Category Archives: Identification

For any given product, listings of autoplays and startupware entries.

Crawler(dot)com toolbar

Downloaded and tested the Crawler.com search toolbar, which allows users to search multiple search engines at once.

Test run Aug 25th, 2005, clean Win XP Home, no patches, not activated, no drivers except automatically-installed items from the Windows installation. Items listed as detected by HijackThis.

Installing the Crawler toolbar added these items to the system settings:
Running processes:
C:\Program Files\Crawler\CToolbar.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://portal.crawler.com/search/ie.aspx?tb_id=60002
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.crawler.com/?tbid=60002
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://portal.crawler.com/search/ie.aspx?tb_id=60002
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Crawler\ctbr.dll/sa
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://portal.crawler.com/search/ie.aspx?tb_id=60002
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Crawler\ctbr.dll/sa
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: (no name) – {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} – C:\PROGRA~1\Crawler\ctbr.dll
O2 – BHO: (no name) – {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} – C:\PROGRA~1\Crawler\ctbr.dll
O3 – Toolbar: &Crawler Toolbar – {4B3803EA-5230-4DC3-A7FC-33638F3D3542} – C:\PROGRA~1\Crawler\ctbr.dll
O8 – Extra context menu item: Crawler Search – tbr:iemenu
O18 – Protocol: tbr – {4D25FB7A-8902-4291-960E-9ADA051CFBBF} – C:\PROGRA~1\Crawler\ctbr.dll

When Internet Explorer is NOT running, CToolbar continues to run, and it autoplays with the system.

Uninstall results–this item not removed–it’s the IE home page:
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.crawler.com/?tbid=60002

Overall: The main executable runs when it shouldn’t, for no stated purpose. Uninstall doesn’t restore home page but does restore all other settings. Search results from toolbar show pay-for-display ads first, clearly labeled, before showing true search results which may or may not be on the first page of results.

Summary: I wouldn’t automatically delete this one if the user finds it helpful–doesn’t appear to do anything disruptive. The publisher should fix the way it runs ctoolbar, so that it starts with IE, and doesn’t run all the time.

Yahoo Messenger 6.0.0.1922

Product Review–Yahoo Messenger

Test run July 20, 2005, default settings on clean install of Windows XP Home, OEM edition. Unpatched, no service packs, antivirus, or blocking software. Hardware firewall was the only security in place.

Version tested: Listed in ‘About’ box as “Yahoo! Messenger 6.0.0.1922 and MyYahoo Module 6.0.0.600, (C)1997-2004.”

Summary: Not evil, and not adware. Not harmless, either–it’s a massive set of changes to the system. Uninstallation is massively incomplete. Utility and value are dubious.

Recommendation, Business systems: Unwarrantied product with invasive settings. Prohibit all installations. Should be removed without option as part of all standard maintenance on corporate PCs.

Recommendation, Personal systems: Advise removal–there are too many autoplays and performance hits. Yahoo mail customers are vastly better off getting their emails from the ‘MyYahoo’ service, which requires no software installation. Could be left behind on non-networked systems with only one educated user, if adequate system speed is available to counter the slowdown caused by the software.

LICENSE
=======

The license agreement was the usual bizare set of disclaimers, not as bad as most, not as fair as it could be. There was one term that was interesting–note the absolute lack of notice when they decide to convert the service into anything else. There are no limits, and no notice, and no recourse.

“13. MODIFICATIONS TO SERVICE
Yahoo! reserves the right at any time and from time to time to modify or discontinue, temporarily or permanently, the Service (or any part thereof), with or without notice. You agree that Yahoo! shall not be liable to you or to any third party for any modifcation, suspension or discontinuance of the Service.”

INSTALLATION
============

The installation ran smoothly. It’s the type that does the download during the install (5.37 Mb), but does calculate and display the time needed. For the test, I chose the defaults for everything. The ‘Anti-Spy’ button on the toolbar, on first press, offers to download and install, and has its own license agreement. There is a default checkbox on the Anti-Spy product that changes Yahoo! to the default search engine.

Misleading: One program install results in three entries under Add/Remove programs, for Yahoo! extras, Yahoo! Messenger, and Yahoo! Toolbar. The ‘Yahoo! Anti-Spy’ product has its own Add/Remove entry, matching the install.

Added to running files:
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe

System settings changes, according to HijackThis:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*
http://www.yahoo.com/search/ie.html

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*
http://www.yahoo.com

R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*
http://www.yahoo.com

R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*
http://www.yahoo.com/ext/search/search.html

R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*
http://www.yahoo.com

R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

O2 – BHO: Yahoo! Companion BHO – {02478D38-C3F9-4efb-9B51-7695ECA05670} –
C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll

O3 – Toolbar: &Yahoo! Companion – {EF99BD32-C1FB-11D2-892F-0090271D4F88} –
C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll

O4 – HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O8 – Extra context menu item: &Yahoo! Search – file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 – Extra context menu item: Yahoo! &Dictionary – file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 – Extra context menu item: Yahoo! &Maps – file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O9 – Extra button: Messenger – {4528BBE0-4E08-11D5-AD55-00010333D0AD} – C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 – Extra ‘Tools’ menuitem: Yahoo! Messenger – {4528BBE0-4E08-11D5-AD55-00010333D0AD} –
C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

UNINSTALL
=========

All FOUR uninstall programs completed without failures or warnings.

These three settings were left behind:

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*
http://www.yahoo.com/ext/search/search.html

R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*
http://www.yahoo.com/ext/search/search.html

R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*
http://www.yahoo.com

Yahoo shortcuts were left behind, in Favorites and in Links.
In the read-only folder “C:\Program Files\Yahoo!” 221 files and 20 folders were left behind, total 12.4 Mb.

In the read-only folder “C:\Program Files\Internet Explorer\SIGNUP\Yahoo” 8 files were left behind, total 168 Kb.

REINSTALL TEST
==============
On a second installation after removal, the Yahoo Messenger install program advised me that it was already installed–was I sure that I wanted to install it anyway? My interpretation–even Yahoo’s software detects that their uninstall is incomplete.

POST-MORTEM
===========

Interesting follow-up, post-test: Yahoo sent an email message to confirm that I had activated the toolbar, and mention their use of email bugs (which they call ‘web beacons’) to confirm that I had read it. The email did NOT include any removal instructions for either the email message or the toolbar itself.

From their privacy information, linked in the email: “Web pages may contain an electronic file called a web beacon, that allows a web site to count users who have visited that page or to access certain cookies.”

The email claims that the toolbar provides these benefits, among others (not tested):
“Protect your PC with powerful anti-spy technology…”
“…Eliminate annoying pop-up ads with Pop-Up Blocker.”

From the email itself: “You may have noticed a powerful tool from Yahoo! that resides on your browser. It’s called the Yahoo! Toolbar and it was voted CNET Editors’ Choice in November 2004.
So what’s that mean for you?
It means you have more control over your web browsing experience. And since the Yahoo! Toolbar is customizable, you get quick and easy access to all the things that interest you the most…”
“…This is a service email related to your use of the Yahoo! Toolbar. Please do not respond to this email. To learn more about Yahoo!’s use of personal information, including the use of web beacons in HTML-based email, please read our Privacy Policy. Yahoo! is located at 701 First Avenue, Sunnyvale, CA 94089.”

Product Revew–Hotbar

Test run July 21, 2005, default settings on clean install of Windows XP Home, OEM edition. Unpatched, no service packs, antivirus, or blocking software. Hardware firewall was the only security in place.

Version tested: Listed in folder names as 4.6.1.0/
‘Click here’ on main Hotbar page gave no option, but started the “Take control of email” installation, despite listing several other products.

Redirects searches to resultsmaster.com/SmartOffers

Summary: A kinder, gentler product than the last time I looked at Hotbar, circa 2003. Still doesn’t do anything useful, but no longer appears to take over the system.

Recommendation, Business systems: Remove. Serves no business purpose.

Recommendation, Personal systems: Remove. Redirects web searches.

LICENSE
=======

First license I’ve seen that regulates emotional content–‘desire’ is apparently now a legal term:

“(b) You shall receive, and desire to so receive, various products/services, marketing ads, and campaigns of third parties through the appearance of links, menus, pop-ups, and other methods on and/or in connection with the Service and the Software (all of the foregoing “Third Party Promotions”).”

INSTALLATION
============

End of first installation caused spontaneous reboot, followed by standard Windows file check of drives. Corrupted file c:\windows\system32\config\software.log. On a second reboot, no Hotbar product appeared to have been installed, although one new entry showed up in HijackThis:

Added to running files:
C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe
C:\Program Files\Hotbar\Bin\4.6.1.0\HbSrv.exe

System settings changes, according to HijackThis:

R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm

O2 – BHO: ShprRprts – {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} – C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

O2 – BHO: Hotbar – {B195B3B3-8A05-11D3-97A4-0004ACA6948E} – C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll

O3 – Toolbar: Hotbar – {B195B3B3-8A05-11D3-97A4-0004ACA6948E} – C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll

O4 – HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe

O4 – HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe

O4 – HKLM\..\Run: [wzalvupo] C:\WINDOWS\System32\bkteqtfq.exe

O9 – Extra button: ShopperReports – Compare travel rates – {946B3E9E-E21A-49c8-9F63-900533FAFE14} – C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

O9 – Extra button: ShopperReports – Compare product prices – {E77EDA01-3C56-4a96-8D08-02B42891C169} – C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

O16 – DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj) – http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab

UNINSTALL
=========

Misleading: Separate uninstalls for Hotbar Outlook Tools, Hotbar Web Tools, and Shopper Reports by Hotbar, resulting from one install program of Outlook Tools. Each of these ended the install process with a visit to a web page asking for feedback on the uninstallation. Reboot was required after the last of the uninstalls.

Left behind two empty readonly folders in c:\Program Files, for Hotbar and ShopperReports.

These settings were left behind:
O16 – DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj) – http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab

No shortcuts were left behind.