Last updated
14/05/2005
Copyright © 1999 - 2004, Sandra Hardmeier, All
Rights Reserved Worldwide
9 January 2005
I note that the email address privacy@ieplugin.com is no longer mentioned in the "IE Plugin Limited License and Privacy Agreement" at http://www.ieplugin.com/terms.html. Instead, we are told to use an online form at http://www.ieplugin.com/contact2.shtml?privacy. I also note that that the conact pages capture "REMOTE_HOST,REMOTE_ADDR,HTTP_USER_AGENT".
My latest installation experience:
WARNING!! One of the pop-up advertisements generated by the software bundled with Intelligent Explorer was extreme, high-end pornography. Do NOT install this software, even for testing purposes, if your computer can be accessed by anyone under 21, or anybody (including yourself) that may be offended by the type of pictures that are generally only legally viewable by adults.
I didn't think things could get more complicated than my initial experience, but they did. A year ago, Intelligent Explorer included a lot of spyware, BUT the spyware was removable and did not automatically reinstall, like it does now (see below).
Just like last time, I downloaded Intelligent Explorer from www.ieplugin.com. My notes follow.
Spyware, crapware, malware detected by Adaware (over 11 megabytes):
180Solutions(TAC index:8):49 total references
BargainBuddy(TAC index:8):252 total references
ClipGenie(TAC index:4):1 total references
DownloadWare(TAC index:8):7 total references
ImIServer IEPlugin(TAC index:5):73 total references
MRU List(TAC index:0):60 total references
NetworkEssentials(TAC index:7):58 total references
Other(TAC index:5):35 total references
Possible Browser Hijack attempt(TAC index:3):103 total references
Rads01.Quadrogram(TAC index:6):1 total references
Roings(TAC index:5):1 total references
SahAgent(TAC index:9):20 total references
SCBAR(TAC index:3):55 total references
Search Relevancy(TAC index:5):14 total references
SurfSideKickBHO(TAC index:7):1 total references
WindUpdates(TAC index:8):2 total references
Winpup32(TAC index:6):1 total references
Control Panel (add/remove programs) listings and uninstallation behaviour:
IEPLUGIN - no add/remove program listing - used automatic uninstallation at
www.ieplugin.com
BMSE dbl (0.82 MB) (are you sure window) reappeared on reboot.
IEC System (0.82 MB) (are you sure window) reappeared on reboot.
SE Assistant (0.82 MB) (are you sure window) reappeared on reboot.
SE Help (0.82 MB) (are you sure window) reappeared on reboot.
Search Assistant (0.82 MB) (are you sure window)
Search Function (0.82 MB) (are you sure window) reappeared on reboot.
IE Help (are you sure window) reappeared on reboot.
Sidebar Search (0.82 MB) (are you sure window)
DeskAd Service (0.11 MB) Multiple prompt windows; opened window to
www.winupdates.com page advertising 'Adware Remover Gold', 'Email Spam Block'
and Data Shredder Gold (note that Addware Remover Gold, of
www.adwareremovergold.com and www.adremovergold.com
is mentioned at Spywarewarrior as a rogue antispyware application - you can find
more information here -
http://www.spywarewarrior.com/rogue_anti-spyware.htm.
Search Relevancy (0.25 MB). Uninstall wizard, 3 prompt window, confusing text,
same advertising window as DeskAd Service, uninstall froze add/remove programs
and control panel.
CashBack by BargainBuddy [eXact Advertising) (0.33 MB) (uninstall wizard, 3
prompt windows, confusing text) Accessed internet during uninstall.
NaviSearch [eXact Advertising) (0.16 MB) Same uninstall wizard to Cashback by
BargainBuddy. Accessed internet during uninstall.
The BullsEye Network [eXact Advertising] (2.01 MB) same uninstall wizard,
confusing text, survey window, accessed internet.
DownloadWare (1.58 MB) (prompt window), Clipgenie survey window opened, new
window diverted to www.vegasfrontier.com, prompt 'download our FREE SOFTWARE
while surfing our site'. Prompt 'Click ok to download our free software while
browsing the site and take advantage of our Spectacular $225 bonus (Dragon Rouge
Casino pop up window), uninstall froze. Froze entire add/remove control panel.
Recommended Hotfix - 421701D (1.05 MB) prompt window 'This will change your
current browsing functions. Are you sure you wish to continue? Accessed internet
during removal.
Uninstall 180searchAssistant (connected to internet during uninstall), popup
uninstall window.
Additional cleanup steps
Used Giant to restore all IE default page settings. Nothing left in control
panel. Desktop Toolbar icon on desktop (damaged spyware install) remains.
Deleted manually.
Rebooted
Tests after
reboot
SearchEnhancement tried to reinstall (blocked using Giant Antispyware)
Numerous attempts to change search engine settings from IE defaults captured
(blocked using Giant Antispyware)
The following entries had reappeared in Control Panel (Add/Remove Programs):
BMSE dbl
IE Help
IEC System
SE Assistant
SE Help
Search Function
Malware favorites had not been removed.
Parasite detection script (http://inetexplorer.mvps.org/parasite.htm)
detected Transponder/BTGrab and ShopAtHomeSelect.
*****************************
Time to pull out
the big guns
*****************************
Before the uninstall processes listed above Adaware detected 4 processes, 7
modules, 116 registry keys, 332 registry values, 222 files and 24 folders:
After attempted uninstalls above Adaware scans detects 1 process, 54 registry
keys, 101 registry values, 88 files and 7 folders:
180Solutions(TAC index:8):4 total references
BargainBuddy(TAC index:8):47 total references
BookedSpace(TAC index:10):12 total references
ClipGenie(TAC index:4):1 total references
DownloadWare(TAC index:8):5 total references
ImIServer IEPlugin(TAC index:5):46 total references
MRU List(TAC index:0):60 total references
NetworkEssentials(TAC index:7):21 total references
Other(TAC index:5):13 total references
Rads01.Quadrogram(TAC index:6):1 total references
SahAgent(TAC index:9):20 total references
SCBAR(TAC index:3):39 total references
SurfSideKickBHO(TAC index:7):1 total references
Tracking Cookie(TAC index:3):32 total references
Winpup32(TAC index:6):1 total references
In short, IEPLUGIN's 'automatic removal' does not touch any of the extra
software that the Intelligent Explorer site installed. To add insult to
injury, the individual uninstall protocols for the spyware/adware/malware that
was installed with Intelligent Explorer were worthless.
It took a combination of AdAware, HijackThis, CWShredder, Giant Antispyware,
unhack.def, some specialised Windows process examination programs, and manual removal
(in safe mode) to get rid (I hope) of the malware. I also had to
manually empty my 'temp' files in various directories. A lot of the spyware in
question was installed to, and running from, temp file directories. Time
will tell if I have (finally) been successful after 4 hours of solid work.
HISTORICAL INSTALLATION EXPERIENCE
My curiosity about this product was first aroused after discovering that http://security.kolla.de/kbase.php?lang=en&sbi=spybots&kbase=ieplugin no longer exists and that http://www.doxdesk.com/parasite/IEPlugin.html has had all information removed while a "legal response to its [ieplugin's] manufacturers" is worked out [there's nothing like a hint of mystery to get the blood moving].
I installed "Intelligent Explorer" and downloaded it direct from http://www.ieplugin.com/. I ran various tests before and after the installation, and after 'automatic' removal as supplied at the same site, using several different products, including AdAware, HijackThis and BHOCop.
Installation:
The files involved (that I know of) are systb.dll, winobject.dll, wupdt.exe, winserv.exe (accesses internet), lycos.exe (accesses internet), bargains.exe (accesses internet), sidesearch1211.dll, apuc.dll. A massive system slowdown caused by the installation of "Intelligent Explorer" left my computer virtually un-useable. This system is a Intel Pentium III 804 MHz with 384MB RAM and a NVIDIA GeForce4 Ti 4200 - admittedly its not top of the range but it is certainly MORE than sufficient to run Outlook, FrontPage, Outlook Express and Internet Explorer at the same time - something that it was easily able to do before the install of "Intelligent Explorer" but which it was unable to do afterwards.
Both monitors flashed constantly, seemingly trying to reduce all programmes to the taskbar and expose the desktop (I run a dual monitor system). No matter what programme I was working in at any given time, something in the background was constantly stealing focus - I'd be typing an email, and suddenly the cursor was gone; I'd be editing this page in FrontPage, and suddenly the cursor was gone; I'd be trying to use the right click context menu in IE, but it kept disappearing. I couldn't even copy a URL from the addressbar because IE couldn't keep focus long enough to highlight the address with the cursor. The massive slowdown is bad enough but at least with patience things eventually happen... this flashing between programmes makes the computer virtually impossible to use unless you have a LOT of patience and run only one programme at a time.
New "Search" toolbar installed in the IE window.
Something called "Intelligent Desktop" (aka Onscreen Portal) was installed on (of course) my desktop. It couldn't be moved but could be turned off (my computer went completely haywire after I closed it - my monitors and both desktops kept flashing, with a grey space where the "Intelligent Desktop" should be on the main monitor).
Prompt window appeared titled "Add Item to Active Desktop" (which I don't even use) - this window was hidden for nearly all of my testing - text follows:
You have chosen to make this channel available offline and add it to your Active Desktop Interface (yadayadayada) Url: http://active.ieplugin.com/active.cdf
Lycos Sidepane shortcut on desktop (jeez, the monitor flashing is driving me up the WALL!! Forgive me if this analysis is not as detailed as it could be - I've GOT to get this cr*p off my system).
Home page settings seem to be unaffected.
The IE search pane took A VERY LONG TIME to open, but when it does the settings have been changed to a new search engine "IEPL".
Here is a (cleaned up) HijackThis log.
BHOCop detected (when I could finally get it to RUN, which took about 5 minutes!!!):
Intelligent Explorer plugin (systb.dll); Sidesearch BHO (sidesearch1211.dll); URL Catcher (apuc.dll).
Doxdesk parasite checker detected (available at link on top of page which I was FINALLY able to open IE and access my site) - its BLOODY HARD to edit this web page when FrontPage keep losing focus every 5 seconds or so!!!). I quote:
"Your browser appears to have the "BargainBuddy/Apuc" parasite installed. This software can present you with unwanted advertising and compromise your computer's security, and may invade your online privacy. It might have been installed without your knowledge. Information and removal instructions at (the system was flashing so badly I couldn't do a right click to copy the URL - had to copy type it - thank god for dual monitor systems)
http://www.doxdesk.com/parasite/BargainBuddy.html"
Add/Remove Programmes showed:
Bargain Buddy
Lycos Side Search
REMOVAL:
Removal instructions were originally at http://ww2.ieplugin.com/uninstall2.html. I have preserved those instructions, available HERE (if it were me, I'd stick to AdAware etc).
Other removal instructions can be found at http://www.ieplugin.com/uninstall2.html (as you will see below, their "uninstall" was a waste of time!!!!)
While we're on the subject of removal, you will see that 'manual' removal instructions are supplied at the above URL (preserved here), but you will also see that the instructions make no reference to the other files detected by AdAware and BHOCop - sidesearch1211.dll, apuc.dll, nor does it make any mention of bargains.exe or lycos.exe.
I attempted removal as per the URL http://www.ieplugin.com/uninstall2.html - I used the "click here to use automatic uninstall" option, allowed the uninstaller to download, saw the 'successful' dialogue, clicked ok and rebooted.
At first, IE would not work at all!!! That settled down though. A lot of stuff was NOT REMOVED. AdAware (jeez, what a mess it found) detected a stack of stuff even after I used the 'uninstaller' provided at the "Intelligent Explorer" website - it found 58 objects, 32 registry keys, 1 process, 10 registry value, 12 files, 3 folders (again, this is AFTER running the uninstaller) - (only 2 keys existed before I installed "Intelligent Explorer" - one for Alexa (which is harmless, being the 'related links' option native to Internet Explorer) and one for the Media Player playlist (which is not a problem) ).
Lycos SidePane shortcut on desktop was still there.
IE Toolbar was gone.
Search engine was still hijacked.
Pop-up windows were still happening.
AdAware found references to BargainBuddy, lmlserver, lycos sidesearch, hotbar. I accepted the option to remove all the leftovers, and my computer froze after AdAware had finished its business (y'know what's scary? I'm a pro - gawd help those who aren't "computer savy").
All the uninstall at http://www.ieplugin.com/uninstall2.html did was remove the search toolbar in IE. You will need to run AdAware to get rid of the junk left by the "uninstaller". Even though my system froze, AdAware has worked fine and cleaned up my system nicely EXCEPT for an active desktop synchronisation setting for the Intelligent Desktop "OnScreen Portal" which was not removed from Synchronisation Manager; it had to be removed manually.
As a side note, check out the terms of service for "IE Plugin" (quotes taken from the page preserved here):
"You grant to us
the right, exercisable by us until you uninstall the Software or this agreement
is otherwise terminated, to provide to you the Service of downloading and
causing to be displayed advertising material on your computer, through ‘pop-up’
or other display while you use your browser. You acknowledge and agree that
installation of the Software may automatically modify toolbars and other
settings of your browser. By installing the Software you agree to such
modifications."
"2. MINORS AND
CHILDREN. If you are thirteen years old or younger, you are prohibited from
downloading, registering, or using the Service. If laws in your country prohibit
you from entering into a valid and enforceable agreement with us because of your
age – in many countries, because you are under eighteen years of age - you are
prohibited from downloading, registering, or using the Service.
BY USING THE SERVICE, YOU WARRANT TO IEPL THAT YOU ARE ABOVE THE AGE OF THIRTEEN
AND ENTITLED TO ENTER INTO A VALID AND ENFORCEABLE AGREEMENT WITH US.
In addition, parents or guardians of children over the age of thirteen should be
aware that the Service is designed to appeal to a broad audience. Accordingly,
it is your responsibility to determine whether any portion of the Service is
inappropriate for your child.
3. CONSENT TO THIRD PARTY USE. You agree that it is your sole responsibility to inform all users of computer that you have caused the Software to reside on your computer and that you will obtain their consent to this agreement before allowing them to use the computer to connect to the internet
6. UPDATES. You
grant IEPL permission to add/remove features and/or functions to the Software
and/or Service, or to install new applications, at any time, in IEPL’s sole
discretion with or without your knowledge and/or interaction. You also grant
IEPL permission to make any changes to the Software and/or Service provided at
any time.
7. SERVER INTERACTION. You understand and accept that when the Software is
installed, it periodically communicates with server(s) operated by IEPL and/or
third party servers.
8. COLLECTION AND USE OF YOUR PERSONAL INFORMATION AND YOUR PRIVACY CONSENT. You understand and grant IEPL permission to assign a unique software identify code to your copy of the Software. You also grant IEPL permission to collect and store information of your internet usage habit, including but not limited to information about every web page you view with the full Uniform Resource Locators, and the content of web page. You understand and accept that Uniform Resource Locators and the content of web pages you view may include your personally identifiable information. You grant IEPL permission to collect and store information on which toolbar buttons you click on, your response to advertising, the search terms you entered on the toolbar and/or all other information relates to your internet usage habit. IEPL may at times ask you for your personally identifiable information, such as name, address, email address, postal/zip code, and telephone number. You hereby grant IEPL permission to store such information in a separate database. You hereby grant IEPL permission to distribute your non personally identifiable information, to the extent permitted by law, to our partners, agents, and/or any third party in IEPL's sole discretion. IEPL does not currently enable users to access, review, edit, or delete information, including internet usage information, collected during use of the Service. By using the IEPL Software and/or Service you agree, to the extent permitted by law, to waive any constitutional, common law, statutory, or regulatory right of access to such information that you might otherwise have or acquire. If you have any further queries relating to our Privacy Policy, or you have a problem or complaint, please contact us by e-mailing us at privacy@ieplugin.com.