Copyright © 1999 - 2006, Sandra Hardmeier, All Rights Reserved Worldwide
Last updated 20/08/2006

I think this must be one of the WORST programmes around for spyware, hijackware, foistware and viruses/trojans etc.

http://www.wired.com/news/business/0,1367,61852,00.html?tw=wn_story_related
"Forty-five percent of the executable files downloaded through Kazaa, the most popular file-sharing program, contain malicious code like viruses and Trojan horses, according to a new study..."

Viruses spread via Kazaa:
Go to http://www3.ca.com/virusinfo/search.aspx and do a search for Kazaa...as at 15 February 2004, 103 items were found.

The infamous MyDoom virus was, reputedly, released into the wild using Kazaa and became the fastest spreading virus yet.

Many users are dumping the original Kazaa because of spyware, and moving to KazaaLite, but that does *not* stop the trojan/virus problem.

Iexplore.exe has generated errors and must be shut down
-or-

Invalid Page Fault
You may also receive one or more of the following error messages when you try to connect to a Web site:
Could not open the search page
Page could not be displayed
Page can not be displayed
DNS error
http://support.microsoft.com?scid=kb;EN-US;Q826718

Kazaa has encountered a problem and needs to close..:
http://support.microsoft.com?scid=kb;EN-US;Q324047

Kazaa.exe has encountered a problem and needs to close. We are sorry for the inconvenience:
http://support.microsoft.com?scid=kb;EN-US;Q318921

Dlder.exe (Advertising)
Noted as a trojan by some antivirus programmes (W32.DlDer.Trojan), this little nasty tracks your web surfing *and* uploads this information to a website (now apparently shut down).  It can also download *and activate* exe files (programmes).  You can expect to find a file called explorer.exe in your ..\windows\system or ..\windows\explorer file (note that a legitimate Windows file is also called explorer.exe, but that is in ..\windows

Description of the win32.dlder spyware trojan program:
http://support.microsoft.com?scid=kb;EN-US;Q317013

Other malware installed by Kazaa has/does include the following:

Cydoor (Advertising)

PgMonitor
pgmonitr caused an error in pgsdk.dll - delete  via Add/Remove Programmes.

Delfin Media Viewer
"DelFin Media Viewer delivers advanced "TV-like" rich-media entertainment free during "latent times". Latent times are the unavoidable times you are captive and waiting for a computer to dial-up and connect to the Internet. DelFin Media Viewer fills this void with targeted, personalized rich media entertainment in the form of movie trailers, music, music videos, TV shorts and game previews." - delete via Add/Remove Programmes.

The privacy policy says:

"DELFIN’s Ad Agents: DELFIN may use agents to sell and serve ads in connection with the PromulGate Service and to help DELFIN track your Internet activities. As part of the advertising process connected to PromulGate, DELFIN provides ad agents with a unique anonymous identifier for each PromulGate user, and other anonymous information, including information generated during the member’s use of DELFIN’s PromulGate service and DELFIN Web Sites. DELFIN or its agent(s) will use such information and other anonymous user information, including the users’ click stream data, to enable DELFIN agent(s) to serve relevant advertisements and marketing messages to members on the PromulGate Service." (http://www.delfinproject.com/privacy/privacy.html)

Fastseeker toolbar

 

Dw.exe (DiskWare)

Causes invalid page faults.... remove via Add/Remove Programmes.

 

Save Now programme

Causes invalid page faults in IE (kernel32). Remove via add/remove programmes.

 

"SaveNow downloads a small list of promotional websites to your computer. It uses this list to show you offers for products you may be searching for at that time. For example, if you browse to Amazon.com, you may be searching for a book to buy. SaveNow may be aware of a bookstore where you can get a better deal and will show you this when you go to Amazon.com without interrupting your explicit browsing. [This is an example only and Amazon is not necessarily a customer of SaveNow]"

 

"SaveNow's information and offers are provided to users by showing a limited number of relevant coupons and ads in the form of interstitials ("pop-up ads") and other ad formats." (http://www.whenu.com/about_savenow.html)

 

(Updated 14 July 2002).  Thanks to Robert Aldwinckle who referred me to the following URL about dw.exe - what a NASTY piece of work the software is:

 

DownloadWare

http://and.doxdesk.com/parasite/DownloadWare.html

 

The page no longer exists, but some choice quotes included:

 

"...The EULA, when found, claims that it may clash with various other software and so if it finds any it will remove it. (!)..."

 

"...As well as removing DownloadWare you should check your system for other things it has installed and get rid of them too..."

 

 

Hot Text, Top Text, Ezula, ContextPro

...Yellow underlining on web pages...

 

It can be removed via Control Panel, add/remove programmes.  Search for "eZula-README.html" on your computer.  This file contains information from Kazaa about the ...service.

 

Causes the error:

Explorer caused an invalid page fault in EABH.DLL

 

Removal instructions can be found here:

http://www.whirlywiryweb.com/removeezula.htm

http://ezula.com/TopText/Help.asp#7

 

Bdeview.exe (Advertising)

 

Ctbclick.exe (information here)

 

CommonName toolbar plug-in (information here) and here

 

The error noted below is known to be caused by the toolbar plug-in.  Uninstall it.

 

Microsoft Visual C++ Runtime Library
runtime error
Program C:\Program Files\Internet Explorer\
IExplorer.Exe
Abnormal Program Termination
 

It seems the CommonName browser bar can be installed independently of Kazaa (thanks Jon Kennedy and Ian Phillips).  Advice on how to get rid of the toolbar can be found here:

http://www.commonname.com/english/ug/toolbar/default.asp?idx=10#4
 

(April 2002).  Have a look at these links:

 

Brilliant Digital software installed with Kazaa

http://news.com.com/2100-1023-875016.html

 

"...Two days after disclosures that file-swappers using Kazaa were unwittingly downloading software that could turn their computers into part of a new network, Kazaa's owner spoke up to defend the company's actions.


As previously reported, Kazaa quietly has been bundled for two months with software that contains the core of a new peer-to-peer network. This software, from a California company called Brilliant Digital Entertainment, has been installed on potentially tens of millions of computers. Brilliant Digital plans to "turn on" this software in four to six weeks, tapping the resources of potentially tens of millions of ordinary PCs to distribute content or advertising or to run complicated computer tasks...."
http://news.com.com/2100-1023-873181.html

 

"...Brilliant Digital Entertainment, a California-based digital advertising technology company, has been distributing its 3D ad technology along with the Kazaa software since late last fall. But in a federal securities filing Monday, the company revealed it also has been installing more ambitious technology that could turn every computer running Kazaa into a node in a new network controlled by Brilliant Digital.

The company plans to wake up the millions of computers that have installed its software in as soon as four weeks. It plans to use the machines--with their owners' permission--to host and distribute other companies' content, such as advertising or music. Alternatively, it might borrow people's unused processing power to help with other companies' complicated computing tasks...."

 

and

http://news.com.com/2102-1023-875274.html

 

A treatise on the potential uses of the Brilliant Software:

http://www.cs.berkeley.edu/~nweaver/0wn2.html

 

Uninstall instructions for the Brilliant Digital Entertainment software

http://news.com.com/2100-1023-875274.html

 

Just in case the page is removed, I have preserved the text of the instructions at this link