Nero 7 Essentials

Identification

I’ve been getting some very specific complaints about Nero 7 Essentials. “The computer slows down. It crashes. Started with the new DVD writer.” All the drives in question were bundled with the OEM version of Nero 7 Essentials. Time for another test. Test box for today is running an Athlon XP 1900+, Windows 2000 Pro with Service Pack 4, no antivirus or security software whatsoever, lots of memory and drive space, and not much on the hard drive.

Before the install, I ran Hijack This and added everything to the ‘ignore’ list, and ran CCleaner, and accepted every registry issue found–it’s a clean test box, so there wasn’t much.

Started the install:
Nero 7 Welcome Screen

I chose all the default options:
Nero 7 typical install

At the truly arrogant file options, I made no changes–Nero wants to be your program for everything related to content. Apparently it’s more than a DVD burning program, in the opinion of the publisher.
Nero 7 file options

At the install options, I again made no changes. Note the “Nero Scout” item at bottom left, unchecked by default.
Nero 7 options

The install completed without problems. I restarted the computer, and went looking. No new system tray icon appears, and no indication that I’ve installed anything more than a DVD burner. But wait, there’s something–in the Windows menus, in the Nero group, I see Nero Scout. Ooh, options. Here’s the view–it’s ON by default, and installed without asking:
Nero 7 indexing without asking

Ran HijackThis again. There are only two new entries:
O4 – HKLM\..\Run: [NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O23 – Service: NMIndexingService – Nero AG –
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

So my DVD burner software includes a full indexing scan for files, also called ‘desktop search’, on by default, of all types (it’s on that ‘Files’ tab), with no system tray icon, and no obvious place to type in a search. What does this have to do with burning a DVD? (Nero, if you’re reading this, send me an answer–I’ll post it.)

I won’t comment much on the functionality of the product, except for one item: DVD-video functions (Nero Vision and some other areas) work for 30 days, then display an expired message. OK, I have no problem with a vendor trying to upsell, but announce that the product is half real and half 30-day trial in advance, and give me an option to uninstall the dead software chunks–I don’t need all this clutter.

Uninstalled. No error messages. Restarted the PC. Ran HijackThis a third time, and both autostart entries have been removed–good so far. Under C:\Program Files, there’s a leftover folder “Nero” containing 4 files and 2 more folders. Sloppy, but not unusually so. There’s a file left in the c:\WinNT folder, “NeroDigital.ini”.

Ran CCleaner, and checked the registry. Remember, I cleaned it before the install. There are now 380 registry errors. These are in the categories of:

    ‘Unused File Extension’ mostly for graphics still formats,
    ‘ActiveX/COM Issue’ for ‘AppCore.MediaSource,
    ‘Invalid or empty file class’ for CDmaker, and
    several hundred “Open with Application Issue’ entries, pointing to “HKCR\NeroExpress.Files7…”

Overall results:
Is it startupware? Absolutely. It adds two autoplay entries, one totally unrelated to the program’s function, doesn’t ask permission before adding the unrelated functions, and turns on a processor-intensive application by silent default.

Recommendations–

First, don’t install with the defaults. Uncheck every file format on ALL the pages in the install options, except those that you’ll really use the program for. If in doubt, uncheck it.

Second, check off that box: “Configure Nero Scout on first usage” and then disable it.

Or find the autoplay entry for Nero Scout, it’s in Control Panel, Administrative Tools, Services, NMIndexingService–choose stop, and disable. Then find and delete the file:
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

And finally, consider some other program. This install doesn’t inspire trust.

Trialware and the Dell Vostro

Definitions

Dell has had its share of bad press over bad decisions. Usually, they’re like most big companies that just don’t get it. Now, they’re advertising a new series of computers, called “Vostro”. No, I don’t know how they could possibly trademark that in Italy, where it would mean “Your Computer”. Like I’ve said, bad decisions. Could have been worse, like sending the Chevy Nova to Spanish-speaking countries, where it means “doesn’t run.”

But maybe they’re done something right. Never know. Random roll of the dice, and all that. The Vostro will, according to the press release from July 10th, be somewhat free of what they’re calling Trialware.

New York, July 10, 2007

Dell today extended its commitment to customers with a new brand of notebook and desktop computers designed for small businesses. The VostroTM branded products feature no trialware and simple to use tools that address top-of-mind problems such as data back-up, PC performance and health, and specialized networking support for customers without dedicated IT staff.

The Vostro (Latin for “yours”) product and services family is a milestone in the company’s strategy to reduce the cost, time and complexity of managing information technology for customers of all sizes.

OK, now this sounds good. Then again, they don’t really understand what their customers want:

Regardless of geography, small businesses told Dell that tools to help accomplish common, time-consuming tasks associated with backing up data and optimizing system performance, and easy support options rank among their top IT needs. To address these needs, Vostro customers receive automated support tools customized for small business at no additional cost for the first year (minimal charges may apply in some countries).

The tools include Dell Automated PC Tune-Up, which reduces more than 30 tuning, performance, security and maintenance tasks to one click; Dell Network Assistant, which simplifies the set-up, monitoring, troubleshooting and repair of a customers’ network; and Dell DataSafe Online for online backup of up to 10GB of user data and protects against data loss resulting from disasters, theft or damage.

Translation: Dell isn’t going to include Trialware, which is the word they’re using to describe free trial software that they get paid for any time a PC user clicks through and buys, upgrades, or views ads from the icons and pre-installed software on all their other machines. Instead, they’ll provide up to one-year versions of their own private-label clutter that changes standard Windows functionality to favor their own system, and auto-runs at startup. Prices for these “solutions” after the first year’s free trial weren’t announced.

Good? Well, maybe. Depends on implementation. If the startupware they install is designed to work together, it’s a smaller burden on the system than the usual combination of startupware, trialware, and bloat. But calling these boxes ‘clean’ would still be false–they’re still loading products beyond Windows and hardware drivers.

Have you bought a Vostro? Post a comment back and report if the configuration is an improvement.

More information: Here is Dell’s press release.

ContraVirus cleanup

Field Reports

Had a call from a client this week, describing a “Microsoft logo down by the clock with a virus alert.” It wasn’t, but that was the message. This is on a recent vintage Dell box, XP Home, fully-patched, with antivirus and antispyware packages from one of the major companies. A yellow warning flag announced that “the system will now download and install more efficient antimalware program.” The bad English grammar was a bigger clue to the customer than anything else that this wasn’t normal.

Well, the yellow box was followed by a silent install of ContraVirus 2.0, which launched and started an apparent “scan” which resulted in “finding” 27 infections. I had the customer do an online spyware scan, which found and removed the problem, but it came back within a minute or two. Also had him uninstall ContraVirus from the add/remove list. That worked, too, but the flag came back, reinstalled, rescanned, and found the same infections each time, even though the system had been fully scanned by two other programs between the two CV “scans.”

OK, in the car, down the road… I had already looked up ContraVirus online–the reports describe it as either rogue antispyware, or being installed as a drive-by download by an affiliate. RogueRemover, from MalwareBytes.com, was said to take it out, so I took that with me, along with my usual software tools.


Screen capture, ContraVirus 2.0
Here’s what the screen looked like when I arrived.

Took a look… Yes, it’s really easy to remove this, or so it appears; it heals. Ewido.net’s online scan takes it out, or RogueRemover, or add/remove programs, but it won’t stay gone; it reinstalls in less than 4 minutes, immediately if an Internet Explorer window is opened; there’s a browser helper object involved.

HijackThis reported this:
O2 – BHO: IEExtension Class – {DBE5BEE8-F032-11DB-826A-C4BB56D89593}
– C:\Program Files\ContraVirus\secieaddin.dll
O3 – Toolbar: Ad-Protect Toolbar – {EA038DDD-0FE0-41f5-BA60-FC3660529E71}
– C:\Program Files\ContraVirus\ToolBand.dll

But this one appears to be the self-repair program:
O4 – HKLM\..\Run: [Windows Updater Servc]
C:\WINDOWS\system32\xpuupdate.exe

It was this xpuupdate.exe that RogueRemover and all the other cleanups missed. I ran a drive search for ‘xpuupdate’–there was also a reference in the prefetch folder. I moved the files off c:, ran one more cleanup immediately with RogueRemover and this time, the cleanup stayed cleaned.

Back to the computer owner: He recognized that the yellow popup box looked like a Microsoft message, and also thought the system tray icon was from Microsoft, but also knew that advertising message puffery and bad English isn’t quite what to expect in a legit warning message.