Follow me on Twitter at Twitter.com/wbm
FYI, I'm blogging most of my stuff over at More Wally now.
You might want to add my rss feed to your reader at:http://morewally.com/cs/blogs/wallym/rss.aspx
Non-Technical - Adware/Spyware developers and marketing folks are not my favorite people - Wallace B. McClure

Wallace B. McClure

All About Wally McClure - The musings of Wallym on Web, HTML5, Mobile, MonoTouch for iPhone, MonoDroid for Android, and Windows Azure.

News

Personal Blog

Work Blog

.NET

Book Authors

Business

Family

Friends

Georgia Tech Bloggers

Personal

Archives

Non-Technical - Adware/Spyware developers and marketing folks are not my favorite people

At one of my customer's, when I am not there, someone else will use the computer that I use, due to resource limitations.  That is fine with me, I'm not there all the time.  Unforntunately, about a month ago, one of these folks somehow got hoodwinked into installing some adware/spyware.  Now, whenever, I show up in the morning, I get one popup screen after another (AOL 9.0, MSN, Refurbished Dell computers (like I would ever buy a Dell again), and such) on this development computer.  I have tried Spybot and Ad-Aware SE.  Spybot sees almost nothing (yes it is fully updated).  Ad-Aware SE sees some of these files, but whenever I instruct Ad-Aware to remove the files, these same files keep coming back.  I'm not criticizing Spybot and Ad-Aware for being bad products, merely that they can't handle the current situation.  I have googled for all of these adware, spyware, malware products, but I have never been able to get these scum bags removed.  These products are wupdt.exe, polmx3.exe, and qwnpln.exe.  I am fearful that the only way to resolve this problem is going to be to repave and start over with this machine. About 12 months ago, someone installed some adware product at my office.  It messed up everything with the computer and the only solution was to repave.  About 3 months ago, I got caught by the Download.Ject virus and I just repaved and started over.  These spyware people wonder why no one likes them.......Geez.

Now, I am hearing that there are moves afoot to outlaw, at the state and federal level, spyware-adware type of programs.  Good.  The problem is that these same folks that run these adware-spyware companies are crying about how what they are doing is just fine and that the only way that their software is installed is if the user allows this to happen.  Well, I didn't allow this to happen on this machine, yet, I am now stuck with the consequences of someone else's actions.  BTW, have you tried to run the uninstall for these programs?  Oh, I forgot, the uninstall does not exist.  Another argument for these adware/spyware marketeers is that what they are doing is protected by the United State's First Amendment Right to Freedom of Speech.  Well, that sounds all well and good, but I did not give them the right to market their products to me when I am trying to work.  Yesterday afternoon, every minute, I was interrupted with some new popup ad.  I seriously doubt that is protected by the "Freedom of Speech" Amendment.  Wonder how those adware/spyware types would like it if I called their office every minute for a few days in a row.  Oh yeah, I think that there is something I learned about in school where the "Freedom of Speech" does not extend to yelling fire in a crowded room and that the freedom to do as you please stops when it effects others.

If the people that develop and market these adware/spyware products want to keep their products from being made illegal, they need to:

  • Quit attempting to confuse people with the "X" within another "X" to attempt  to get people to download their products.  Quit telling people that their computer's aren't optimized.
  • Create a standard windows uninstall.  I am sick of your tricks.  Gee, I don't see a standard windows uninstall on this system for any of these products.. 

Until these two (and other) things are done, if you make or market some type of adware/spyware, you will not be on my Christmas card list.

Wally

Posted: Sep 22 2004, 07:50 AM by Wallym | with 9 comment(s)
Filed under: ,

Comments

Jamie Cansdale said:

My first port of call would be a couple of Sysinternals utilities...

You could you this to find out what process is re-writing those files.
http://www.sysinternals.com/ntw2k/source/filemon.shtml

You can use this to find out what is autorun at startup.
http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml

If the files are being re-written at startup then see if you can make Filemon run at startup before this happens.

Good luck!
# September 22, 2004 8:27 AM

SBC said:

The New York Time had an excellent article 2 days ago about this ad-spy ware morass. I had similar problems with two machines. It's a b* to remove those darn varmins. I had to reinstall the OS and apps and took a lot of time. Those a*holes should get the prod.
# September 22, 2004 8:29 AM

Richard Dudley said:

>what they are doing is protected by the United State's First Amendment Right to Freedom of Speech

No, it's not. They who make this claim are confused. Businesses do not have the same freedom of speech protections under the First Ammendment that individuals have.

Try rebooting in safe mode and running Ad Aware.
# September 22, 2004 9:16 AM

Justin said:

I have run across this problem before. To resolve, it I used BartPE to create a cd boot disk with adaware on it, booted off the cd, and ran adaware. The problem is caused because the files are in use and adaware can not remove them while windows is running.
# September 22, 2004 10:11 AM

Brian Schkerke said:

Pest Patrol.

Yes, it's commercial, but it is a fantastic piece of software for those additional pests that Ad-Aware and S&D can't handle.
# September 22, 2004 10:58 AM

Shannon J Hager said:

I've had this problem exactly once. It was caused when a program I know and love said it was time to update and I was literally half-asleep and went with the standard install instead of the custom install. The standard install included some nasty adware that I could not remove.

I was able to remove it by uninstalling the program it came with. I then reinstalled the program and unchecked the "install sponsor program" option (as I had done every previous install except that one).

I would suggest you find out what program the developer installed that brought the adware into play. If it was a trick/popup that installed the adware, you should find out why they were playing around on dodgy websites while in the office.
# September 22, 2004 11:41 AM

Shannon J Hager said:

I've had this problem exactly once. It was caused when a program I know and love said it was time to update and I was literally half-asleep and went with the standard install instead of the custom install. The standard install included some nasty adware that I could not remove.

I was able to remove it by uninstalling the program it came with. I then reinstalled the program and unchecked the "install sponsor program" option (as I had done every previous install except that one).

I would suggest you find out what program the developer installed that brought the adware into play. If it was a trick/popup that installed the adware, you should find out why they were playing around on dodgy websites while in the office.
# September 22, 2004 11:43 AM

Doug King said:

I was able to remove these without reinstalling the O/S. First clean with Ad Aware. Then logof and logon. Run Adaware again and you will see that some files are still suspect and some new registry entries have appeared. Adaware should give you a clue as to which files you will have to clean up manually (it seems you have allready figured what they are). This particular malware is somewhat smart about regenterating itself. It also renames itself randomly so if you google for answers on that file you will not get any results. That is why Adaware can't identify it - no consistant name. If you attempt to remove it's registy entries (the ones that are rdirecting the browser search, etc.) it will rebuild them. This is because it is running in the background looking for any clean up operations and rebuilding it's nastyness on the fly. You must first kill the running process and then deleted the .dlls / exe's manually. To do this just run task manager and kill the wupdt.exe, polmx3.exe, and qwnpln.exe processes (if they are still called that). Then delete the files. Logoff and back on and run adaware again to see if any new registy entries were found. I they were, then you have not killed it yet and more detective work is in order.
# September 22, 2004 12:17 PM

evilmousse said:

this was on slashdot earlier today:

Spam Opt-out Link Triggers Malicious Code Attack
http://slashdot.org/article.pl?sid=04/09/22/1355238
# September 22, 2004 1:51 PM
Leave a Comment

(required) 

(required) 

(optional)

(required)