Wareout Trojans and Adware
FYI: I did not misspell Wareout
We are all vulnerable to spyware, adware, worms and Trojans, even me. Sometimes however, there's just nothing you can do to stop their invasion onto your computer, or is there?
Let me first give you a little background, then I'll tell you my story. I had been writing a new program, Special Agent P. C. Secure, it features a new way to stop spyware, adware and other unwanted files from infecting your computer. P. C. Secure has a firewall, and a phishing monitor. That's phishing not fishing. An example of phishing is when you get an email from your bank (but's it not really your bank) and your sent to a fake site that looks like your bank's offical site and your asked to login and update your personal information. It's a form of identify theft.
PC Secure has several other features, such as hiding and encrypting files and other information, but this is not the subject of this newsletter, just the prelude to my story
While developing the software, one of the features I wanted the program to detect were sites that do not use the normal http or https ports, 80 and 443 respectively. This is a sure give away that you are not in the normal channel of surfing the Internet. Ninety nine point nine percent of the time, a legitimate site will be using the aforementioned ports.
So in order to test this component of the software, I started visiting known crack and adult sites because many of these sites are hidden on someone's server and use abnormal ports like 81 etc. For safety purposes, it would be best to use a test machine to visit these sites as their known to put all sorts of unwanted junk on your machine. But since the new program is Internet based, I needed the ability to modify the source code on the fly, so I had to use my work machine. After all, if the software is not going to help me, why would anyone else want it.
Well, on one visited site, I do not know which one, as the browser kept opening windows, and P.C. Secure kept informing me of "Bad Port", Special Agent P. C. Secure then popped up a message telling me that a new folder was installed to the Program Files folder. A program called Wareout started up and literally told me "you have spyware on your system that you don't know about " and it then informed me that it could clean my system.
This program,WareOut was installed at one of these sites. The Wareout.exe was installed to Program Files\Wareout. A Trojan was downloaded and installed several files: Wareout.exe, setvers.exe, tksvr99.exe, snnpapi.dll, snnpapi.exe, ifcfg.exe, scands32.exe, wosysdll.dll, and a few others. I do not know which of these files was the actual Trojan, but I do know that several of these files are known Trojans and I'm sure none of them you would want on your computer.
Upon downloading, the files executed and proceeded to delete all of my Outlook email, all of the files in Program Files\Accessories - Internet Explorer - Movie Maker - NetMeeting - and Windows Media Player, and then proceeded to delete C:\Command.com (so I could not reboot back into Windows), all my System Restore Points (so I could not restore) and then added all my Windows files to the Wininit.ini to be deleted when I reboot. This computer is using Windows ME; XP and 2000 do not use the Wininit file for deleting or changing files in use.
Well, well, Wareout sure did clean up, just not what you'd expect a Spyware sweeper should clean. So I really cannot recommend you buying this Trojan. If it were not for P. C. Secure telling me what was added to my system, Wareout would have definitely won out, and wore out my computer. Although, it did have a cute little Icon of a sweeping broom, let me run right out and buy this software.
Anyway, after restoring all my missing files and deleting the Trojan, I rebooted and visited Wareout's Web Site (let me give them a plug here): wareout.com. They have no email address, not even for their tech support, or purchasing. Who in their right mind would purchase this after it just deleted their computer? What a great advertising gimmick, destroy someone's computer and then tell them that you can stop this from happening again. Install Trojans and spyware and then tell them that it found what all your other software missed. Now why didn't I think of that?
I decided to see if I could find them in the whois, another tool in P. C. Secure (notice I am giving myself plugs too). Their site is being hosted in the United States by a Web hosting company in California, so this is not going to throw up any red flags and the Domain Wareout.com is registered to someone in Tartu (I learned a little something, it's the second largest city in Estonia). But why host a Estoniain Domain in the USA????
So I emailed them, using there on line form, explaining what had happened and they responded with: they cannot understand how it deleted anything, and I quote "If you don't like our software, you always can uninstall it: Start Menu -> Programs -> WareOut -> Uninstall". Who wanted this software in the first place? They neglected to mention anything about having it download, install, and run without my permission, did they not read the first few sentences of my email? Or did they just think I was wishing them a Merry Christmas?
I wanted to write this newsletter with the hopes that Wareout and other software companies that use this subversive method of soliciting their unwanted wares, will be retaliated against. For most people once the software is installed they cannot get it off, so they are stuck with it. Our PC Secure will completely uninstall Wareout.exe with its Spy Remover Agent; you can use the trial version for 15 days free. I certainly would not trust their uninstaller, it probably will unistall the few dollars I have left in my pocket.
I also wanted Wareout to know what I was doing, so I told them in my email I was going to get this page on the first page and top slot of Google, for when people search for Wareout.exe. I figure with my 12,000 to 15,000 hits a day, it will be there before the end of January. I have no problem posting this newsletter, as they have no right to inflict us, behind our backs, onto our personal property, without our permission, with their unwanted software. It is delivered as any other virus, worm, or Trojan; completely unwelcomed and unknowingly. If you know the definition of a Trojan, wareout.exe surely qualifies as one.
Let me know what you think