-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I apologize if any of this is already known or not applicable to this list, but i found something that disturbs me today about grokster. While going thru my registry today, i noticed the reg entry: SOFTWARE\Microsoft\windows\currentversion\run "dlder"="C:\winnt\explorer\explorer.exe" C:\winnt\explorer\ turned out to be a hidden folder, with one file "explorer.exe" (31Kb). So i deleted the entry in the registry, PGP-Wiped the directory and EXE file, and rebooted. Upon rebooting, i noticed a "dlder.exe" hidden executable in my C:\winnt\ folder (i dont know if it was there before, but i think it was, i just didnt notice it). After opening up explorer.exe and dlder.exe in an editor that displayed them as Hex, i noticed "clicktilluwin", which is a (supposedly) optional add-on piece of software that comes with Grokster. I had installed grokster last month and used it once, disliked it, then uninstalled it. So it worries me that this "click till u win" thing that i told grokster *not* to install, is still hanging around. Then i called a friend of mine, who verified that he had the same reg key and hidden folder/files. he deleted the affected registry keys and bogus "explorer.exe" and "dlder.exe" files and rebooted. Then, he did a fresh install of Grokster, specifically telling it *not* to install "clicktilluwin", then rebooted, and there the registry keys and hidden files appeared again -- seems that "click till u win" is installed no matter what you tell grokster. I have no clue what these two binaries are doing to my system, and it worries me that they might be keyloggers (or something malicious). I attached an email my friend sent to me after he did some research into Grokster, and now i am even more nervous. It seems that the information he found about the company is completely bogus.... (Please see attached email) For more information and copies of the two binaries that i found on my system, please go to: http://furt.com/grokster/ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPCuJYcaXTGgZdrSUEQJ0mQCgzDuXQ4JLbEshiHs1UySN3Wt/hOkAoKiv SZ6OlPu4ACdHv1V6V3iruLoY =XTZ3 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Dec 27 2001 - 13:44:08 PST