Log in
Register
Menu
Log in
Register
Home
What's new
Latest activity
Authors
Forums
New posts
Search forums
What's new
New posts
Latest activity
Members
Current visitors
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Computer Discussion
F-One/Favoriteman
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="2old4this" data-source="post: 18125" data-attributes="member: 174998"><p>Forumula-1/Favoriteman (sic) is a truly insidious bit of adware (perhaps better classified as a parasite) that hijacks your browser and can install & execute software on your PC without any further interaction or permission. It comes in under ActiveX control, or packaged with other software.</p><p></p><p>I have just managed to rid myself of this and thought I would share this info with others.</p><p></p><p>I already employ a fair range of protective measures - ZoneAlarm Pro, ad-blockers, pop-up blockers, virus checkers and suchlike. But this still crept in. Ad-Aware, widely held to be the best adware cleaner, failed to completely remove it. It took some investigation and manual cleanup to finally do the trick.</p><p></p><p>The thing manifested itself on my PC by triggering at intervals the placement of a URL on the desktop (ironically entitled "stop spyware now!"...). I'd also get screens popping up while browsing, declaring I had won a prize and bearing no relationship to the page I was at.</p><p></p><p>The cause turned out to be the FavoriteMan parasite. It propogates by hijacking the browser, and placing a file in the windows system32 directory that is called SysLdr.dll. However it is not a DLL at all. It is a list of URLS and other control information that the parasite uses. While you are browsing, a background "helper" application periodically connects to the URLs in the control file and presents ads/etc. It can also download other programs/adware and generally wreak havoc with your privacy.</p><p></p><p>Running Ad-aware found various bits and pieces relating to Favoriteman, including some registry keys. However, the very next time I used my browser, the sysldr.dll file appeared again. Clearly Ad-aware was not completely cleaning up. I also had a program (an exe!) appear as if by magic - called Exacct-something-or-other.exe, and the program was executed without my permission (imagine if this had contained malicious code rather than just adware...)</p><p></p><p>In the end I found a number of other registry keys including those of browser-helper objects that I had no idea were (*ahem*) helping me to browse. I found them by searching on "Fone" (= F1). Only when I had deleted all those classes was I able to use the browser without triggering the creation of the SysLdr file. </p><p></p><p>When I cleaned-up, I went looking for more info. Seems that this product is a derivative of (or component of) one of the most apalling bits of spyware ever deployed - the Blackstone Data Transponder (or VX2/Sputnik/Netpal). If you want to worry yourself, read this: <a href="http://www.cexx.org/vx2.htm" target="_blank">http://www.cexx.org/vx2.htm</a></p><p></p><p>Other resources:</p><p><a href="http://www.safersite.com/pestinfo/F/FavoriteMan.asp" target="_blank">http://www.safersite.com/pestinfo/F/FavoriteMan.asp</a></p><p><a href="http://hspost.com/netprick.html" target="_blank">http://hspost.com/netprick.html</a></p><p><a href="http://www.spywareinfo.com/bhos/" target="_blank">http://www.spywareinfo.com/bhos/</a></p><p>Vendor: <a href="http://www.mindsetinteractive.com/" target="_blank">http://www.mindsetinteractive.com/</a> (mailbomb their sorry arses)</p><p><a href="http://www.f1organizer.com" target="_blank">http://www.f1organizer.com</a> (and they seem so proud of this technology too)</p><p></p><p></p><p>2old</p></blockquote><p></p>
[QUOTE="2old4this, post: 18125, member: 174998"] Forumula-1/Favoriteman (sic) is a truly insidious bit of adware (perhaps better classified as a parasite) that hijacks your browser and can install & execute software on your PC without any further interaction or permission. It comes in under ActiveX control, or packaged with other software. I have just managed to rid myself of this and thought I would share this info with others. I already employ a fair range of protective measures - ZoneAlarm Pro, ad-blockers, pop-up blockers, virus checkers and suchlike. But this still crept in. Ad-Aware, widely held to be the best adware cleaner, failed to completely remove it. It took some investigation and manual cleanup to finally do the trick. The thing manifested itself on my PC by triggering at intervals the placement of a URL on the desktop (ironically entitled "stop spyware now!"...). I'd also get screens popping up while browsing, declaring I had won a prize and bearing no relationship to the page I was at. The cause turned out to be the FavoriteMan parasite. It propogates by hijacking the browser, and placing a file in the windows system32 directory that is called SysLdr.dll. However it is not a DLL at all. It is a list of URLS and other control information that the parasite uses. While you are browsing, a background "helper" application periodically connects to the URLs in the control file and presents ads/etc. It can also download other programs/adware and generally wreak havoc with your privacy. Running Ad-aware found various bits and pieces relating to Favoriteman, including some registry keys. However, the very next time I used my browser, the sysldr.dll file appeared again. Clearly Ad-aware was not completely cleaning up. I also had a program (an exe!) appear as if by magic - called Exacct-something-or-other.exe, and the program was executed without my permission (imagine if this had contained malicious code rather than just adware...) In the end I found a number of other registry keys including those of browser-helper objects that I had no idea were (*ahem*) helping me to browse. I found them by searching on "Fone" (= F1). Only when I had deleted all those classes was I able to use the browser without triggering the creation of the SysLdr file. When I cleaned-up, I went looking for more info. Seems that this product is a derivative of (or component of) one of the most apalling bits of spyware ever deployed - the Blackstone Data Transponder (or VX2/Sputnik/Netpal). If you want to worry yourself, read this: [url]http://www.cexx.org/vx2.htm[/url] Other resources: [url]http://www.safersite.com/pestinfo/F/FavoriteMan.asp[/url] [url]http://hspost.com/netprick.html[/url] [url]http://www.spywareinfo.com/bhos/[/url] Vendor: [url]http://www.mindsetinteractive.com/[/url] (mailbomb their sorry arses) [url]http://www.f1organizer.com[/url] (and they seem so proud of this technology too) 2old [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Computer Discussion
F-One/Favoriteman
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…
Top
