Feature 31 - Tuesday, February 15, 2005
Kevin P. Tremblay
Computers are complicated because of all the tweaking required to operate them. We don't need the further problems of software spies watching our every move on the Internet, and the difficulty of removing them. Internet surfers beware!
I had noticed that my computer was becoming sluggish and the speed of my Internet connection had decreased over the last few months. Therefore, I obtained a few Adware and Spyware detection programs. These programs check your computer to see if any known software spies are installed on your system and are monitoring your Internet use. If so, you may be offered products by the companies that obtain the information gathered by these programs.
Each of these program spies uses your system's resources and bandwidth while you are on the Internet. Each program must stay resident in your machine to continue monitoring it. Are you on the Internet? Which sites are you going to? Is it time to offer you a product? Which product, based on your Internet browsing?
Furthermore, there is the issue of “cookies.” These files are installed on your computer when you visit certain sites. Such files have some benefits, but your loss of privacy far outweighs the so-called benefits of these cookies. Cookies' also monitor you while on the Internet. When you go back to a site once visited that installed a cookie on your machine, the company's cookie registers the fact. It knows how many times you visited and where you were before and after visiting their site. Not all cookies operate in the same manner or monitor your Internet use to the same extent. Some only activate when you visit the cookie's owner's sites.
I have my Internet Explorer browser set to block all cookies. Still, every time I go on line cookies are installed on my machine. I remove them after each Internet session. It is time consuming and aggravating. Apparently, there is a flaw in the operation of the Internet Explorer browser installed on my machine. Possibly it has become corrupted. I have not taken the hours that may be required to search out a solution for this issue. I would have to go to the Microsoft site and begin reading technical “white papers” on the Internet Explorer and seek out a solution. Also, it will certainly require the download of some additional component, software patch or even a new browser. Some sites will not provide you any content unless you have their cookies installed on your machine. Up to now, this issue about the cookies on my computer has not been a priority for me.
But Spyware and Adware programs are much more aggressive than cookies are and I'm angry about them. BargainBuddy is a “Browser Helper Object” that records the pages you go to and the searches you make with search engines such as Google.com. It gathers this information and then offers you products based on your searches and browsing. I first became aware of this program residing in my machine when I brought up the Task Manager. This is a Windows program that provides information about software and programs operating in your computer. I saw that there was a program resident on my machine “bargain.exe.” Every time I closed this program it would reopen within seconds.
I vowed to get to the bottom of this program. I did a few searches to find out more about bargain.exe. Generally within the information I was receiving about the program was some steps to remove it. I found the obvious computer registry entries associated with this program. I would remove the files in my Task Manager and those I found in the Windows Explorer also associated with this software. This would stop the program from operating for that particular session. When I rebooted my computer the files would all come back again. It was driving me batty.
Finally, I found that the program that was installed on my machine was called the BullsEye Network and resided in the Add/Remove Programs within the Control Panel. So I made the attempt to remove it, only to find that I could not for unethical reasons. When you attempt to remove this software there is a survey you must take in order to remove the program. The survey questions follow.
What is the main reason for uninstalling BullsEye Network?
I do not want any popups, and the rest of the questions have no answers that I can agree with. It took some doing, but I finally tracked down the creators of this program and Bargain Buddy. The name of the company that created the program is eXact Advertising, located in New York City. I faxed them an angry letter about my problem with their software and how I could not answer their survey questions and wanted the software off my computer.
An Affiliate Manager of eXact Advertising did contact me. Michael Garcia was polite but wanted to know why I just could not take the survey. I explained that these questions did not provide answers that were correct for me. He suggested that I just answer them to get Bargain Buddy off my computer, to which I replied by saying that this would be dishonest of me and would skew their survey as the answers would not be correct. After some discussion, he understood where I was coming from.
The other issue was how the software originally got installed on my machine. He explained that eXact Advertising created the software, but that it is offered to vendors who sneak it into your computer when you are downloading other programs off the Internet. It is bundled with other software. The vendor sets the criteria of the targeted products that the software will offer after download and activation.
The errant software settles into your computer when you download certain desirable software. This is agreed upon in the fine print of the license agreement for the sought after software. Three different programs were stealthily installed on my machine. For example, if you go to the Yahoo homepage, they offer a free credit report. When you elect to obtain this free credit report, somewhere in the fine print you may be agreeing to have this unwanted software install itself on your machine.
Michael had me go into the Registry on my computer and check certain entry signatures. I discovered that the identity of the installer was CDT4 and 1f61. He could not tell me what company this was. He had a list of codes for the various known vendors, but these two codes were not on his list. Later he said that he would have this vendor contact me directly after learning who it was. But he did not tell me who it was.
He also said he would have to get back to me about uninstalling the software without having to lie on the survey. He contacted the software engineers at eXact Advertising and called me back. He explained that this was the first time that they had ever had this issue posed to them. That seemed unbelievable to me. The claim was that everyone else that removed the software answered this questionnaire and did so even if the answers were not what they wanted to say. This is self-serving manipulation on the vendor and eXact Advertising. After installing their software on our machines, they get us to agree with what they are doing when we attempt to get rid of it. Wow!
Michael and I talked about the software again the following day. He still did not have an answer for me but told me that the company was working on one. The next day he called back and seemed to have an answer. The software engineers created a new program that was essentially the same as the last one for the BullsEye Network, but there would be no survey attached to this particular one when I uninstall it. He said that the software engineers developed this specifically for me.
I downloaded the program which was sent to me as an email attachment. I unzipped it and the software installed itself on my machine. During the installation some files attempted to access the Internet even though I did not want to be on the Internet. These files even made an attempt to connect to the Internet by initializing my dial-up connection. I did not allow this and I therefore removed my phone line from the computer jack, to insure no connection was made. I have a program on my computer called Zone Alarm that informs me whenever an attempt is made by a program on my machine to connect to the Internet, or when an attempt is made to enter my computer from the Internet.
There were three different programs installed by this download: CashBack, Navisearch and The BullsEye Network. I was directed to remove these from my Add/Remove Programs in the Control Panel after the installation. However, there were problems with uninstalling the software.
The next morning I went through the entire procedure again and took specific note of what files made requests to connect to the Internet. I also removed all the cookies I had discovered. After the software was reinstalled with the survey-free BullsEye Network software, I noted that there were three cookies on my machine. What a beast this software is!
Following is a rundown of exactly what I did and what happened in the installation and uninstallation process, and a list of the files that were left on my machine.
It got deeper as I continued on my mission to remove the files and software. After I unzipped the file sent to me and ran the executable file “package8034-bugtrk-adaptest.exe,” four files made an attempt to connect to the Internet during the installation process. They were “exdl.exe” which attempted to connect to DNS 18.104.22.168. The next file to attempt this was “exdl1.exe” then “exdl2.exe” and finally “exdl3.exe.”
After the software was installed an icon of a dog appeared in my Systray (where the clock resides). Now the removal process began. The first to be uninstalled was the CashBack program. I went to the Add/Remove Programs in the Control Panel to uninstall. Two files attempted to connect to the Internet. They were “exdl.exe” and “trkgif.exe.” Nothing seemed to happen. Then the item was gone from the Add/Remove Programs dialog box.
Next, Navisearch was apparently removed. This software also attempted to connect to the Internet in the names of “trkgif.exe” and “exdl.exe,” executable files. These were the same files that attempted to connect to the Internet when removing the former software.
Finally, I selected The BullsEye Network to uninstall. The same two files made an attempt to connect again. Trkgif.exe attempted to connect to DNS 127.0.0.1 using port 3960. I rebooted the system after uninstalling appeared to be complete.
Using ScanSpyware I discovered 11 files or registry entries on my system related to this software and then I discovered something else as well.
The Registry entries are:
1. eXactSearch Regkey: HKEY_LOCAL_MACHINE\SOFTWARE\exactuil
This time I note where cookies have been installed:
3. Tracking Cookies C:\documents and settings\owner\cookies\email@example.com
Now the next files are:
6. Bargain Buddy file C:\WINNT\system32\exdl.exe
These three following were Directories in my Windows Explorer.
9. NaviSearch Folder C:\Program Files\NaviSearch
When I attempted to locate where the executable file, the downloaded zip file that was used to install the software was located on my machine I found these files following during a search of my system.
These four files were installed at the same time that I installed the software and are located under “prefetch.”
These seven files were also found while doing a search for anything with “exdl” in the name, using the DOS wildcard. I note that the Exdl.exe and the Mqexdlm.srg are dated from before this current installation, whereas the others, which were “prefetch” were dated for this specific installation session.
Michael suggested that because I would not allow these files to connect to the Internet during the installation and removal process, this would explain why the software did not properly come out of my machine.
He suggested that I obtain an Adware removal program. I finally did obtain a free download entitled Spyware Doctor and it discovered many more files associated with this software. There were a total of 107 files to be removed even after using the uninstallation feature in the Control Panel.
Is this any way to advertise?