Jump to content


Photo

MSN Messenger Plus


  • Please log in to reply
19 replies to this topic

#1 sirkickabutt

sirkickabutt

    Fight the authority!

  • Full Member
  • Pip
  • 42 posts

Posted 09 November 2004 - 01:22 PM

Hi guys,

Does anyone know if this messenger addon program is malware? Thanks!
<span style='font-size:10pt;line-height:100%'>SirK, If olive oil comes from squeezing olives where does baby oil come from?!</span>

Posted Image

#2 Rafael

Rafael

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 09 November 2004 - 01:31 PM

I am having a problem with it. I install and it worked well. But at the end i created like a search bar on my homepage that also generates some pop ups. This bar is making me crazy it doesn't matter if you close that Internet it still next to my taskbar. Some friends didn't have the problem though.

RZ

#3 sirkickabutt

sirkickabutt

    Fight the authority!

  • Full Member
  • Pip
  • 42 posts

Posted 09 November 2004 - 01:53 PM

No me neither, although many people have labbeled this as spyware I have had no trouble yet, unless its hidden...
<span style='font-size:10pt;line-height:100%'>SirK, If olive oil comes from squeezing olives where does baby oil come from?!</span>

Posted Image

#4 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,758 posts

Posted 09 November 2004 - 02:18 PM

MSN Plus is _NOT_ legitimate MSN software, and it will install the LOP hijacker if you just click through the installer.

It's highly recommended to avoid it.

MSN Messenger does most of what it's done since version 6 - and Trillian does the rest.

Edited by Tuxedo Jack, 09 November 2004 - 02:18 PM.

Signature file is under revision. This will be back shortly.

#5 balotz

balotz

    Member

  • New Member
  • Pip
  • 1 posts

Posted 11 November 2004 - 05:36 AM

Hi guys,
 
      Does anyone know if this messenger addon program is malware? Thanks!

View Post


You can choose not to install the sponsor program during setup.

#6 siljaline

siljaline

    Security Consultant

  • Full Member
  • Pip
  • 42 posts

Posted 14 November 2004 - 02:20 AM

http://inetexplorer....senger_plus.htm

HTH
Silj

#7 Arwen

Arwen

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 15 November 2004 - 06:49 AM

I had no problem with Messenger + as such, but as soon as my daughter downloaded a Plus Update we got inundated with Lop, which I can't get rid of. (I've posted my log in the malware forum).

Searching the registers of the PC I find a couple of files lurking marked 'Plus!'.
Are these the last traces of messenger plus hanging around? Is it safe to delete them, and if I do, is it possibly the end of Lop too?

Can but hope.........

#8 siljaline

siljaline

    Security Consultant

  • Full Member
  • Pip
  • 42 posts

Posted 15 November 2004 - 10:40 AM

I had no problem with Messenger + as such, but as soon as my daughter downloaded a Plus Update we got inundated with Lop, which I can't get rid of. (I've posted my log in the malware forum).

Searching the registers of the PC I find a couple of files lurking marked 'Plus!'.
Are these the last traces of messenger plus hanging around?  Is it safe to delete them, and if I do, is it possibly the end of Lop too?

Can but hope.........

View Post


The folks in the malware thread you posted will help you, Arwen.

Regards,
Silj

#9 Sandi Hardmeier

Sandi Hardmeier

    Member

  • New Member
  • Pip
  • 3 posts

Posted 16 November 2004 - 06:23 AM

Hi guys,
 
      Does anyone know if this messenger addon program is malware? Thanks!

View Post


Yes it is malware, it is definitely adware and can also be called spyware.

The forum 'supporters' depend very heavily on the EULA. In short, if you don't read the licence agreement, then as far as they're concerned, anything that happens is all your own fault - a detailed examination of the forums is quite revealing vis a vis their attitude to those who don't read the EULA and therefore are caught unawares by the Sponsor Program; some examples being N00bs, idiots and retards - yes, retards (just in case such inflammatory posts disappear, I have screen shots).

Side note: since I have highlighted the fact that the MP EULA was not updated to reflect 'long standing' changes for an unacceptably long period of time, and questioned why the EULA was left in an inaccurate state for a long period of time when MP forum supporters depend heavily on said EULA to excuse malware/adware hijackings, Patchou has posted (to a thread to which the OP had not posted for nearly 4 months) to say that the poor, hapless, user should not have been flamed about the Sponsor Program and has even backpeddled in another thread where he has disclaimed a necessity to read the EULA ("I don't rely on anyone reading the agreement,") - such a declaration must have been very embarrassing to his supporters who have, for so long, trumpeted that if you don't read the EULA everything is your own fault.

Is it coincidence that this attitude has only publicly appeared since I hightlighted the fact that Patcdhou did not update his EULA to accurate reflect the real results of installing the Sponsor Program for a long time? Regarding the thread which he posted to months after anybody else, I do not believe, even for a moment, that Patchou did not see that thread for more than 3 months. He comments, quite regularly, on how well he looks after his users, reading the forums and responding to emails etc etc etc.

The installation screen has been updated recently to show a screen shot of the search bar that is installed, but the changes to home page and search engine settings are not obvious. Also, the changes to the EULA are unusual to say the least, and contradictory (the changes trumpet the fact that C2Media *don't* send particular data to C2Media in one section of the EULA, yet in another section still say that the data is forwarded. I see my URL is already provided so y'all can check out everything for yourselves.

Point of interest: a certain personage disagreed wiht the advice of 'Chronos' in a Messenger Plus thread recently; all disagreeing posts were moved out of 'Help and Support' and into 'Testing and Trashing', the latter forum is only available to registered members who are logged in. Censorship? You be the judge.

#10 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Retired Staff
  • PipPipPipPipPip
  • 5,365 posts

Posted 16 November 2004 - 04:45 PM

Hopefully Ad-Aware, SpyBot, etc. will add detections for the entries that C2Media\LOP adds to the XP SP2 pop-up blocker "Allow" list.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#11 Villarule

Villarule

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 26 November 2004 - 12:28 PM

Hhhmm, ive had this for a good while now, and not seen any diverse effects, ad-aware doesnt find anything, nor does Spybot S&D and nothing it or LOP shows up on my HJT log, so could i have removed it already, or are there different versions of it, or is it just hidden?

#12 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,573 posts

Posted 26 November 2004 - 12:43 PM

If you install Messenger Plus3 and you click through on the option to install the sponsoring software, you get LOP...

If you install Messenger Plus3 and you DO NOT click through on the option to install the sponsoring software, you DO NOT get LOP...

That is why some people have a whole world of trouble and some have none... MessP3 is a dubious program according to many who have tried it, but it is not adware or spyware itself... it does use a malware program as its sponsor and you will be infected if you are not careful....

If you have installed it (or if your kids have installed it) DO NOT delete it.... You need to uninstall it through Add/Remove Programs and that should take LOP with it... If you simply delete it and try to fix LOP with HJT, it is much more difficult... If you have already deleted it, you can reinstall it and then properly uninstall it which may then allow you to get rid of LOP properly.... If you are infected with LOP from some other source, this approach will not work................
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#13 Bjerrk

Bjerrk

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 26 November 2004 - 06:56 PM

I have heard of cases where people have chosen not to install the "sponsor software" and then in the long run they'we gotten it anyway :( ...

Sorry for my poor english :blush2: .

-Bjerrk

#14 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,573 posts

Posted 26 November 2004 - 08:46 PM

That probably means that they either didn't realize that they had agreed or they got a separate infection of LOP... LOP can infect in a number of different ways...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#15 Sandi Hardmeier

Sandi Hardmeier

    Member

  • New Member
  • Pip
  • 3 posts

Posted 27 November 2004 - 03:31 AM

I have heard of cases where people have chosen not to install the "sponsor software" and then in the long run they'we gotten it anyway :( ...

Sorry for my poor english :blush2: .

-Bjerrk

View Post


There was apparently a time when an MP auto update automatically installed the update *with* the malware. That behaviour was changed, but it may have a part to play in the problem you mention.

Also, MPs auto-update does not remember previous choices; you have to decline the sponsor all over again every time you update which may be why people are being infected (and, it seems that MPs 'remember settings' uninstall option does not include a user's refusal of the sponsor program, a problematic area of confusion).

Another area of confusion is that MP have chosen a fairly unsavoury crowd to get into bed with. There is more than one version of lop out in the wild; the version that comes with MP is quite innocuous, BUT some other versions of lop are not. Nothing stops the poor victims of lop who also have MP from getting confused about where lop came from, and frankly the MP support forums do not help matters. In those forums, the assumption when lop will not remove is always that AdAware or Spybot has damaged the MP Sponsor uninstall programme. It is not until after the poor OP has uninstalled and reinstalled, and then uninstalled and reinstalled again after being told they must have done something wrong, that, if they are lucky, they will eventually be told that maybe the lop they have has come from somewhere else, in which case everything they have done is an absolute waste of time.

As far as the world at large is concerned, lop is lop is lop is lop is lop - they don't care that, and are rarely lucky enough to find out BEFORE their systems are damaged, that MP's lop is not the same as other versions of lop that are out there. Hopefully one day those behind MP will realise that their reputation is directly dependent on those they associate with, and they will realise that it doesn't matter innocuous *their* version is, if there are other versions of the same software that are far worse.

#16 Bjerrk

Bjerrk

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 27 November 2004 - 06:39 AM

There was apparently a time when an MP auto update automatically installed the update *with* the malware. That behaviour was changed, but it may have a part to play in the problem you mention.

Also, MPs auto-update does not remember previous choices; you have to decline the sponsor all over again every time you update which may be why people are being infected (and, it seems that MPs 'remember settings' uninstall option does not include a user's refusal of the sponsor program, a problematic area of confusion).

View Post


That is likely to be the explanation, i think :).

Kind regards Bjerrk

#17 Mike152004

Mike152004

    Beta® Tester™

  • Full Member
  • PipPipPip
  • 193 posts

Posted 20 December 2004 - 01:07 PM

MSN Plus! is not spyware/adware. The sponser is. Simple, read the installation and don't agree to it. That's why most people get infected with it, because they do NOT read.

Posted Image

Read people!

#18 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,573 posts

Posted 20 December 2004 - 06:06 PM

It may not be spyware itself, but the fact that it takes advantage of the fact that people do not read EULAs which are written so that they discourage people to read them and that they try to shame the user into installing spyware by saying: "I refuse to give my support" makes them just as despicable as most spyware makers in my book... :angry:

They do NOT have to package aggressive spyware with their program, but they choose to do so... Giving people the option to not install it is simply a way that they can avoid being declared totally rogue...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#19 Arwen

Arwen

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 22 December 2004 - 10:34 AM

There's one important point here too.......
MS Plus and other similar programs are highly attractive to teens and kids ('my friend's got it so I MUST have it too'.........) and regrettable though it may be, this age group are even MORE unlikely to read small print and check out the consequences. And the 'sponsors' play on that fact.
My local (Spanish) PC magazine - yes, the one which urged us all to instal MS Plus :( - is now giving publicity fo a similar product, Fenix MSM v2.2. at http://dragonjar.nol.../HTM/DragoN.php
Anyone heard of this? I suspect it goes along the same lines as MS Plus :angry:

#20 Sandi Hardmeier

Sandi Hardmeier

    Member

  • New Member
  • Pip
  • 3 posts

Posted 23 December 2004 - 06:37 AM

There's one important point here too.......
MS Plus and other similar programs are highly attractive to teens and kids ('my friend's got it so I MUST have it too'.........)  and regrettable though it may be, this age group are even MORE unlikely to read small print and check out the consequences. And the 'sponsors' play on that fact.

Another couple of points were touched on at this thread:
Discussion at the aumha.org forums

1. Jason of lop.com told me that features described in the EULA had been "long removed", but the EULA had not been updated. To leave a EULA in an inaccurate state for a 'long' time is simply not acceptable, especially when said EULA trumpets, in all capitals "THIS IS A CONTRACT".

2. The EULA for the Sponsor Program specifically states that if you are not at least 18 years of age *and* the owner of the machine in question, then installing the Sponsor Program is expressly prohibited. Despite this, when apparently underage users openly say that they are installing the Sponsor Program to 'support' Patchou, they are not discouraged.

Both behaviours are unacceptable.

Edited by Sandi Hardmeier, 23 December 2004 - 06:40 AM.





Member of UNITE
Support SpywareInfo Forum - click the button