Jump to content


Photo

torrentsearch.exe contains spyware?


  • Please log in to reply
5 replies to this topic

#1 liam77

liam77

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 24 June 2004 - 09:17 PM

After installing 'Torrent Search' from here:

http://www.openwares...er&filecatid=19

I noticed that there was a new folder ('LIVEUPDATE')in my 'c:\program files' folder.

I have manually uninstalled both programs, and removed any entries from the registry.

Has anyone ever seen the 'liveupdate' program from openwares installed before?


Liam.

#2 liam77

liam77

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 28 June 2004 - 11:35 PM

I used 'Total Uninstall' to create a log file of all file system and registry changes that were made when the torrent.exe installation file is run. The file attached is the complete log.

There are several javascript files put into the 'temp internet files' folder, as well as the LIVEUPDATE folder and files created.

When attempting to run the installed Torrent Search program, a runtime error occurs, and the program will not run. See the thread Here.

Is there any way that I can safely run the LIVEUPDATE.exe file and monitor what it actually does?


Liam.

Attached Files



#3 Exasperated in Phoenix

Exasperated in Phoenix

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 05 July 2004 - 09:24 PM

<snip>
Is there any way that I can safely run the LIVEUPDATE.exe file and monitor what it actually does?


You need a "sandbox" program (something that runs an app inside of a secure container) but they're not free, far as I know. Running a 'secure' sandbox under a Windoze OS is a contradictions of terms, and it's laughable to trust it. Do a search with "sandbox secure -virus network" and you'll hunt for a while. I axed the virus term 'cos there's at least ONE virus called (something).sandbox. The only sandbox I'd trust was one examining a Java app, and only if MSJVM had been eliminated first. Even then, I wouldn't run it on my main box.

I have a sacrificial PC that I use for the same purpose. I run it up on an isolated network, and attach a packet analyzer to watch what it's trying to do. Maintaining a good log of what got modified in your system isn't terribly hard. Understanding the packet log takes quite a bit of experience.

The OS is stored on a CD-R, and I replace the partition with a clean copy when I'm done, and nothing has survived my wipe and replace. The boot sector is locked Just In Case through the BIOS, as well. Of course, I have the hardware jumper to enable BIOS reflash removed, so it's impossible for something to really make a mess. Worst case, I reformat the drive in another computer (it's in a removable bay). Figure $300USD for a sacrificial goat with all of the trimmings.

It's enough of a pain-in-the-rear that I don't use it unless it's something I care about enough to spend several hours on. Life's short, enjoy it!

#4 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 05 July 2004 - 09:51 PM

Only sandbox I trust is an isolated dummy machine with a network duplicator that boots off a Knoppix CD.

And that's a BitTorrent client. BitTornado is better and clean.

http://www.bittornado.com

Just don't click the banners on the site.
Signature file is under revision. This will be back shortly.

#5 liam77

liam77

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 06 July 2004 - 02:52 AM

...  And that's a BitTorrent client. BitTornado is better and clean.

This 'Torrent Search' program isn't a Bit Torrent client, it's just supposed to be a tool to search for torrents.

For a client, I use Azureus.


Liam.

#6 pupudada

pupudada

    Member

  • New Member
  • Pip
  • 1 posts

Posted 07 July 2004 - 07:20 PM

the second last release of torrent search had some bugs in the same, a new version has been released yesterday, have d/l the same but have yet to test it. as far as testing is concerned, i keep all my important programmes in the `c' drive and make a ghost image of the same which is safely stored on 2 cd-rw's... in case anything goes wrong, i just format the `c' drive and re-install the ghost image... the entire procedure takes less than 4 minutes (am using windows 98se... may have bugs, but is safer to attacks than xp)... pupudada




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button