Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
Search SpywareGuide Database & Site
Security Email Alerts & Updates
SpywareGuide powered by FaceTime Security Labs

Balloons are for Clowns...and Spyware

by Chris Boyd, Wayne Porter

Date: 11.15.2005

A recent find by Roger Karlsson highlighted a large Adware bundle from Lookousoft.net, which is covered here by Sunbelt Software. The software in question (a modified version of "Hangman") installs numerous pieces of advertising software without consent or displaying a EULA of any kind. All you see is a typical installer page - screenshot here.

pqnelhleyy 23acd9ae 61752928

Once the install is complete, the adware begins to install itself onto the end-user's PC, with numerous files including 180 Search Assistant, Internet Optimizer and Media Gateway, along with some other entries named Pokapoka79, WinTask Ad and cvwnqzap.exe.

Searchmiracle Toolbar, currently in hot water with the FTC, is also included, and because the toolbar is unbranded, the end-user will naturally wish to check the help files, to see who it is from. However, when selecting the help file option, the end-user is presented with a "Page not found" link.
Worse still, using the "uninstall" link from the toolbar pops up a "thank you" message - but the toolbar does not actually uninistall, remaining on the system.

As we can see from the above screenshot, with the obvious exception of taskmgr.exe (which we are using to view running processes), the files installed from this bundle place a potentially considerable load on a mid-range PC, especially if other applications are running when the install takes place.

And why, you might ask, is Internet Explorer taking up 45,312k of memory usage?

The answer is right here.

Unless otherwise noted this article is Copyright © 2021 by FaceTime Communications, Inc. This article may not be resold, reprinted, or redistributed for compensation of any kind without prior written permission from FaceTime Communications, Inc. For reprint or media inquires please contact us with the phrase "Spyware Guide Articles" in the subject line and we will by happy to assist you. Links to this article from other websites are appreciated and encouraged. Users are also encouraged to utilize our RSS system to provide unique content and extracts for their site.

Read other articles (back to full list)

Help with the BUST!
Click here and give us what details you have and let our international research team take it from there. If you desire your report will remain anonymous.
Recent Blog Posts
Notice: Undefined index: version in /data/www/spywareguide/magpierss/rss_parse.inc on line 228
  • A Year In Security
  • Youtube Comment Bot Spams In Waves
  • VGA Awards Trailers Used As Bait For Spam Offers
  • Fake Visa Electronic Report Serves Up Zbot Data Stealer
  • Banned Console Owners Beat The System - With Stickers
  • Spot The Hack
  • The Futility Of EULAs
  • Auto Whaler Spears Phishers
  • Fake Porn Grabbers Snag Nothing But Malware
  • Console DDoS Botnets - A Thriving Industry
  • Recent Modifications
    2021-8-24  Adult Networks/Services
    2017-2-10  Adult Hosts
    2016-3-30  CoolWebSearch
    2015-9-29  Malicious URLS
    2015-5-19  Dialers
    2015-1-5  Email Threats
    2013-7-20  Date Manager
    2013-4-10  BeeBus
    2012-12-18  JT.Moonwalk
    2012-12-18  Sadbiz

    Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide Japan Japanese

    © Copyright 2007, FaceTime Communications, Inc. All rights reserved.