Sites against parasites

Last week I wrote that millions of Windows users unwittingly installed "parasites" when setting up music-sharing programs or other free marketing gimmicks. Some parasite programs harvest fake sales commissions from e-commerce sites.

Last week I wrote that millions of Windows users unwittingly installed “parasites” when setting up music-sharing programs or other free marketing gimmicks. Some parasite programs harvest fake sales commissions from e-commerce sites. They can also make your PC unreliable and crash-prone.

Many companies have banned employees from using music-sharing programs, not just due to copyright concerns.

According to John Thornton, editor of Hacker’s Digest, 6% of one peer-to-peer network’s files are actually viruses. Downloads such as Pink.mp3.vbs are displayed by the music-sharing program without the .vbs extension, which indicates a Visual Basic Script virus (see The Register).

Merely having a policy against peer-to-peer, however, doesn’t clear up the mess that these programs quietly added to users’ hard drives. A clean sweep requires new tools.

One of the most intriguing approaches to the problem has been initiated by a website developer named Andrew Clover.

A British programmer who’s fluent in Python, PHP and Java, Clover divides his time between work in Germany and the UK.

Without installing anything, you can automatically test your PC for dozens of different parasite programs at his personal site (http://and.doxdesk.com/parasite). The test requires JavaScript, which is currently enabled in about 88% of browsers, according to thecounter.com. Clover encourages visitors to copy and use the script on their own sites, perhaps modifying it to blend with their own styles.

The script works by querying your PC for character strings that various parasite programs insert into the Windows Registry.

Each string, known as a Class ID or CLSID, is a globally unique hex number identifying a single programme. These numbers are generated by GUIDgen.exe, a utility included with Microsoft Visual C++ 4.0 and later.

Many parasites use these strings to register themselves with Internet Explorer as a so-called Browser Helper Object. Microsoft designed IE to allow programs such as these to manipulate the keystrokes and activities of the browser.

This is one way parasites transmit false e-commerce codes. Unfortunately, Clover’s test doesn’t identify all worrisome parasites. Interviewed by telephone while he was visiting Bristol, England, Clover said, “There are lots of parasites that don’t use a Class ID at all, and my script can’t detect them.”

It’s my hope that a web service can be developed that’s truly comprehensive. Users could learn valuable info — such as the symptoms and diagnoses Clover’s site provides on 49 parasites — even if their machines test clean.

Meanwhile, run the free Ad-Aware program, which searches for and allows you to remove almost all parasites. A helpful download page is at PC World.

I’ll have more on this next week.

Send tips to contributing editor, Livingston. He regrets that he cannot answer individual questions. Send letters for publication in Computerworld to Computerworld Letters.

Join the newsletter!

Error: Please check your email address.

Tags Window Manager

More about Andrew Corporation (Australia)LivingstonMicrosoft

Show Comments

Market Place

[]