Scanning for Spyware | Invasion of Privacy! Big Brother and the Company Hackers

It's wise to check your computer manufacturer's Web site for custom drivers before installing generic ones. Install XP components with great caution. Some third-party components contain the worst kind of spyware! WildTangent's 3D Visualization, a plug-in for Windows Media Player, is a good case in point. It installed 68 separate spyware components on my system, including registry entries, tracking software, folders, files, and cookies.

If a suspicious screen about sending information to WildTangent about their Web Driver hadn't raised the hackles on my neck during installation, WildTangent could be spying on me right now! A quick Google search for the keywords "WildTangent - spyware" confirmed my worst fear. WildTangent is spyware that craps up your system big time! I took a deep breath and let Ad-aware 6 do the rest. (You can go to http://www.lavasoft.de/software/ adaware to download Ad-aware or visit the Invasion of Privacy homepage at http://www.mjweber.com/iop/privacy.htm) I'm pleased to report that Microsoft has removed all links to WildTangent plug-ins from its Media Player Web site.

How to Hose Your Computer System in One Easy Click!

68 WildTangent Spyware Components

 obj[1]=RegKey : CLSID\{083863Fl-70DE-lldO-BD40-00A0C911CE86}\Instance\                 {ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} obj[2]=RegKey : CLSID\{7F23E6E5-0E79-4aee-B723-B1463805D5A9} obj[3]=RegKey : CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63 obj[4]=RegKey : CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34C7B00A} obj[5]=RegKey : CLSID\{B9BA256A-075B-49ea-B9E2-7DBC2EF021D5} obj[6]=RegKey : CLSID\ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63 obj[7]=RegKey : CLSID\{FA13A9FA-CA9B-11D2-9780-001048242EA32Fi3} obj[8]=RegKey : Interface\{05EF74A5-E109-11D2-A566-44455 '10000} obj[9]=RegKey : Interface\{0E7AE465-EE8D-11D2-A566-444553540000} obj[10]=RegKey : Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B} obj[11]=RegKey : Interface\{111lD8B01-96C5-46DD-94D1-C6E8BlF69F44} obj[12]=RegKey : Interface\{16410859-886F-4579-BC1F-330A139D0F0F} obj[13]=RegKey : Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08} obj[14]=RegKey : Interface\{3F44B498-8FD4-4A1E-852C-170156FD27C0} obj[15]=RegKey : Interface\{52889E01-CB46-11D2-96BC-00104B242E64} obj[16]=RegKey Interface\{5C49CBD2-8ED7-439B-8668-32149F84A235} obj[17]=RegKey :  Interface\{6E6CF8E5-D795-11D2-A566-444553540000} obj[18]=RegKey Interf ace\{79884200-3ADE-11D3-AC39-00105A2057FA} obj[19]=RegKey Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7} obj[20]=RegKey : Interface\{B57613B6-EF02-4D96-99C6-70C9A2014A14} obj[21]=RegKey : Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3} obj[22]=RegKey : Interface\{BDB9B022-CAFF-11D2-9780-00104B242EA3} obj[23]=RegKey : Interface\{D72AC8E7-F41D-11D2-A566-444553540000} obj[24]=RegKey: Interface\{DE3E540A-F0F2-4761-99BE-AFC6DC427E30} obj[25]=RegKey Interface\{EA6F254D-1A8C-4518-8FE0-E9B94FD134ED} obj[26]=RegKey : Interface\{EC914A5C-7C4B-4AC8-8C86-C10EF5C0D23D} obj[27]=RegKey : Interface\{FI0493C1-D0B6-11D2-A566-444553540000} obj[28]=RegKey : Interface\{FA13AA3A-CA9B-11D2-9780-00104B242EA3} obj[29]=RegKey : Interface\{FA13AA3E-CA9B-11D2-9780-00104B242EA3} obj[30]=RegKey : Interface\{FA13AA40-CA9B-11D2-9780-00104B242EA3} obj[31]=RegKey : Interface\{FA13AA44-CA9B-11D2-9780-00104B242EA3} obj[32]=RegKey : Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3} obj[33]=RegKey : Interface\{FA13AA50-CA9B-11D2-9780-00104B242EA3} obj[34]=RegKey : Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3} obj[35]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wcmd-                  mgr.exe obj[36]=RegKey : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wtweb-                  driver obj[37]=RegKey : SOFTWARE\WildTangent obj[38]=RegKey : TypeLib\{B7E20302-C22C-4AF2-9D75-C3EB6EEE9DD8} obj[39]=RegKey : TypeLib\{FA13AA2E-CA9B-11D2-9780-001048242EA3} obj[40]=RegKey : WDMHHost.WTHoster obj[41]=RegKey : WDMHHost.WTHoster.1 obj[42]=RegKey : WT3D.WT obj[43]=RegKey : WT3D.WT.1 obj[44]=RegKey : WTVis.WTVisReceiver obj[45]=RegKey : WTVis.WTVisReceiver.1 obj[46]=RegKey : WTVis.WTVisSender obj[47]=RegKey : WTVis.WTVisSender.1 obj[48]=RegValue : Control Panel\MMCPL obj[49]=RegValue : SOFTWARE\Microsoft\Windows\CurrentVersion\Run obj[50]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run obj[51]=Folder : C:\Program Files\Windows Media Player\Visualizations\                  wtupdates obj[52]=Folder : C:\WINDOWS\wt\wtupdates\wtupdater obj[53]=Folder : C:\WINDOWS\wt\wtupdates\wtwebdriver obj[54]=Folder : C:\WINDOWS\wt\wtupdates obj[56]=File : c:\windows\wt\backup.5.1.36\stopwcmdr.bat obj[57]=File : c:\windows\wt\backup.5.1.36\updatenow.bat obj[58]=File : c:\windows\wt\backup.5.1.36\wcmdmgr.exe obj[59]=File : c:\windows\wt\backup.5.1.36\wcmdmgrl.exe obj[60]=File : c:\windows\wt\updater\stopwcmdr.bat obj[61]=File : c:\windows\wt\u updater\updatenow.bat obj[62]=File : c:\windows\wt\updater\wcmdmgrl.exe obj[63]=File : c:\windows\wt\updater\wt.ini obj[64]=File : c:\windows\wt\wtupdates\wtwebdriver\files.1.1.045\legacy\                webdriver.dll obj[65]=File : c:\windows\wt\wtupdates\wtwebdriver\files.1.1.045\legacy\                wt3d.dll obj[66]=File : c:\windows\wt\webdriver.dll obj[67]=File : c:\windows\wt\wt3d.dll obj[68]=File : c:\windows\wt\wt3d.ini

Figure 12.25: Ad-aware 6 spyware scan

Ad-aware was going bonkers. I never saw so many hits in a single scan! I quarantined the spyware components and then deleted WildTangent using Add or Remove Programs in Control Panel. I should have quit when I was ahead! Plagued by the notion that some WildTangent components had eluded Ad-aware, I decided to do a System Restore prior to the date of the WildTangent install.

Figure 12.26: ZoneAlarm ProAlerts & Logs page

That's when my trouble really began ! I had just updated ZoneAlarm Pro, my personal firewall. After the System Restore, ZoneAlarm's product version clashed with its security engine version, and I had to uninstall, reinstall and reconfigure ZoneAlarm. All of this grief because I inadvertently installed this scummy spyware! Unfortunately, there's no way to avoid my fate. Software makers and marketers have entered into an unholy alliance to invade our privacy. Refer to the list of WildTangent's corporate partners in Chapter 9 to get a picture of who's spying on you. Your only recourse is to possess the tools to undo the damage done by spyware and to use them. That's the trick!