strike are on the loose, and the above instructions aren't working for a lot of people. There are some other things to try, but I should warn you that these instructions are *not* for the faint-of-heart. If you don't know what you are doing, then you should definitely just wait for the next update of Aluria Antispyware or Spy Doctor, as both tools seem to be doing a decent job of keeping up with the new releases.
As you can probably tell from the instructions below, the latest version is infinitely more sophisticated than the prior ones. Spyware Strike may be the CoolWebSearch of 2006.
1. Look for new WAN network adapters named IIRC. These were installed by SpywareStrike and are probably how it manages to tunnel through any firewall software.
2. Backup and then remove the following files in the infected user's documents and settings folder:
\UserData\8R4F2NQZ with file oWindowsUpdate[1].xml
\UserData\AH0N2NIN with file oWindowsUpdate[1].xml
\UserData\O1UTE7EV no files
\UserData\OBY9QTQ1 no files
3. Delete registry entry: HKEY_USERS\S-1-5-21-175XXXXXXX-XXXXXX_Classes\Software\Windows\CurrentVersio
n\Deployment\SideBySide\2.0 (and sub-entries)
4. Rename the normal user account, reboot, and then rename it back to the original name.
This has been reported to successfully disable those stubborn alert windows.
Razespyware (also known as AZESearch) is a rogue antispyware application that installs itself on your desktop and then displays popups telling the user that they have spyware installed. The bright red flashing popups also nag the user to purchase RazeSpyware for $49.95.
The program also installs a fake keylogger (keylogger32.exe), which is detected by the "free scan". It also transmits information from your computer back to pills-catalog.net.
Razespyware is distributed via security exploits. To prevent infection, be sure to download the latest Windows security patches at windowsupdate.microsoft.com.
Automated Razespyware Removal
Aluria Antispyware, Spyware Doctor, and Spy Sweeper are all reported to remove this malware.
Another reader has reported a partial fix that is affected by installing fresh copies and running a full scan of AdAware, Spybot S&D, and Microsoft Antispyware (important: do not reboot when prompted). However, this method disables Alexa, Google, and other browser toolbars.
RazeSpyware Manual Removal
1. Search for the file warnhp.html on your hard drive and delete it.
2. Search the registry for razespyware.exe. Delete these entries.
Note: This method will disable the software, but the red alert will remain on the screen. For this reason, automated removal is strongly recommeded.
Similar Malware: SpyAxe, SpywareStrike, SpySheriff.
Spy Sheriff is a system hijacker that causes popups to appear on your computer telling you that you have spyware installed (which you do!). Clicking on the alert brings you to a website which attempts to sell you a bogus spyware program called "Spy Sheriff".
Automatted Spy Sheriff Removal Instructions
Spyware Eliminator, Spy Sweeper, and Spyware Doctor are all reported to remove this threat.
Manual Spy Sheriff Removal Instructions
Note: The following procedure is courtesy of BleepingComputer.com.
In order to remove this infection we will need to use HijackThis to manually remove the infection:1. Print out these instructions as we will need to shutdown every window that is open later in the fix.
2.Download and install CleanUp! but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
3. Download, install, and update Ewido Security Suite
1. Install Ewido security suite
2. Launch Ewido, there should be a big E icon on your desktop, double-click it.
3. The program will prompt you to update click the OK button
4. The program will now go to the main screen
5. On the left hand side of the main screen click on Update
6. Click on Start. The update will start and a progress bar will show the updates being installed.
4. After the updates are installed, exit Ewido
5. Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
6. Once in Safe Mode, Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
1. Click Options...
2. Move the arrow down to Custom CleanUp!
3. Put a check next to the following:
Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Scan local drives for temporary files
Cleanup! All Users
4. Click the OK button
5. Press the CleanUp! button to start the program.
7. After Cleanup! is finished start Ewido Security Suite
1. Click on scanner
2. Make sure the following boxes are checked before scanning:
Binder
Crypter
Archives
3. Click on Start Scan
4. Let the program scan the machine
5. While the scan is in progress you will be prompted to clean the first infected file it finds. Choose clean, then put a check next to Perform action on all infections in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.
8. When the scan is complete, exit the program and reboot back to normal mode.
9. Click on Start, then Control Panel, and double-click on the Add/Remove Programs icon.
10. Uninstall the SpySheriff program and then exit Add/Remove Programs.
11. Delete the following, in bold, if found:C:\Documents and Settings\user account\Start Menu\Programs\SpySheriff <-whole folder
C:\Documents and Settings\user account\Application Data\Install.dat
C:\Program Files\SpySheriff <-whole folder
C:\Windows\Desktop.html
C:\winstall.exe
C:\Program Files\Daily Weather Forecast\*NOTE* user account is not the actual name of that folder. The name of that folder will be the name of your computer profile.
12. Download HijackThis and save it to your C:\ folder. Extract the hijackthis.zip file to c:\hijackthis. We will use this program later.
13. Make sure you are disconnected from the Internet and that all programs and windows are closed. Run HijackThis and press the Scan button. Place a check next to the following items, if found, and click FIX CHECKED:
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
14. Close HiJackThis.
15. RIGHT-CLICK HERE and go to Save As (in IE it's Save Target As) in order to download the smitfraud reg to your desktop.
16. Double-click smitfraud.reg on your desktop. When asked if you want to merge with the registry click YES.
17. After the merged successfully prompt, using Windows Explorer, navigate to the following folder:
C:\Windows\Prefetch
18. If there are any files inside the Prefetch folder, delete ALL of them. (Do NOT delete the folder. Just delete the files inside.)
19. Reboot your computer.
20. You should be able to change your desktop back to normal now.Your computer should now be free of the SpySheriff infection.
Deny Buddy Description
"Deny Buddy" refers to an entire range of programs or websites that can be used to remove one's Instant Messenger ID (usually Yahoo!) from another person's buddy list. Although some of these programs are not malicious (YBuddy being an example of a legitimate product), many others are hosted on illicit servers that makes use of undocumented exploits.
"Deny Buddy" websites are usually scams intended to get you to type in your IM login information so that it may be used by others. "Deny Buddy" programs are even more of a threat - they often contain embedded spyware or viruses.
Before attempting to use any "deny buddy" software, it is best to have working antivirus and antispyware software installed.
SpyAxe is a new malware program which started making the rounds in December, 2005. According to F-Secure, over 2,500 PCs per hour are being hijacked by this malware. SpyAxe is a reputed anti-spyware program that makes use of a known trojan horse to display annoying popup windows. These alerts warn the user that their computer is infected with spyware. If the user clicks on the popup, a browser window is opened and the program SpyAxe is downloaded from www.spyaxe.com.
Despite SpyAxe.com's slick marketing, please be warned that this is not a legitimate company. SpyAxe is not based out of New Zealand, and in fact the program was created by a group of hackers as a scam.
After SpyAxe is installed, it will conduct scans but will not disable any spyware until the program is purchased. SpyAxe can not be uninstalled from the Windows Add/Remove Programs list.
SpyAxe makes extensive use of false positives, even detecting a registry key that belongs to the operating system. It is installed by the trojan horse, Trojan-Downloader.Win32.Zlob. Other trojans that install this software include ZToolbar and Trojan.Puper.
Update (12/30/2005): I have been informed that SpyAxe is rapidly expanding the number of ways by which it is infecting PCs. As of right now, no tool is guaranteed to remove this product. However, I have had reports that Webroot and Spyware Doctor have been able to detect and remove certain variants of SpyAxe.
Read more about the hunt for the creators of SpyAxe here.
Description
WinLogin.exe is a required Windows system file responsible for processing logins on to your computer. It also checks your Windows activation code when you start your PC.
However, two extremely common trojan horses, W32/Backdoor and W32.NetSky.D, can install a similarly named file in an effort to evade detection. These files will hijack your email and send out copies of themselves to others, install new registry entries, make random beeping sounds, and consume network and CPU resources.
The emails sent by these trojans can take on any of the following formats:
From: (forged address taken from infected system)
Subject: Taken from the following list:
* Re: Hello
* Re: Hi
* Re: Thanks!
* Re: Document
* Re: Message
* Re: Here
* Re: Details
* Re: Your details
* Re: Approved
* Re: Your document
* Re: Your text
* Re: Excel file
* Re: Word file
* Re: My details
* Re: Your music
* Re: Your bill
* Re: Your letter
* Re: Document
* Re: Your website
* Re: Your product
* Re: Your document
* Re: Your software
* Re: Your archive
* Re: Your picture
* Re: Here is the document
Body: Taken from the following list:
* Here is the file.
* Your file is attached.
* Your document is attached.
* Please read the attached file.
* Please have a look at the attached file.
* See the attached file for details.
Removal Recommendation
A few anti-spyware programs and most firewalls will block and remove this threat.
About:Blank is another name for the CoolWebSearch morphing spyware. As mentioned in the CoolWebSearch article, this is one of the most insidious and prevalent spyware programs currently on the net, largely because it is nearly impossible to remove. This particular spyware has been unusually active over the past two weeks (October, 2004).
About:Blank displays the following characteristics:
1. Replaces your home page with a new one titled "about:blank". This page contains a pseudo-search engine with various subjects like "art", "cars", and "shopping".
2. Installs a Browser Helper Object into Internet Explorer. This BHO consumes system resources and slows down your internet connection.
3. Restores itself after its file directory is deleted.
4. Restores its registry settings once they have been deleted.
5. Is difficult to remove from memory.
6. Starts with the operating system. If you remove it from the auto-start settings, it will restore itself there.
7. Later versions change their executable to avoid detection by the simple hash recognition algorithms that most anti-spyware products use.
8. May also store executable code in your temporary internet explorer files.
Effective Tools
CWShredder will remove older variants, but because it is no longer being updated, it is becoming less effective every week. Webroot Spy Sweeper, Ad Aware, nor Spybot S&D seem to be effective at removing this product. Aluria has just released a new update to their Spyware Eliminator product which they claim will remove About:Blank (but keep in mind that we have not tested this).
MyWay Toolbar, My SpeedBar
Classification
MyWay is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. It reports your surfing activity anonymously to MyWay affiliates, helping them to serve targeted advertising to you. As a BHO, MyWay shares the memory that your browser uses, detects events, creates additional windows while you are surfing, and monitors your activity. When a new browser window is opened, MyWay will send a configuration request about 5k in size.
Direct download and bundled with filesharing applications such as Kazaa.
Effective spyware removal products will remove MyWay. If you'd prefer to remove it manually, follow these steps:
For Windows 98 and up:
1. Click on Start > Settings > Control Panel > Add/Remove Programs
2. Scroll through the program listings until you find the entry for "MyWay Speedbar" and then click "Remove". This will clean out most of the installed program.
3. Click on "My Computer".
4. Navigate to the main directory structure where the MyWay Speedbar was installed. Usually this is "C:\Program Files\". If you can't find it click on Start > Search > For Files or Folders and type in "MyWay".
5. Delete the folder "C:\Program Files\MyWay"
6. Click on Start > Run and type "regedit", then click "OK".
7. Scroll down to the folder named: 'HKEY_CLASSES_ROOT"
8. Move to the sub folder "Interface". MyWay inserts two registry keys here, both of which can be removed by deleting the folders:
Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC} Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}
Move to the sub folder "TypeLib". There is another registry key here, that can be removed by deleting the folder:
TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
9. Restart your Computer to allow the new registry settings to take effect.
Apuc, Versn, Adp, Apuc2, Transponder, Ikena, Bargains, and Cashback (a variant).
Classification
BargainBuddy is a Browser Helper Object that displays popup ads when you entire particular terms into search engine web forms. It also checks for updates when you start your computer, consuming internet bandwidth and slowing down your computer. As a BHO, BargainBuddy shares the memory that your browser uses, detects events, creates additional windows while you are surfing, and monitors your activity.
BargainBuddy is delivered by direct download, Net2Phone CommCenter, and Limewire.
Publisher: Exact Advertising
One of the most complex, sophisticated, and devious browser hijackers ever invented, CoolWebSearch (one word - "cool web search" is technically not correct) is the name given to a range of various browser hijackers. The latest versions have grown increasingly aggressive and complicated and manual removal is virtually impossible. Oftentimes, re-installation of the entire operating system is required, thus use of a reputable spyware remover is highly recommended. New variants of CoolWebSearch are released every few weeks, making it increasingly important to ensure that your spyware remover has the latest updates.
* Hijacks to various search engines. Different variants of CoolWebSearch will redirect you to different sites.
* When a URL is mistyped in the browser, CoolWebSearch will redirect the page to affiliate websites as well as CoolWebSearch.com.
* Installs bookmarks to adult websites in the favorites menu.
* Installs toolbars into the browser.
* Slows down PC.
* Can cause reboots.
* Targets anti-spyware websites, usually vendors of spyware removal tools. Once infected with CoolWebSearch, you may be unable to visit these websites to download their products.
* Will open porn popups if it thinks the website being viewed is pornographic in nature.
* Can cause significant slowdowns when attempting to type into a browser.
* Will add CoolWebSearch.com to the trusted sites list.
CoolWebSearch is very difficult to remove manually. The latest versions are virtually impossible to clean short of re-installing the operating system or restoring a previous version of the Windows registry, thus use of a good spyware remover product is recommended.
Unfortunately, most spyware removers will not work against Cool Web Search, so a niche spyware remover called CoolWebShredder is commonly used to destroy this parasite. However, this tool will no longer be updated after the current version (1.59), because the author (who volunteers his time) does not have the tools to remove the latest variants.
* CoolWebSearch/DataNotary hijacks to dataNotary.com and replaces the default stylesheet used by IE. This stylesheet includes javascript that actively watches the currently loaded page and tries to guess when the user is viewing porn sites.
* CoolWebSearch/BootConf Also replaces the CSS file, hijacks MSN search, and installs a program, bootconf.exe, that resets all hijacked settings every time the computer is restarted.
* CoolWebSearch/MSInfo Similar to the previous, but points to true-counter.com.
* CoolWebSearch/SvcHost This variant causes an error when the user attempts to access one of many well-known websites (such as Yahoo search). The error page is then hijacked and the user is sent to slawsearch.com.
* CoolWebSearch/DNSRelay This variant hijacks URLs that have been typed without a leading http:// or www to activexupdate.com.
CoolWebSearch is winning the Trojan War
Nothing Cool about CoolWebSearch
CWShredder Software Gets Final Release
Summary
CoolWebSearch should be considered one of the top 10 worst spyware offenders.
Cydoor causes popup and pop-under ads to be displayed while you are browsing the internet. It also re-routes your web requests through third-party servers for the purpose of capturing your web surfing habits.
Cydoor can not be uninstalled using the Windows uninstaller and no uninstaller is provided.
Cydoor consumes about 3.4Mb of hard drive space.
Update - March 16, 2005
Cydoor responds:
I would like to bring your attention to your categorization of our ad-serving technology as spyware. I believe that this categorization is mistaken, and I would like to show you why. I would also like to request that you update your description of Cydoor to be a mild adware.In the past, Cydoors client was defined as Spyware by several members of the press and the anti-spyware industry. The client itself was mostly bundled with free software for the sole purpose of enabling that application to display ads. The client communicated with a Cydoor host periodically in order to present new ad creatives and to report on ad performance. Though no personally-identifying information was ever transferred, this method was considered invasive because users did not explicitly agree to install a Cydoor component or to the transmission of information.
However, today Cydoor has significantly changed its technology to offer end-users and partners an unobtrusive ad-serving solution. With a greater emphasis on visibility and privacy issues, Cydoor provides its partners with a reliable source of revenue, while making sure users are aware of its activities.
How does it work?
Cydoor provides all its publishers with a complete interactive advertising solution, including ad serving, frequency capping, and performance statistics. Cydoor allows each publisher to implement a solution that provides them with the advertising flexibility that they require, including any and all communication to Cydoors servers. Cydoor has no presence on the end-users desktop in any way, and our partners can serve ads and generate revenue from their application or web property.
Users download the desired application, while noting that it is ad-supported. Cydoor strongly urges all its partners to state upfront that their application is freeware but is supported by advertising revenue, and most state it in their End User License Agreement (EULA). There is no installation, explicit or otherwise, of any Cydoor component on the users computer.
After installation, the partner application manages the various advertisements and their performance. The ads are served according to predefined impression requirements and caps and exposure is not based on any aspect of the users behavior. From time to time the partner application connects to Cydoor's servers in order to report aggregated performance records such as which ads were displayed, how many impressions they received, and which, if any, did the user click on. These are the same kind of performance parameters that are tracked by any online advertiser, including banners published on a web site.
Id like to emphasize that the application does not download ANY information from the Cydoor servers aside from ad creative. The application reports only basic aggregated campaign performance parameters. Under no circumstance does the application report on any other user behavior or does it transmit any personally identifiable content.Id like you to note that as an example, two of our partners, Download Accelerator and PalTalk Instant Messenger are either certified as Spyware-Free or are working with the leading Anti-Spyware vendors to be removed from their Spyware list.
Please let me know if you need any additional information regarding my request.
New.net is a company that sells alternate top-level domains not supported in the official DNS system, and publishes a spyware application that makes use of these domains. The Top-level domains new.net provides are: .shop, .xxx, .club, .ltd, .inc, .travel, .tech , .sport, .family, .law, .med, and .mp3.
The new.net application is an Internet Explorer plug-in that gives the appearance of providing extra top-level domains (.shop, .xxx and .mp3, for example). Unlike many spyware programs, it does not secretly collect information, and the latest versions no longer inflict unrequested pop-up ads on the user. It does, however, install itself without the knowledge or permission of the user, and is designed to generate revenue for the new.net company. It redirects search queries to the new.net search engine, and is classified as a security risk because the update component stealth downloads any code the new.net server instructs it to.
Several different versions of the software exist. Early versions installed themselves into the Windows directory as a DLL titled "newdotnet_(X)" (where "X" is a number) and had no uninstall option. More recent versions create a folder in Program Files. In 2002, new.net added an extra program to the standard stealth installer. This program, known as FirstLook, was a pop-up advertising downloader. After considerable user anger and bad publicity, the new.net company stopped including FirstLook in the product.
New.net is hidden within a large number of apparently harmless programs, including Audiogalaxy, Babylon, BearShare, Grokster, iMesh, KaZaA, Radlight, and RealPlayer.
The program functions by inserting itself into the Winsock system. In consequence, a new.net infection is a frequent cause of lost network connectivity. A typical symptom for dial-up systems is that the user is able to dial out normally but cannot access the Internet. Older version of new.net often caused Internet Explorer to crash from time to time. It is believed that the later versions do not suffer from this issue.
The functionality of this product does not adhere to most Internet standards.
Older versions of NewDotNet cause frequent browser problems and may also trigger pop-up ads on your PC.
Use of an automated spyware removal tool is highly recommended, as you may permanently disable your internet connection by uninstalling manually.
CommonName is a browser hijacker that installs an unwanted toolbar into Internet Explorer which displays links to paid sponsors websites as well as a search textbox. It also searches for terms that you type into the Address bar or within selected search engines, such as msn, Yahoo, and AskJeeves, and then hijacks your request by directing you to a sponsored website. The company claims that over 22 million desktop computers are running their software.
CommonName markets their software by pointing out that simple search terms are easier to remember than complex URLS.
CommonName includes re-installation software that will attempt to defeat your efforts to remove it and is likely to slow down the performance of your browser.
This software consumes approximately 16Mb of hard drive space.
IGetNet is a browser hijacker that re-routes your web requests to MSN or Netscapes search engines through their servers. It examines your search terms and if youve typed in a search targeted to one of their advertisers, it will re-route your request to the advertisers site.
IGetNet is easily recognizable because it changes your IE address bar (which is usually blank) to read Enter Keyword or Web Address Here. In addition, if your type auto.search.msn.com, search.netscape.com, or ieautosearch in the Address field, you will be re-routed to http://www.igetnet.com.
IGetNet uses over 1Mb of your hard drive space.
Autosearch falls within the class of spyware known as homepage and browser hijackers. It installs an unwanted toolbar within Internet Explorer and can dramatically slow down your browser. Should you type in a web address incorrectly, Autosearch will redirect you to www.tunders.com. This site displays ads and is not a search engine.
Autosearch first appeared in January of 2004 and recognizes a number of other common browser hijackers, such as IGetNet, CommonName, and NewDotNet.
It consumes approximately 57k of storage space on your hard drive.
Opensite is one of the latest new adware programs to hit the internet. It displays advertisements based on keywords in the address bar, and it may also change the default home page in Internet Explorer.
Opensite has been associated with operating system freezes on Windows 2000.
Publisher: zuvio.com
Click on "Continue Reading" to read the terms of service.
Terms of Service
When using Zuvio, Page Access, and/or Open Site you agree to the following terms and conditions (the "Terms of Service"). You can always check out the most current version of these Terms of Service at this page. In addition, when using particular Zuvio services, you shall be subject to any posted guidelines applicable to such services, including the any applicable sweepstakes rules and any terms or conditions applicable to Zuvio services provided in conjunction with any of Zuvio's content and service partners. All such rules and guidelines are hereby incorporated by reference into the Terms of Service. If you do not agree to these Terms of Service please do not use the site and do not register to be a member of Zuvio. We reserve the right, at our discretion, to change, modify, add, or remove portions of these Terms of Service at any time. Please check these terms periodically for changes. Your continued use of the Zuvio Service following the posting of changes to these terms (including Zuvio's Forum Guidelines) will mean you accept those changes.
Overview
Zuvio is a multi-purpose service which allows you to use or access a wealth of products and services, including e-mail, software, search services, chat rooms and bulletin boards, shopping services, news, financial information and broad range of other content (collectively the "Zuvio Service"). These Terms of Service apply to the Zuvio Service as well as any new products or services that we may add in the future (unless stated otherwise).
General Terms of Service and Restrictions on Use of Materials
By using the Zuvio Service, you agree to be legally bound and to abide by the Terms of Service, just as if you had signed this Agreement. If you do not comply with the Terms of Service at any time, Zuvio reserves the right to terminate your access the Zuvio Service. Zuvio may discontinue or alter any aspect of the Zuvio Service, including, but not limited to, (i) restricting the time the Zuvio Service is available, (ii) restricting the amount of use permitted, and (iii) restricting or terminating any user's right to use the Zuvio Service, at Zuvio's sole discretion and without prior notice or liability. You are responsible for all charges associated with connecting to the Zuvio Service through an available access number. You are also responsible for obtaining or providing all access lines, telephone and computer equipment (including modem), or other device, necessary to access the Zuvio Service. You further certify that you are an individual.
In order to permit Zuvio to protect the quality of its products and services, you hereby consent to Zuvio employees being able to access your account and records on a case by case basis to investigate complaints or other allegations or abuse.
You acknowledge that the Zuvio Service contains information, software, photos, video, text, graphics, music, sounds or other material (collectively, "Content") that are protected by copyrights, patents, trademarks, trade secrets or other proprietary rights, and that these rights are valid and protected in all forms, media and technologies existing now or here after developed. All Content is copyrighted as a collective work under the U.S. copyright laws, and Zuvio owns a copyright in the selection, coordination, arrangement and enhancement of such Content. The Zuvio name and logo are exclusively licensed to the Zuvio Network, Inc. All other trademarks appearing on the Zuvio Service are trademarks of their respective owners. Zuvio's partners may also have additional proprietary rights in the content which they make available through the Zuvio service. You may not modify, publish, transmit, participate in the transfer or sale, create derivative works, or in any way exploit, any of the Content, in whole or in part, except that you may download one copy of the materials on any single computer for your personal, non-commercial home use only, provided you keep intact all copyright and other proprietary notices. Modification of the materials or use of the materials for any other purpose, including use of any such material on any other web site or networked computer environment is strictly prohibited. In the event you download software provided by Zuvio, the software, including any files, images incorporated in or generated by the software, and data accompanying the software (collectively, the "Software") are licensed to you by Zuvio. Zuvio does not transfer title to the Software to you. You may not redistribute, sell, decompile, reverse engineer, disassemble, or otherwise reduce the Software to a human-readable form.
Registration
If you elect to register to use the Zuvio Service and/or participate in any sweepstakes, contest, or other services offered by Zuvio you agree to: (a) provide true, accurate, current and complete information about yourself as prompted by the Zuvio Service's registration form (such information being the "Registration Data") and (b) maintain and promptly update the Registration Data to keep it accurate. If you provide any information that is untrue, inaccurate, or incomplete, or Zuvio has reasonable grounds to suspect that such is the case, Zuvio has the right to suspend or terminate your account and refuse any and all current or future use of the Zuvio Service (or any portion thereof).
Zuvio's Privacy Policy
Pursuant to Zuvio's privacy policy, we may disclose to third parties certain information contained in your Registration Data or related data unless you choose to opt out from such disclosures or in the good faith belief that such action is reasonably necessary to comply with the law, legal process, or to enforce the Terms of Service. For more information, please see our full Privacy Policy.
Open Site & Page Access Software
If you elect to download and install Open Site and/or Page Access software your homepage may be changed to the Zuvio service. The Open Site software will serve you targeted advertising based on websites you may be viewing. Your privacy is important to us and no data is ever sent back on the habits of our users. All the data from the software is stored locally on your computer to have the software better serve you. To delete Open Site software simply go to Control Panel->Add/Remove Programs and select to remove Open Site. To change your homepage back simply select Tools->Internet Options and change the value in the homepage field to whatever you would like your homepage to be.
Community Standards and Conduct in Zuvio Forums
You acknowledge that all Content, whether publicly posted or privately transmitted, is the sole responsibility of the person from which such Content originated. This means that you are entirely responsible for all Content that you post, email or otherwise transmit via the Zuvio Service. Zuvio does not control all of the Content posted via the Zuvio Service and, as such, does not guarantee the accuracy, integrity or quality of such Content. You understand that by using the Zuvio Service, you may be exposed to Content that is offensive, indecent or objectionable. Under no circumstances will Zuvio be liable in any way for any Content, including, but not limited to, for any errors or omissions in any Content, or for any loss or damage of any kind incurred as a result of the use of any Content posted, emailed or otherwise transmitted via the Zuvio Service.
You agree to not use the Zuvio Service (including the Zuvio Forums described below) to:
upload, post, email or otherwise transmit any Content that is unlawful, harmful, threatening, abusive, harassing, tortuous, defamatory, vulgar, obscene, libelous, invasive of another's privacy, hateful, or racially, ethnically or otherwise objectionable;
harm minors in any way;
impersonate any person or entity, including, but not limited to, a Zuvio official, forum leader, guide or host, or falsely state or otherwise misrepresent your affiliation with a person or entity;
forge headers or otherwise manipulate identifiers in order to disguise the origin of any Content transmitted through the Service;
upload, post, email or otherwise transmit any Content that you do not have a right to transmit under any law or under contractual or fiduciary relationships (such as inside information, proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements);
upload, post, email or otherwise transmit any Content that infringes any patent, trademark, trade secret, copyright or other proprietary rights of any party;
upload, post, email or otherwise transmit any unsolicited or unauthorized advertising, promotional materials, "junk mail," "spam," "chain letters," "pyramid schemes," or any other form of solicitation, except in those areas that are designated for such purpose;
upload, post, email or otherwise transmit any material that contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment;
disrupt the normal flow of dialogue, cause a screen to "scroll" faster than other users of the Zuvio Service or an Zuvio Forum are able to type, or otherwise act in a manner that negatively affects other users' ability to engage in real time exchanges;
interfere with or disrupt the Zuvio Service or servers or networks connected to the Zuvio Service, or disobey any requirements, procedures, policies or regulations of networks connected to the Zuvio Service;
intentionally or unintentionally violate any applicable local, state, national or international law, including, but not limited to, regulations promulgated by the U.S. Securities and Exchange Commission, any rules of any national or other securities exchange, including, without limitation, the California Stock Exchange, the American Stock Exchange or the NASDAQ, and any regulations having the force of law;
"stalk" or otherwise harass another member or user of the Zuvio Service; or
collect or store personal data about other users, or members.
A "Forum" refers to a chat area, bulletin board, "instant messaging" or virtual community offered as part of the Zuvio Service. Zuvio also provides its users with access to e-mail. The Forums and e-mail shall be used only in a noncommercial manner. You shall not, without Zuvio's express written approval, distribute or otherwise publish any material containing any solicitation of funds, promotion, advertising, or solicitation for goods or services.
It is our policy to respect the privacy of all users. Therefore, in addition to our Privacy Policy, we will not monitor, edit, or disclose the contents of a user or member e-mail unless required in the course of normal maintenance of Zuvio Service and its systems or unless required to do so by law or in the good-faith belief that such action is necessary to: (1) comply with the law or comply with legal process served on Zuvio; (2) protect and defend the rights or property of Zuvio; or (3) act in an emergency to protect the personal safety of our users or the public. You shall remain solely responsible for the content of your messages.
All Zuvio Forum communications, including chat and bulletin board communications are public and not private communications. Although Zuvio reserves the right to remove without notice any Forum posting for any reason, we have no obligation to delete content that you may find objectionable or offensive. By uploading materials to any Forum or submitting any materials to us, you automatically grant (or warrant that the owner of such materials has expressly granted) us a perpetual, royalty-free, irrevocable, non- exclusive right and license to use, reproduce, modify, adapt, publish, translate, create derivative works from and distribute such materials or incorporate such materials into any form, medium, or technology now known or later developed throughout the universe. In addition, you warrant that all so-called "moral rights" in those materials have been waived.
Your privilege to use the Zuvio Forums and contribute to discussions on the Zuvio Forums depends on your compliance with the member conduct guidelines set forth above. Zuvio may revoke your registration privileges and/or take any other appropriate measures to enforce these guidelines if violations are brought to our attention. Further, Zuvio, in its sole discretion, may terminate your membership or participation in any community, chat room or other Forum for any reason.
Parental permission is required for children 12 years of age or under to use any Zuvio Forums. Please remember, when using any Zuvio services or Forums, you agree to abide by the member conduct guidelines set forth above. Zuvio does not permit registered users under the age of 13 to participate in chat.
Zuvio reserves the right to monitor some, all, or no areas of Zuvio Forums for adherence to these or other rules that may be published from time to time. You acknowledge that by providing you with the ability to distribute your content, Zuvio is acting as a passive conduit for such distribution and Zuvio is not undertaking any obligation or liability relating to any content or activities in any Forum or Forum area.
Submissions
By posting or submitting content to this site, you grant Zuvio and its affiliates and licensees the right to use, reproduce, display, perform, adapt, modify, distribute, have distributed, and promote the content in any form, anywhere and for any purpose; and warrant and represent that you own or otherwise control all of the rights to the content and that public posting and use of your content by Zuvio will not infringe or violate the rights of any third party.
If you send us creative suggestions, ideas, notes, drawings, or other information (collectively, the "Submissions"), the Submissions shall be deemed, and shall remain, the property of Zuvio. None of the Submissions shall be subject to any obligation of confidence on the part of Zuvio, and Zuvio shall not be liable for any use or disclosure of any Submissions. Without limitation of the foregoing, Zuvio shall exclusively own all now known or hereafter existing rights to the Submissions of every kind and nature throughout the universe and shall be entitled to unrestricted use of the Submissions for any purpose whatsoever, commercial or otherwise, without compensation to the provider of the Submissions.
Links
The Zuvio Service may provide, or third parties may provide, links to other World Wide Web sites or resources. Because Zuvio has no control over such sites and resources, you acknowledge and agree that Zuvio is not responsible for the availability of such external sites or resources, and does not endorse and is not responsible or liable for any Content, advertising, products, or other materials on or available from such sites or resources. You further acknowledge and agree that Zuvio shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such Content, goods or services available on or through any such site or resource.
DISCLAIMER
Zuvio uses diligent efforts to maintain the Zuvio Service, but Zuvio is not responsible for any defects or failures associated with the Zuvio Service or any damages (such as lost profits or other consequential damages) that may result from any such defects or failures. In addition, Zuvio makes no guarantees as to the sites and information located worldwide throughout the Internet to which you may access as a result of the use of the Zuvio Service, including as to: (i) the accuracy, currency, content, or quality of any such sites and information, or (ii) whether any search using the Zuvio Service may locate unintended and objectionable content.
PLEASE NOTE THE FOLLOWING IMPORTANT DISCLAIMERS OF WARRANTIES:
THE Zuvio SERVICE IS PROVIDED 'AS IS' AND YOU USE IT AT YOUR SOLE RISK Zuvio EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
WITHOUT LIMITATION, Zuvio MAKES NO WARRANTY THAT THE Zuvio SERVICE WILL MEET YOUR REQUIREMENTS, THAT IT WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE, THAT THE RESULTS OBTAINED FROM THE USE OF THE Zuvio SERVICE WILL BE ACCURATE OR RELIABLE, OR THAT THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL OBTAINED THROUGH THE Zuvio SERVICE WILL MEET YOUR EXPECTATIONS.
ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE Zuvio SERVICE IS DONE AT YOUR SOLE RISK AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF ANY SUCH MATERIAL.
FURTHER, PLEASE NOTE THAT NO ADVICE OR INFORMATION, OBTAINED BY YOU FROM Zuvio PERSONNEL OR THROUGH THE Zuvio SERVICE SHALL CREATE ANY WARRANTY NOT EXPRESSLY PROVICED FOR IN THESE TERMS OF SERVICE.
Disclaimer Regarding Financial Information
The Zuvio Service allows you to obtain information on companies, stock prices, bonds, and other investments or financial matters. The Zuvio Service, including all such financial information, is provided for informational purposes only, and no information you may obtain is intended by Zuvio to be used for trading or investing purposes. Zuvio shall not be responsible for the accuracy, usefulness or availability of any information transmitted via the Zuvio Service, and shall not be liable for any trading or investment decisions made based on such information.
Disclaimer Regarding Shopping Retailers
The Zuvio Service provides shopping services to help you locate and potentially purchase products from online and offline retailers. Zuvio does not, however, control these independent retailers and Zuvio does not provide any assurance, warranty or guarantee of any kind that you will be satisfied with their products or services. When shopping by means of services provided by Zuvio you acknowledge and agree that: Zuvio does not endorse any of the products or services ("Merchandise") linked to from or through the Zuvio Service, nor has Zuvio taken any steps to confirm the accuracy or reliability of any of the information provided by third parties through Zuvio or their own web sites. Zuvio expressly disclaims any and all representations or warranties as to the security of any information (including, without limitation, credit card and other personal information) you might be requested to give any third party. We advise you to exercise your own judgment and investigate as you deem necessary before proceeding with any online or offline transaction with any of these third parties.
Limitation of Liability
YOU EXPRESSLY UNDERSTAND AND AGREE THAT Zuvio SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES (EVEN IF Zuvio HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), RESULTING FROM: (i) THE USE OR THE INABILITY TO USE THE Zuvio SERVICE AND/OR PARTICIPATE IN ANY SWEEPSTAKES ; (ii) THE COST OF PROCUREMENT OF SUBSTITUTE GOODS AND SERVICES RESULTING FROM ANY GOODS, DATA, INFORMATION OR SERVICES PURCHASED OR OBTAINED OR MESSAGES RECEIVED OR TRANSACTIONS ENTERED INTO THROUGH OR FROM THE Zuvio SERVICE; (iii) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR DATA; (iv) STATEMENTS OR CONDUCT OF ANY THIRD PARTY ON THE Zuvio SERVICE; OR (v) ANY OTHER MATTER RELATING TO THE Zuvio SERVICE OR OPERATION OF THE Zuvio SWEEPSTAKES. IN NO EVENT SHALL Zuvio.S TOTAL LIABILITY TO YOU FOR ALL DAMAGES, LOSSES, AND CAUSES OF ACTION (WHETHER IN CONTRACT, TORT (INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE), OR OTHERWISE EXCEED THE AMOUNT PAID BY YOU, IF ANY, FOR ACCESSING THIS SITE.
SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES. ACCORDINGLY, SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU.
Indemnification
YOU ARE ENTIRELY RESPONSIBLE FOR MAINTAINING THE CONFIDENTIALITY OF YOUR PASSWORD AND ACCOUNT. FURTHERMORE, YOU ARE ENTIRELY RESPONSIBLE FOR ANY AND ALL ACTIVITIES WHICH OCCUR UNDER YOUR ACCOUNT. YOU AGREE TO INDEMNIFY, DEFEND AND HOLD HARMLESS Zuvio INC., CBS CORPORATION, THEIR PARENTS, AFFILIATES AND SUBSIDIARY COMPANIES, OFFICERS, DIRECTORS, EMPLOYEES, CONSULTANTS AND AGENTS FROM ANY AND ALL THIRD PARTY CLAIMS, LIABILITY, DAMAGES AND/OR COSTS (INCLUDING, BUT NOT LIMITED TO, ATTORNEYS FEES) ARISING FROM YOUR USE OF OUR SERVICES, YOUR VIOLATION OF THE TERMS OF SERVICE OR YOUR INFRINGEMENT, OR INFRINGEMENT BY ANY OTHER USER OF YOUR ACCOUNT, OF ANY INTELLECTUAL PROPERTY OR OTHER RIGHT OF ANY PERSON OR ENTITY. YOU AGREE TO IMMEDIATELY NOTIFY Zuvio OF ANY UNAUTHORIZED USE OF YOUR ACCOUNT OR ANY OTHER BREACH OF SECURITY KNOWN TO YOU.
Termination and modification
You agree that Zuvio, in its sole discretion, may terminate your password, account (or any part thereof) or use of the Zuvio Service, and remove and discard any Content within the Zuvio Service, for any reason, including, without limitation, for lack of use or if Zuvio believes that you have violated or acted inconsistently with the letter or spirit of the Terms of Service. Zuvio may also in its sole discretion and at any time discontinue providing the Zuvio Service, or any part thereof, with or without notice. You agree that any termination of your access to the Zuvio Service under any provision of this Terms of Service may be effected without prior notice, and acknowledge and agree that Zuvio may immediately deactivate or delete your account and all related information and files in your account and/or bar any further access to such files or the Zuvio Service. Further, you agree that Zuvio shall not be liable to you or any third-party for any termination of your access to the Zuvio Service.
Governing Law and Other Miscellaneous Terms
These terms shall be governed by and construed in accordance with the laws of the State of California, without giving effect to any principles of conflicts of law. You agree that any action at law or in equity arising out of or relating to these terms shall be filed only in the state or federal courts located in Los Angeles County in the State of California and you hereby consent and submit to the personal jurisdiction of such courts for the purposes of litigating any such action. If any provision of these terms shall be unlawful, void, or for any reason unenforceable, then that provision shall be deemed severable from these terms and shall not affect the validity and enforceability of any remaining provisions. This is the entire agreement between you and Zuvio relating to the subject matter herein and shall not be modified by you except in writing, signed by both parties. The Terms of Service will inure to the benefit of Zuvio's successors, assigns and licensees.
COPYRIGHT AND COPYRIGHT NOTICES
Zuvio respects the intellectual property of others, and we ask our users to do the same. Zuvio may, in appropriate circumstances and at its discretion, terminate the accounts of users who infringe the intellectual property rights of others. If you believe that your work has been copied in a way that constitutes copyright infringement, please provide Zuvio's Copyright Agent the following information:
an electronic or physical signature of the person authorized to act on behalf of the owner of the copyright interest;
a description of the copyrighted work that you claim has been infringed;
a description of where the material that you claim is infringing is located on the site;
your address, telephone number, and email address;
a statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law;
a statement by you, made under penalty of perjury, that the above information in your Notice is accurate and that you are the copyright owner or authorized to act on the copyright owner's behalf.
Please contact Zuvio's Copyright Agent for Notice of claims of copyright infringement on:
Zuvio.com
19360 Rinaldi St. #304
Granada Hills, CA 91344
[email protected]
Hotbar is a program that embeds a toolbar into your browser. It monitors every URL that you visit as well as phrases which you enter into search engines and sends this information back to a third party. The information is used to target ads on your computer, both in popups as well as directly embedded within web pages.
Hotbar consumes over 20MB of disk space on your hard drive. It will slow down your browser, make your PC boot slower, and may crash your computer altogether. Hotbar also disables certain popup blockers.
Hotbar can be forcibly installed when you visit certain websites, whether or not you agree to the download.
Related Links
'Hotbar' spyware program bedevils Windows and should be removed
Hotbar description from Howard University
From the Hotbar terms of use:
"Hotbar works with third party advertising companies to serve ads when you visit our web sites and use the Service, including the toolbars. Two of these third parties are DoubleClick and Engage. Such companies may use information (not including your name, address, email address or telephone number) about your visits to our and other web sites and use of the Service, including the toolbars, in combination with non-personally identifiable information about your purchases and interests from other online and offline sources, in order to provide advertisements about goods and services of interest to you. In addition, we share web site usage information about visitors to our web sites and users of the Service, including the toolbars, with such companies for the purpose of managing and targeting advertisements and for market research analysis on our web sites and the Service, including the toolbars. For these purposes, we and our third-party advertising companies may note some of the pages you visit on our web sites, and through use of the Service, including the toolbars, through the use of pixel tags (also called clear gifs). In the course of serving advertisements, our third-party advertisers may place or recognize a unique "cookie" on your computer and, in some cases, collect data through the use of cookies. To find out more about DoubleClick's information practices and to know your choices about not having this information used by this company, please go to www.doubleclick.net/us/corporate/privacy. To find out more about Engage's information practices and to know your choices about not having this information used by this company, please go to http://www.engage.com/privacy/.
"Hotbar, from time to time, may work with email direct marketers such as Netcreations to offer users the opportunity to subscribe to various email newsletters subscriptions. Please read such marketers' privacy statements before entering your email address or any other information into their subscription window."
Claria is currently the top Adware pest found on the internet. Claria either injects ads into your browser or displays them on their own popup windows.
This spyware program consumes over 13Mb of disk space on average.
Interestingly, Claria is a re-brand of what was formally known as "Gator".